Attempted Theft of Domains

[strongvis]

Heres the name of a guy who tried stealing all my domains by obtaining my old email address and trying to transfer the domains from namescout.com

josephsahib@yahoo.com

Joseph Sahib
197 E. Brooklyn Ave
Lansing, MI
48909
810-788-8181

Just a little friendly tidbit of info

[ObtainADomain]

How did you stop him from succeeding?

[strongvis]

namescout locked down the account and i switched the passwords as soon as I saw something was up.

[Banned: timechange.com]

That's why one should not use free email addresses for contacts.

[strongvis]

i didnt timechange. I had registered this set of domains and used an old email address and mistakenly let the domain name drop before I changed the contact info. That's how the theives got access to my account.

Stupid on their part for not changing the passwords too. They changed all the other contact info on the domains.

[WildCard]

Have you called the guy?

I can't believe a guy smart enough to find your names, find that the contact email address you had listed was on a domain that expired, he registered that domain and attempted to transfer domains.

Just think, he could have transferred them away, kept the name servers the same so you wouldn't have known it, just let some time pass and then move them again or just sell them.

You got lucky.
-WC-

[Nexus]

Good for you strongvis. Wildcard is right, lucky! Sometimes these guys are just playing games to see if they CAN, meanwhile deciding if they want to go through with it.

On that topic, here's something I'd like to shine a spotlight on, you guys tell me if this smells right. I was looking to snap the name DOMAINMALL.COM as the current registrant at the time had let it expired. The name officially expired on 17-Oct-2002.

I called Verisign to see what was up (basically to rattle the cage) and they told me to cool my heels. As far as they were concerned, "internally" the address would expire a year from now ( 17-Oct-2003 ). This "internal" date was of course the automatic renewal date expired names are set to and not an official "renewal" from the registrant. If you go to Internic's whois, its the date set there, but not in the whois.

Undaunted, I snapped it, and forgot about it. SnapName's dutifully set me this notice about it having "expired":

SnapNames has detected that the registration for the domain
name:
domainmall.com
has expired.

I use Watch My Domains Professional, and had recorded the whois record at the time for my records.

DENNINGTON SALES AND MARKETING LTD (DOMAINMALL-DOM)
43 Elizabeth Avenue
NASSAU, BAHAMAS -
BS

Domain Name: DOMAINMALL.COM

Administrative Contact:
DENNINGTON SALES AND MARKETING LTD (DS2952-ORG) dennington@mail.nu
DENNINGTON SALES AND MARKETING LTD
43 Elizabeth Avenue
NASSAU, BAHAMAS -
BS
INT+46 73 6124348 fax: INT+1 208 730 4669
Technical Contact:
Vegasys, Registry (VR651-ORG) registry@VEGASYS.NET
IIG AB
Box 5274
Karlstad
SE
+46 54 15 63 00
Fax- +46 54 15 70 90

Record expires on 17-Oct-2002.
Record created on 16-Oct-1996.
Database last updated on 7-Feb-2003 21:41:09 EST.

Domain servers in listed order:
NS-01.CARAMBOLE.COM 213.180.68.130
NS-02.CARAMBOLE.COM 213.180.68.131
NS-03.CARAMBOLE.COM 213.180.65.27
NS-04.CARAMBOLE.COM 213.180.65.28

At one point, I was switching my SnapNames around, and while I had my snap "off" of DomainMall.com, someone else snapped it. Ouch. My mistake, but I decided I'd contact the current registrant to see what was up with the name and make an offer. No response. In fact "dennington@mail.nu" bounced back to me!

----- The following addresses had permanent fatal errors -----
<dennington@mail.nu>
----- Transcript of session follows -----
... while talking to sitemail2.everyone.net.:
>>> RCPT To:<dennington@mail.nu>

Interesting that mail.nu was run through Everyone.net's service.

I kept watching it though, and recently, something strange happened. Without being renewed or otherwise altered, all the REGISTRANT and contact information changed!

Bo Redin (DOMAINMALL-DOM)
Box 80
Borlange
SE

Domain Name: DOMAINMALL.COM

Administrative Contact, Technical Contact:
Bo Redin (YSRNLPHJUO) botorstenredin@yahoo.com
Bo Redin
Box 80
Borlange
SE
+46-70-5920100

Record expires on 17-Oct-2002.
Record created on 16-Oct-1996.
Database last updated on 1-Mar-2003 22:07:44 EST.

Domain servers in listed order:
NS-01.CARAMBOLE.COM 213.180.68.130
NS-02.CARAMBOLE.COM 213.180.68.131
NS-03.CARAMBOLE.COM 213.180.65.27
NS-04.CARAMBOLE.COM 213.180.65.28

Might be perfectly legit, but given the combination of circumstances I'm suspicious (if the Everyone.net Mail.ru runner is not scrupulous, I'm sure they could have arranged something.) DomainMall.com is registered through Network Solutions. If I were the owner, rather than just change all my information (for whatever reason, sale, whatever) the FIRST thing I'd do is RENEW the thing.

Well, here's me posting these findings somewhere at least. Dennington Sales and Marketing LTD apparently runs a website called DateNews.com. The contact information there worked, but they've either chosen to ignore me, or no one is reading their mail.

I feel like Fox Mulder now. Hmph.

~ Nexus

[strongvis]

Yeah i got real lucky guys that's why I'm posting. this guy obviously learned from his mistakes and is bound to screw the next vicitim MUCH worse.

[dtobias]

The lesson for everybody is... always be sure to keep the contact info in your domain records up to date!

[cluelessdomainer]

is that guy John Biondio stealing names again?

[draqon]

why dont you tell us, you're the one with a friend who seems to know all about it.

Originally posted by cluelessdomainer
is that guy John Biondio stealing names again?

[Banned: timechange.com]

That was an old thread but nevertheless very interesting