25 LLLL.COM domains was stolen.

[aaron123]

25 LLLL.COM domains was stolen.

The domains were transferred out of my GoDaddy account and were moved to a namesilo.com and 22.cn.

The following list of domains was stolen and is currently in the process of being reclaimed:

CJQP.COM
GKJM.COM
JHGS.COM
KBXM.COM
KGRQ.COM
KQLD.COM
KQMP.COM
KRNX.COM
KRPZ.COM
KSWN.COM
KWMZ.COM
KXDP.COM
KZGF.COM
KZTQ.COM
MTYN.COM
RZJB.COM
SXDF.COM
DRQW.COM
RQCQ.COM
PQKT.COM
QFPW.COM
GYLZ.COM
GGYL.COM
GYLG.COM
GYLN.COM

Please don't buy those domains.

 

[discobull]

I wanted to reply to this thread as it was brought to our attention by the OP. I first want to say that we of course do not want to play any role in illegal activity - especially as it relates to theft of domains. We do not want to be considered by anybody that would steal domains to be a safe haven for dong so. This goes strongly against our company philosophies.

With that being said, there is unfortunately not a lot we can do in these situations. As a registrar, our basic requirements given a transfer dispute are to confirm that the transfer complied with ICANN rules. We have been in touch with Godaddy and the OP and we have confirmed that the transfers did comply with all ICANN rules.

We understand the claims made by the OP, but the major problem is that we have no way of verifying they are accurate. We have been involved in multiple disputes in which the Complainant made fraudulent claims that their domains were stolen. We have been provided with falsified documentation, socially engineered "proof", and a host of other tricks people have tried to play to get access to domains. One popular scheme is for people to sell their domains, collect the money, and then claim their domains were stolen in hopes of getting them back.

These are just a few of the issues we encounter when trying to determine claims of theft. In short, and we know it sounds heartless, but security is the responsibility of the Registrant and the losing Registrar to provide adequate tools for Registrants to use to protect their accounts/domains.

In short, as the gaining registrar in a dispute, there are many times no good way for us to prove that complaints are valid. First and foremost, we advocate for our customers unless objective proof of wrongdoing can be provided. We understand this is a very large burden for Complainants, but we also want our customers to feel secure that their domains cannot be seized when fraudulent claims are made. We also provide our customers with 2FA (using Google Authenticator, Authy, etc.) as well as Domain Defender. The combination of those 2 services makes domains virtually impossible to be stolen.

We of course wish there were not so many cases of domain theft, and we do what we reasonably can to prevent it from our end. However, we hope people also understand that we treat our customers' domains as valuable assets and cannot suspend/revoke them without meeting a very high level of objective proof. We understand this is not a perfect stance in that it could lead to people stealing domains and transferring them to us, but we would also lose the trust of our customers if we adopted more lenient policies and people started losing domains for no wrongdoing. It is a very difficult predicament for any registrar, and we do the best we can to provide a service as free of misuse as possible, while still advocating for our customers and protecting their domains.

Sorry for the rant, but this is a very important issue and I hope our position is better understood.

Have you requested that the current registrant provide proof of purchase? Since Godaddy can confirm that the OP was the owner just a couple of weeks ago, the current registrant should be able to document how he obtained these domains.

 

[SirDrago]

Have you requested that the current registrant provide proof of purchase? Since Godaddy can confirm that the OP was the owner just a couple of weeks ago, the current registrant should be able to document how he obtained these domains.

Valid point just tagging @namesilo

 

[namesilo]

Have you requested that the current registrant provide proof of purchase? Since Godaddy can confirm that the OP was the owner just a couple of weeks ago, the current registrant should be able to document how he obtained these domains.

Yes, we have looked at the transaction to transfer the domains and it does not reveal anything we consider fraudulent. Also, matching names from a transaction with us to the name Godaddy had would not really prove theft. Many times transfers do not match previous Registrants. For example, if someone buys a domain and then transfers it to us.

 

[discobull]

Yes, we have looked at the transaction to transfer the domains and it does not reveal anything we consider fraudulent. Also, matching names from a transaction with us to the name Godaddy had would not really prove theft. Many times transfers do not match previous Registrants. For example, if someone buys a domain and then transfers it to us.

