Dan.com

alert Stolen Four Letter Names

Dynadot Dynadot

jberryhill

Top Member
John Berryhill, Ph.d., Esq.
Impact
5,824
The following names were stolen from a GoDaddy customer:

wumz.com
fexz.com
cclw.com
yded.com
clcy.com
kdtx.com
wohp.com
ubve.com

The names interactivebrain.com and cloneclothing.com appear also to have followed similar unauthorized transfer patterns.

The same person attempted a theft of qauf.com, but the intended victim caught the transfer email in time to stop it.
 
33 0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.

BrandMart

Randomhiker.comTop Contributor
Impact
1,505
How can a stranger get access to GoDaddy accounts and steal domains? I wonder what's missing here :unsure:
 

creataweb

Some Guy with Awesome Senior High School PhotoTop Contributor
Impact
7,468

BrandMart

Randomhiker.comTop Contributor
Impact
1,505
Hacking their account...
General idea. But don't they need access to the registered email id to get the password reset emails so the account can be accessed?
 

jberryhill

Top Member
John Berryhill, Ph.d., Esq.
Impact
5,824
But don't they need access to the registered email id to get the password reset emails so the account can be accessed?

Yes. And things like infrequently-monitored email accounts or legacy accounts from providers like earthlink.net are prime pickings.

Another attack vector is to hope to lose the transfer and account recovery emails in a wave of spam.
 

jberryhill

Top Member
John Berryhill, Ph.d., Esq.
Impact
5,824
Surely the original user can just get the domains back?

That's often easier said that done. If someone compromises your email and gets access to your domain registrar account, then the next step is to move the domain names to another registrar, change the registrant, and then launder the domain names through such mechanisms as selling them cheaply to an unsuspecting purchaser.

To unwind these things where there have been intervening registrar transfers requires a considerable amount of cooperation among the registrars through which stolen names have been transferred.
 

BrandMart

Randomhiker.comTop Contributor
Impact
1,505
Yes. And things like infrequently-monitored email accounts or legacy accounts from providers like earthlink.net are prime pickings.

Another attack vector is to hope to lose the transfer and account recovery emails in a wave of spam.
I am pretty amazed that owners of 4l.coms don't bother to have a regularly monitered and more secure email id and 2FA activated.
 

DNWon

eCommerce Branding SpecialistTop Contributor
Impact
6,562
Everybody do yourself a favor and change your Whois associated email addresses password right now!

Go ahead I'll wait!
 
Impact
425
Just saw a news report the other day that there has been an up-tick of email hacks. This time, the hackers are more sophisticated, they waited for the right moment to strike.

The example on the news was a home buyer was send a fake change of bank wiring instruction during the closing. The deposit was wired to the hacker's account, the buyer lost $50,000.

Here are some my suggestions:

Do not re-use passwords. Ideally use different passwords for each website.
Do not click on that suspicious link in email! Check it first
Use Multi-Factor Authentication, such as Google Authenticator.
Use different email address for your whois record from your account email.
 
Impact
31,366
The following names were stolen from a GoDaddy customer:
kdtx.com
wohp.com
ubve.com
.

I notice that the last of these is currently listed for sale at BrandBucket. I would have thought they would take it down until ownership clarified?
 

MapleDots

Account Closed (Requested)
Impact
13,123
My piece of advice is to use a business email address in for whois as in

[email protected]

This way the person doing the hacking does not know who your email carrier is.
It's harder to hack a gmail account when you're using outlook :xf.laugh:

Most business email will use a carrier like google apps etc but like I said.... make it as hard as possible.

I use 2-factor with godaddy and 2-factor with my email and I monitor both every day for activity.
 
I bought ubve.com and wohp.com back in December 2017 from @AlejandroGarcia and then flipped them.
@AlejandroGarcia - where did you purchase ubve and wohp from?
 

alcy

Restricted (15-30%)
Impact
34,619
i am far from an expert on internet networking and such, but each time I login to certain sites.. I think google email is particularly sensitive to this... and my internet modem has different ip address.. due to netowkr reset or my own poweroff.. google asks me for extra authorizations..

why wouldn't registrars implement such a thing? of course it wouldn't be bulletproof, but in the very least when the ip address is different.. or in very least it does not correspond to account owners country/city/province, then this would trigger some alerts.. verifications.. again, this wouldn't be bulletproof.. but at this point, any extra triggers and info can be potentially life saving for the true owner of account
 
Last edited:

Ace3coiner

Top Contributor
Impact
2,914
Thanks for coming forward. Let’s help trace things back and hopefully we’ll get to the bottom of the hacks.
 

jberryhill

Top Member
John Berryhill, Ph.d., Esq.
Impact
5,824
I bought ubve.com and wohp.com back in December 2017 from @AlejandroGarcia and then flipped them.
@AlejandroGarcia - where did you purchase ubve and wohp from?

