legal Domains Stolen: 495.com 9985.com 8870.com 8832.com, Etc.

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
Hello Members.

It seems the following and maybe other domain (I update here) has just been stolen from our enom.com account by some Chineese guy, i.e. they were pushed to other enom account "
womenaini678" and then transfered to Godaddy.

Here they are the stolen domains:

495.com
9985.com
8870.com
8832.com
zrp.com

and maybe others, I'll update here. Please do not buy domains from this guy.

current whois details at Godaddy are as follows:

Registry Registrant ID:
Registrant Name: HAO REN
Registrant Organization: -
Registrant Street: ZHENDEHAO
Registrant City: REN
Registrant State/Province:
Registrant Postal Code: 421178
Registrant Country: China
Registrant Phone: +1.745434534
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: WOMENAINI678@GMAIL.COM

so the domains are probably still at the same guy who stolen them.

I appreciate your help and advice to get the domains back, thanks.

Regards,

-Vano
 

airmax

Level 6
Joined
Dec 17, 2009
Messages
632
Reaction score
105
Feedback: 75 / 0 / 0
Enom again... Seriously is there a security hole or what ? Those are some high dollar names, how are these accounts getting penetrated, should users be concerned?
 

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
Update: the folowing has been stolen either:

wmr.com
c5.net
xy.net

I am now tring to get in contact with enom/godaddy to lock these domains

-Vano
 

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
Both eNom and Godaddy have been contacted, let see what they say.

-Vano
 

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
Update 2: It seems we managed to find out how that all happened.

Most likely we had OK protection for the main account at eNom, i.e. a strong enough password, no malware on PC, etc.

However, we probably forgot about a single domain passwords, or whatever they call those passwords that are assigned to each domain.


We bought the mentioned domains from other guys and domain auctions (all about a year and more ago) and all the domains were originally at eNom and thus they were free-pushed to our enom account.


We did not realise that at eNom the single domain passwords might be passed to the destination account when the domain is free-pushed.

So, it seems we passed some easy-to-guess single domain passwords for each of the mentioned domains when we pushed the domains to our enom account, and the thiefs could guess those passwords via access.enom.com, than they changed whois and pushed domains to another enom.com account, and then they immediately transferred to Godaddy.

(it seems everything were completed within few min-hours)


Rhetorical Questions:

1). why enom.com did not put their 7 days hold between push to other account and transfer to other registrar?

2). is access.enom.com protected against password guessing attack?


Unfortunately, no meaningful updates from enom/godaddy so far..


Regards,

-Vano
 

domainoid

Level 6
Joined
Feb 11, 2010
Messages
524
Reaction score
71
Feedback: 2 / 0 / 0
We did not realise that at eNom the single domain passwords might be passed to the destination account when the domain is free-pushed.

So, it seems we passed some easy-to-guess single domain passwords for each of the mentioned domains when we pushed the domains to our enom account, and the thiefs could guess those passwords via access.enom.com, than they changed whois and pushed domains to another enom.com account, and then they immediately transferred to Godaddy.
just cannot believe enom is again the registrar that lost the domains. who enforces security at enom? again the stolen domains were taken to godaddy .
 

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
according to my reading and investigation it looks like enom->godaddy is a popular thief scheme..

-Vano
 

katherine

Country hopper
Joined
Jul 9, 2005
Messages
8,428
Reaction score
1,289
Feedback: 65 / 0 / 0
...
However, we probably forgot about a single domain passwords, or whatever they call those passwords that are assigned to each domain.

We bought the mentioned domains from other guys and domain auctions (all about a year and more ago) and all the domains were originally at eNom and thus they were free-pushed to our enom account.

We did not realise that at eNom the single domain passwords might be passed to the destination account when the domain is free-pushed.
...
Bingo.
It is an old security issue at Enom, that few people are aware of.
 

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
Thanks, Theo! And it seems I have already done.

I emailed Bari, and she forwarded the details to eNom guys to the proper dept.

However, there is still no any meaningful reply from eNom side. That's very disappointing..


-Vano
 

Theo

Level 20
Joined
Feb 28, 2004
Messages
30,304
Reaction score
2,184
Feedback: 723 / 0 / 0
Vano, I am very familiar with this issue of 'non response'. Unfortunately, once domains get stolen one needs to pursue their return aggressively, often involving lawyers. This is not good news for regular domain owners.
 

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
So, you'd advice just to go and hire a lawyer and not to bother trying to get any meaningful reply from eNom via regular means?

-Vano
 

domainoid

Level 6
Joined
Feb 11, 2010
Messages
524
Reaction score
71
Feedback: 2 / 0 / 0
ename.cn is quite popular as destination of stolen domains just as godaddy still is. stolen names from enom often go to ename.cn which seems to me is favorite route today of chinese scammers.
 

vano

Level 3
Joined
Feb 20, 2003
Messages
89
Reaction score
4
Feedback: 6 / 0 / 0
Update 3: the stolen domains have been returned back to the rightful owner.

Finally, we managed to get the stolen domains back, so starting from this point of time the mentioned below domains belong to the rightful (original) owner again.

495.com
8832.com
8870.com
9985.com
zrp.com
wmr.com
c5.net
xy.net

That was quite a long process of Domain Transfer dispute that involved working with eNom and Godaddy to have them recognize the fact of domains theft and to have them agree to initiate a transfer back.

So, the domains are finally back, please consider this case to be closed.

Thanks everybody for the assistence!


PS. It seems few members of the forums posted the warning regarding this issue to their domain related blogs. I'd really appreciate if you could post an update saying that the issue has been resolved not to keep the negative impression regarding the mentioned domains. Thanks!


-Vano
 

dictionaryof

Longtime DNF Member
Joined
Nov 4, 2002
Messages
530
Reaction score
13
Feedback: 56 / 0 / 0
Congrats on getting the names back.

But back up further in the thread: This enom domain individual password thing -- is there any way to search ones enom account for these set on domains?
I looked around and was not able to find any kind of easy search for that. ???
Thanks in advance to anyone who has an answer for or against. ;-)
 

TheLegendaryJP

Level 9
Joined
Jul 12, 2005
Messages
4,338
Reaction score
170
Feedback: 51 / 0 / 0
Congrats getting names back from another rar after stolen is quite the challenge and you managed, very good work!
 
Top Bottom