That's not really what I'm asking. I'm asking if you asked the registrant to prove that he paid the OP for the domains or if he has any documentation to show that he obtained these domains with the op's permission? Was there an email exchange between them? Was there a paypal payment made, etc? He should be able to document that he purchased them rather than stole them.

Additionally, it occurs to me that GD would have a record of the IP address used to access the OP's account when the transfer was initiated. If it matches the ip address that the registrant used on your end, that should tell you something.

 

[discobull]

Yes, we have looked at the transaction to transfer the domains and it does not reveal anything we consider fraudulent. Also, matching names from a transaction with us to the name Godaddy had would not really prove theft. Many times transfers do not match previous Registrants. For example, if someone buys a domain and then transfers it to us.

In case you're not aware, we're talking about domains that could be cashed in instantly for $XX,XXX so I hope you make the effort to go the extra mile on behalf of the OP.

 

[namesilo]

Yes, we have contacted the current Registrant, but our correspondence cannot be shared on this forum. However, needless to say, if our correspondence resulted in our belief that the domains were stolen we would act as we have done several times in the past.

Regarding the IP address matching Godaddy, that would actually be our expectation in most cases. It would be understandable for someone to log in to their account at one registrar from the same IP they use to place an order to transfer domains with another registrar. There are also reasons they would not match such as logging in from work to one account, then home to another. Or maybe a proxy service. Could be a lot of possibilities. We have several customers who log in from a different IP each time - even within the same day.

Thanks

 

[discobull]

Regarding the IP address matching Godaddy, that would actually be our expectation in most cases. It would be understandable for someone to log in to their account at one registrar from the same IP they use to place an order to transfer domains with another registrar.

But the account at GD doesn't belong to the current registrant, it belongs to the OP so it wouldn't make sense that they'd be the same.

 

[namesilo]

But the account at GD doesn't belong to the current registrant, it belongs to the OP so it wouldn't make sense that they'd be the same.

The OP's claim is that someone accessed their account which would be necessary to change the admin email and also to get their EPP codes. This is quoting their response on page 1 of this thread:

For now is this.The hacker log in my godaddy account and modified my domain Admin email to get the domain Authorization Code.​

 

[discobull]

The OP's claim is that someone accessed their account which would be necessary to change the admin email and also to get their EPP codes. This is quoting their response on page 1 of this thread:

For now is this.The hacker log in my godaddy account and modified my domain Admin email to get the domain Authorization Code.

Yes, exactly. So hacker logs into the OP's account using hacker's IP and then logs into Namesilo using hacker's ip. I guess I'm not understanding why you think that it wouldn't be suspicious for one person using the same IP to be accessing two different accounts that belong to two different people.

Btw, I don't mean to give you a hard time. I'm just trying to be helpful.

 

[Jen-Sin]

If a thief steals my key to my safe in Bank G, takes my valuables and transfers to Bank S, will it be acceptable for Bank G to say that the valuables are now no longer in the bank and it's out of their hands?

Is it acceptable for Bank S to say there is unfortunately not a lot they can do in the situation as they have confirmed that the transfers compiled with banking rules, and that the security of my valuables is my responsibility, and that Bank G should provide adequate tools for me to use to protect my safe / valuables.

There may be more that both registrars have done beyond what were revealed in this thread. But can GoDaddy @Joe Styler and @namesilo work together beyond the basic responsibilities of ICANN transfer rules to investigate further rather than brush the situation off like this?

There are digital footprints and signatures in this situation like what @discobull says.

Or did both registrars have reasonable belief that the complainant made fraudulent claims that his domains were stolen?

 

[namesilo]

Yes, exactly. So hacker logs into the OP's account using hacker's IP and then logs into Namesilo using hacker's ip. I guess I'm not understanding why you think that it wouldn't be suspicious for one person using the same IP to be accessing two different accounts that belong to two different people.

Btw, I don't mean to give you a hard time. I'm just trying to be helpful.

Yeah, no problem at all! If there has been theft then we would like to rectify it.

Regarding the IPs, I understand your point now. That is a good point. We will follow up with Godaddy concerning this issue. Thanks

 

[namesilo]

If a thief steals my key to my safe in Bank G, takes my valuables and transfers to Bank S, will it be acceptable for Bank G to say that the valuables are now no longer in the bank and it's out of their hands?