If you get answers to those questions, let me know.

Uniregistry is also looking for some answers from him.
 
Impact
11,278
This is bad news for the people who get stuck holding these hot potatoes. Another CQD scenario.

Those 4L's, look like they already had like 3-4 different owners. That is the life of low level 4L's, they just get whored from one domainer to another, hoping a little lipstick will attract the right buyer.
 
Last edited:
why wouldn't registrars implement such a thing? of course it wouldn't be bulletproof, but in the very least when the ip address is different.. or in very least it does not correspond to account owners country/city/province, then this would trigger some alerts.. verifications.. again, this wouldn't be bulletproof.. but at this point, any extra triggers and info can be potentially life saving for the true owner of account

I typically don't self-promote but this is a topic close to me, but at easyDNS not only can you enable 2FA, you can implement a variety of ACLs and even limit by country code, so you could say any logins from outside your home country would trigger additional 2FA. I'm not aware of any other registrar that offers this.
 

marijuanadomain

Restricted (15-30%)
Impact
488
My 4 L domains got stolen too from this gal in China and I am still in contact with her. She stole my BullShitWebsites. com too and I told her go ahead and build the site . She later realized that I can traced her and have my people in her city on her.
She later transferred the bullshitwebsites.com to me but she is trying to blackmail me by giving her my gxnx.com and and she will transfer the rest.
She knows that she can’t sell the stolen domains and she is stuck paying the renewal fees.

************************
These are the email addresses she use
<[email protected]>,
<[email protected]>

**************************************************************
JKEB.COM–stolen
JUJG.COM–stolen
SKQK.COM–stolen
WHUJ.COM–stolen
ZKWI.COM –stolen
ZVKV.COM–stolen
 
Last edited:

marijuanadomain

Restricted (15-30%)
Impact
488
stolen-domain-warning.gif

Warning: Stolen domain.

BullShitWebsites.com, the domain of investor Chris Goh, has been stolen.

The active domainer who often comments on blogs using the “BullS” moniker, contacted us about this unfortunate situation.

“… found out that someone from China stole my BullShitWebsites.com doman plus some of my 4l at hostgator account.

Working with hostgator to get them back.”

It appears that the Chinese domain thief targeted the LLLL .com domains in Chris Goh’s account.

The web site BullShitWebsites.com is active, but the WHOIS information was changed a week ago to the following:

Registrant Name: YU shi bao
Registrant Organization: None
Registrant Street: 685 66th ch TJ
Registrant City: tianjin
Registrant State/Province: WA
Registrant Postal Code: 100200
Registrant Country: CN
Registrant Phone: +86.18277136521
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

The following domains from Chris’s account has also been stolen, although the thief has not changed the WHOIS info, according to Chris:

ihyh.com
jkeb.com
jujg.com
skqk.com
vhvk.com
vwuj.com
whuj.com
zdwg.com
zkwi.com
zkwi.com
zvkv.com

Copyright DomainGang.com: http://domaingang.com/domain-crime/alert-bullshitwebsites-com-has-been-stolen/
 

jberryhill

Top Member
John Berryhill, Ph.d., Esq.
Impact
5,824
Why all thief is the chinese man

In the case of this thread, the domain names appear to have been stolen by a person in Mexico.
 
Impact
11,278
In the case of this thread, the domain names appear to have been stolen by a person in Mexico.
Are you saying @AlejandroGarcia stole these domains, and then tried to sell them off as low as $20 on namepros, I have done business with him way back on that other forum, and namepros, always found him to be an honest person. He has been a member of namepros for over a decade, really seems out of line for him, those names aren't even that good for someone to burn their reputation over them. Maybe others can weigh in also. I think you need to dig deeper, on where he got them from.
 
Last edited: