Warning: Stolen domains.
Several premium numeric and three letter .com domains have been stolen from eNom accounts, and were moved to GoDaddy.
According to their owner, when these domains were acquired in the past, they were assigned individual passwords via the access.enom.com reseller portal.
Somehow, a Chinese domain thief managed to guess those allegedly ‘easy‘ passwords and transferred them away.
The method used raises questions about potential issues with domain security at eNom’s reselling portal.
The domains that have been reported as stolen are:
- 495.com
- 9985.com
- 8870.com
- 8832.com
- ZRP.com
- WMR.com
- C5.net
- XY.net
Currently, all of these stolen domains display the following WHOIS information:
Registry Registrant ID:
Registrant Name: HAO REN
Registrant Organization: –
Registrant Street: ZHENDEHAO
Registrant City: REN
Registrant State/Province:
Registrant Postal Code: 421178
Registrant Country: China
Registrant Phone: +1.745434534
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: WOMENAINI678@GMAIL.COM
The proliferation of domain theft this year by Chinese thieves is a hot topic; we have asked domain investors from China to stop supporting domain registrars that make life easier for thieves to dispose of stolen domains on their venues.
Registrant HAO REN means “good person”
Registrant Street ZHENDEHAO means “no kidding, good”
Registrant Email WOMENAINI means “we love you”
Altogether, this means the thief is an asshole.
“Altogether, this means the thief is an asshole.”
You can say that again, Simon 😀
The thief is dumb as well, good chance godaddy does the right thing, and freezes them as they would now be on a 60 day lock.
Does enom limit the amount of attempts to guess the password?
And, notify the account owner by email (or text) that the account has been temporarily locked down due to password guessing.
I don’t understand why registrars do not offer the capability to see all of the most recent logins and the IP.
It would be a good tool to see if the domain owner is under attack.
Even gmail offers that tool.
All the registrars have no interest in assisting domain owners in recovering hijacked/stolen…
You can add 347.com to the list…stolen from eNom. Unlocked, epp sent, and transferred within about 24 hours, which shows that something is probably wrong with the process.
Thanks Andrew. This one was moved to Ename, a haven for stolen domain names.
Every theft in this business is traceable by authorities who can prevent it. It is super obvious that these are stolen names. It is just not right if the thief succeeds in selling any of those names to unwitting buyers. He is in deep s**t anyway – he has not yet realized that his execution is pending…
On Dec 1 my domain names have been stolen from GoDaddy.com
61.ORG
35.ORG
14829.COM
18314.COM
44542.COM
44742.COM
44942.COM
69245.COM
74481.COM
74490.COM
74707.COM
83034.COM
90492.COM
97066.COM
The domain names were transferred via Spam email on Dec 1. I have filed a formal complains with diffrerent department including ICANN and FBI, but so far nothing have been resolved. It was an email with title: “New GoDaddy Phishing Email: “Immediate Verification Required
Alex…
I had a domain stolen from eNom a few years ago now, using access.enom.com. If I recall correctly, you cannot get the auth code or unlock the domain from there. To do these things, the thief had to call into eNom to request they unlocked the domain and provide the auth code. I don’t know what eNom’s security is like for these kinds of phonecalls, but it used to be, if you knew the domain password, they would give you the information and take your instructions over the phone. No verification.
On November 17, 2014, My 3 three character .com domain names have been stolen from my Godaddy account and transferred to ename and put them on the auction. I reported to Godaddy immediately about it including they were on the auction at that moment. I’m not sure about Godaddy’s effort to freeze the auction. However, unfortunately, all the domain names have been sold to two different registrants on 48hrs auction at the new registrar’s (ename) website.
List of DNs
1- 8TM.COM
2- 2BZ.COM
3-…
Sorry, the third name is not showing above:
3- 4ZD.COM
The last email I got from Godaddy about a week ago says, ename refused to transfer back the domain names to Godaddy but they said they are going to try other options to transfer the domain names back to my account.
Any advise or suggestion will be greatly appreciated.
Does anyone had their domain names stolen from GoDaddy account and actually returned back to them? I would also really appreciate any serious advise, since as time goes by the chances of getting those valuable domain names back are less and less.
Please advise,
My domain names are also at EName.com ICANN should start doing something about this registrar.
Alex Kogan
HeavenDomains.com
Alex – Yes. at least one that I’m aware of: http://domaingang.com/domain-news/update-stolen-domain-lightly-com-recovered/