Is it acceptable for Bank S to say there is unfortunately not a lot they can do in the situation as they have confirmed that the transfers compiled with banking rules, and that the security of my valuables is my responsibility, and that Bank G should provide adequate tools for me to use to protect my safe / valuables.

There may be more that both registrars have done beyond what were revealed in this thread. But can GoDaddy @Joe Styler and @namesilo work together beyond the basic responsibilities of ICANN transfer rules to investigate further rather than brush the situation off like this?

There are digital footprints and signatures in this situation like what @discobull says.

Or did both registrars have reasonable belief that the complainant made fraudulent claims that his domains were stolen?

As with any complaint, we do go above and beyond what is required concerning ICANN rules. My point is that there are many methods people use to trick registrars into giving them domains. There are many examples on this very web site and on other forums concerning this topic. We have nothing to gain being complicit in illegal activity, but we do have something to lose if we take people's domains away without extremely convincing evidence. This matter is still open on our end as we continue to correspond with the Registrant, even though we are under no obligation to do so. We simply do not like our service being misused and we do not wish to support anybody involved in such activity. If we did not care, we would simply say the transfers complied with ICANN rules and leave it alone.

 

[Jen-Sin]

If we did not care, we would simply say the transfers complied with ICANN rules and leave it alone.

That is what you said at first:

With that being said, there is unfortunately not a lot we can do in these situations. As a registrar, our basic requirements given a transfer dispute are to confirm that the transfer complied with ICANN rules. We have been in touch with Godaddy and the OP and we have confirmed that the transfers did comply with all ICANN rules.

 

[Acroplex]

Namesilo - Apparently you can define what constitutes "extremely convincing evidence" per ICANN?

In every case that involved domain registrars that refuse to take responsibility to process the evidence, the onus is on the losing party - the victim of the domain theft. It should be the other way around: ask the registrars of these stolen domains to provide proof of lawful acquisition from the last recorded owner.

I'd like to remind you how godaddy-support.com was recently closed down by you for blatant phishing, or the vast amount of spam towards LLLL .com domains that originates from domains hiding behind WHOIS at Namesilo.

 

[namesilo]

That is what you said at first:

My first post was that we confirmed the transfers complied with ICANN rules and that it was extremely difficult to prove allegations of theft. Sorry if I was not more clear.

 

[Acroplex]

Another false statement: "even though we are under no obligation to do so."

You are obligated to process the information that the losing registrar, GoDaddy, provided. You are choosing to give the evidence your own personal weight, as opposed to treating them as facts.

 

[namesilo]

Namesilo - Apparently you can define what constitutes "extremely convincing evidence" per ICANN?

In every case that involved domain registrars that refuse to take responsibility to process the evidence, the onus is on the losing party - the victim of the domain theft. It should be the other way around: ask the registrars of these stolen domains to provide proof of lawful acquisition from the last recorded owner.

I'd like to remind you how godaddy-support.com was recently closed down by you for blatant phishing, or the vast amount of spam towards LLLL .com domains that originates from domains hiding behind WHOIS at Namesilo.

I am sorry, but that is not quite accurate. We have returned domains previously after evidence of theft was provided. Yes, we did shut down godaddy-support.com for blatant violation of our terms. We are proud that we react quickly to abuse complaints revealing blatant misuse of our services. Sorry, but I am unsure what you mean by vast amounts of spam from domains originating with us. Feel free to ask Spamhaus or other spam monitoring companies how our response time is. I am also unaware of any complaints online about our abuse handling policies.

 

[namesilo]

Another false statement: "even though we are under no obligation to do so."

You are obligated to process the information that the losing registrar, GoDaddy, provided. You are choosing to give the evidence your own personal weight, as opposed to treating them as facts.

I am sorry, but I cannot keep this conversation going responding to accusations such as those you are making. I joined this thread hoping to make our policies better understood. Our track record is extremely good and you will not find an irregular number of complaints to the contrary, despite the fact that we are one of the fastest-growing registrars in the world. We take abuse complaints seriously and we research them as much as we can, we are not a court of law, or an investigative body. We are a domain registrar. You will also not find even one complaint, ever, from any customer of ours who has had their domain stolen due to negligence on our behalf. This is not the case with many of our competitors who have been socially engineered, accepted false "proof", etc. We do not claim to be perfect, but I have tried to lay out our positions on these topics.

