alert Stolen Names

[jberryhill]

The following names have been stolen from Name.com and moved to Namecheap:

AAO .com PL .com W3 .com LAS. com TKM .com HKE .com HHT .com WBN .com KVL .com IJA .com LVL .com

 

[Bob Hawkes]

Thanks for the heads-up @jberryhill, and all of the useful information @jberryhill and @bhartzer. I learned a number of useful tips from this thread.

So I checked a few from the list on Namecheap Whois and they are showing the DNS at Name nameservers but name registered at Namecheap. They have Client Hold, which I take it means that they can't be used or moved until the situation is resolved, so hopefully the ending will be happy on this one.

Is there an automated list that goes to the marketplaces when claims are made that a name has been stolen so that any for sale listings can be put on hold?

I see at least one of the names goes to a Chinese lander, but with message it does not have the appropriate Chinese authorization certificate.

-Bob

 

[jberryhill]

Is there an automated list that goes to the marketplaces when claims are made that a name has been stolen so that any for sale listings can be put on hold?

Wouldn't that be great. I did put the word out with some of the folks I know in the Chinese domain name investment community to spread the word there.

 

[bhartzer]

Good points. Thank you.

I wonder if there would be a less public way that might work even better. Would it be possible to have a registrar place a TXT code on a domain name that had been claimed to be stolen – not something obvious. The marketplaces could then daily check their names looking for this TXT code. If found the name could be put into a holding pattern, and periodically check again. Someone buying a name privately could similarly check. Of course would only work if registrars agreed, or were told by ICANN, to implement it, and if all marketplaces checked their stock daily.

I realize the Hold status sort of achieves the same thing, so perhaps nothing new is needed (except all marketplaces checking).

-Bob

I get where you're going with this, but anyone who has access to the domain can just edit the DNS and remove that TXT record. So probably wouldn't work.
Keep in mind that a lot of domains that are stolen actually end up staying at the same registrar. For example, a domain owner gives their 'web designer' access to their registrar account, and the web designer moves the domain to their account at the registrar, stealing the domain. A lot of stolen domains are issues that the registrar should deal with.

 

[Tatiana_B]

By the way, in 2014, the name.com did the same as this year. Then people who had documents issued on the Crimean peninsula in Ukraine were injured. which was squeezed out by Russia. I think clearly how safe they are.

is it possible to somehow return my domains or compensation?

I am a citizen of Ukraine and my house was occupied but I left Mariupol and am in the Dnipropetrovsk region

 

[biggie]

It's just one of many prizes obtained in the broader general compromise of the hosting comapny and then sold to someone looking for that sort of thing.

Hi

or... it was made to "look like" that, so that it would appear as a random prize.

in the movie "The Shooter" the suspect shot several random people outside a building, just to kill a particular person.

even though what you said may be the case, that movie came to mind when i read your post

still, really hope you recover the names and... possibly find out who the culprit is.

imo...

 

[tonyk2000]

I believe a more likely scenario in this instance is a general compromise of the hosting company, and that access to the email address was a bonus that was sold off along with other bounty obtained in the compromise.

John, can you share the name of this hosting company? NP members may also have accounts with that company, so the information is important... to change passwords etc. at least...

 

[tonyk2000]

name.com - Safe, yeah

Tatiana, did I read this correctly - your name.com domains somehow ended up on NameCheap, which is in fact operated from Ukraine (and probably UA-owned) by the way, as the result of sanctions? I don't get it...

What an interesting coincidence with this stolen domains thread.

 

[alcy]

makes one wonder what well known domainer does on 2nd rate registrar name.com

 

[tonyk2000]

Just take one of the names in that list and look up the DNS history (I like to use DNS Trails for that). You'll easily be able to see where they were hosted, and what DNS changes occurred when.

Yeah. Posting the name in clear text may not be good idea, as there is no definite proof. Maybe somehow еnc\r/ypting it to avoid search engines... I see one (large and known) hosting company. I also see that the domain Gregg used for public whois email (and possibly for general contacts), which is not in the list of stolen domains but is also namechep-regged at this time, - it used another, lets say, e-mail service. Not from the hosting company where stolen 3L coms were hosted. And that last finding is, actually, alarming - I do not like what I found...

 

[Bob Hawkes]

So while publicizing such a list (of stolen domain names) sounds like a good idea, I think it's actually rare that a domain owner wants people to know that their domains or domain name was stolen.

Good points. Thank you.

I wonder if there would be a less public way that might work even better. Would it be possible to have a registrar place a TXT code on a domain name that had been claimed to be stolen – not something obvious. The marketplaces could then daily check their names looking for this TXT code. If found the name could be put into a holding pattern, and periodically check again. Someone buying a name privately could similarly check. Of course would only work if registrars agreed, or were told by ICANN, to implement it, and if all marketplaces checked their stock daily.

I realize the Hold status sort of achieves the same thing, so perhaps nothing new is needed (except all marketplaces checking).

-Bob

 

[Bob Hawkes]

Thanks for reply @bhartzer

I get where you're going with this, but anyone who has access to the domain can just edit the DNS and remove that TXT record. So probably wouldn't work.

I guess I had assumed, perhaps erroneously, that when they get a report that a domain name is alleged to be stolen the registrar locks it against transfer or changes, including TXT file or DNS changes, but I guess that is not the case with most registrars? If true not locked against TXT changes, I agree it would not work.
-Bob

 

[Mytz.com]

all good name