 

[Acroplex]

What type of "extremely convincing evidence" do you require? Please be specific.

My reference was to all domain registrars in general, nobody seems to want to take responsibility when they become the recipient of stolen goods, as in this case.

Regarding the spam I get daily from domain owners of e.g. https://whois.domaintools.com/asjxrzmj.com or https://whois.domaintools.com/strppe.com and others, to my emails controlling LLLL .com's.

 

[Acroplex]

I am sorry, but I cannot keep this conversation going responding to accusations such as those you are making. I joined this thread hoping to make our policies better understood. Our track record is extremely good and you will not find an irregular number of complaints to the contrary, despite the fact that we are one of the fastest-growing registrars in the world. We take abuse complaints seriously and we research them as much as we can, we are not a court of law, or an investigative body. We are a domain registrar. You will also not find even one complaint, ever, from any customer of ours who has had their domain stolen due to negligence on our behalf. This is not the case with many of our competitors who have been socially engineered, accepted false "proof", etc. We do not claim to be perfect, but I have tried to lay out our positions on these topics.

You have an opportunity to prove that you are a great domain registrar and acknowledge that your decision to not consider the provided information as "extremely convincing evidence" is very arbitrary.

So what type of information do you require from GoDaddy to provide, on behalf of the victim? What type of "extremely convincing evidence" do you require from the current registrant of these domains?

 

[namesilo]

You have an opportunity to prove that you are a great domain registrar and acknowledge that your decision to not consider the provided information as "extremely convincing evidence" is very arbitrary.

So what type of information do you require from GoDaddy to provide, on behalf of the victim? What type of "extremely convincing evidence" do you require from the current registrant of these domains?

Yes, the evidence we receive is arbitrarily handled as it is our company that needs to make the determination concerning the authenticity, validity, etc. of the provided evidence. Again, we have no formal training in criminal theft investigations - we do the best we can as domain registrars. The legal system exists to adjudicate in situations like this. Unfortunately, in this matter, such as several others in the domain industry, it is left to registrars who need to act as judge, jury and executioner. If there were better policies in place to accommodate situations like this then there would be far less grey area, and therefore less arbitration concerning evidence provided.

We will not list exactly what we need to receive as we cannot set a public precedent that can be abused by future perpetrators of fraud and theft. Also, every situation is different and needs to be handled as such. Yes, I understand this is not giving you the specific litmus test you are looking for to determine innocence and guilt, but, based on the correspondence and materials we have received from the OP, Godaddy and the Registrant, and this situation is not black and white. If it was that easy, this matter would have been resolved, as most others are, very quickly. You do not hear about the other complaints that are handled - of which there are many. This situation is not clear cut and we will not act unless we are satisfied we are doing so justly.

 

[discobull]

Regarding the IPs, I understand your point now. That is a good point. We will follow up with Godaddy concerning this issue. Thanks

Thanks. I think it's a long shot since a hacker would probably cover his tracks with a proxy server, but it's worth looking into on the off chance that this guy was sloppy.

 

[namesilo]

Thanks. I think it's a long shot since a hacker would probably cover his tracks with a proxy server, but it's worth looking into on the off chance that this guy was sloppy.

Yeah, makes sense. We have contacted Godaddy and are awaiting a reply. Thanks again for the suggestion.

 

[Acroplex]

We aren't here to solve how domains can be kept safe, or about how ICANN needs to change is rules. I've covered domain theft extensively for at least 5 years, and I'm very familiar with the processes involved, the pitfalls, and the registrar side of things.

In this specific discussion, however, you have the opportunity to have an honest conversation about how you plan to resolve this, as opposed to announcing your inability to resolve it. It's still an open case, and as in every case involving domain theft, the victim has to prove they are not an elephant.

I do hope you will give this issue some strong consideration and sit down with Joe Styler and his team at GoDaddy to best address the pron and cons of letting a thief get away with their crime.

 

[Acroplex]

Addendum; as always, follow the money trail while requiring the current registrant - the thief - to provide evidence of purchase, if they so claim. The onus should not be solely on the registrant & victim.

As these domains were transferred recently, the clock is ticking; there are less than 60 days left before they can be transferred out to some "well known" registrar in China.