|
Weitzman
first learned something was wrong on
Thursday when Rick Waters, who is
developing Adios.com for
Weitzman's company, called to tell him
that suddenly Adios.com had stopped
resolving at the assigned DNS.
"I immediately went into my
account at Enom and saw that Adios.com
was there, still locked, with the same
normal email for me, and everything
appeared to be fine," Weitzman
said. "But when I did a WhoIs
lookup at DomainTools it showed a
‘John Thalacker’ as the
registrant, 000domains as the
registrar, and fastpark.net as
the dns and lander, plus a phone number
that didn’t work." (Editor's
note: John Thalacker is a veteran
domainer whose name was apparently
picked at random by the thief for the
false WhoIs info on this domain. So John
is also being victimized by the
criminal).
"I
immediately called Enom, emailed them
transfer- |
Warren
Weitzman
domain
hijacking victim |
|
"After
contacting Enom, we learned that all of
the domains were still locked but
Adios.com was no longer in Enom's
database. It had been transferred
out. How could this happen without a
notifying email, EPP, without a hack at
the Verisign level or some kind of
cooperation from Enom? We also
found that other domains had been
transferred out to the same DNS (fastpark.net)
and those names now showed various registrant
information (mostly privacy WhoIs),"
Weitzman said.
Weitzman
said the initial list of names
taken from two different accounts he has
at Enom includes these domains:
|
Sou.com
Tysons.com
Speel.com
Procredito.com
Stickum.com
Nansi.com |
Circut.com
Airwatch.com
Adios.com
Boxheads.com
Twiller.com
Greatglasses.com |
"All
of these names showed in Enom’s
transfer-out report as moving over the
last 2 weeks, Sou.com being the first,
moving on the 8th of July,"
Weitzman said. "While I received a
response from the transfer-dispute
department at Enom, there has been no
explanation nor any guess as to how this
could happen."
|
|
Even
worse, the string of thefts
did not end there. Weitzman
said, "This morning we
noticed two more of our
best names, Before.com
and Even.com, were moved
to Directi overnight with
Privacy WhoIs. These domains
were both locked and using my
primary email as contact
information. I have had
them since 1995.
Even after changing
passwords on these
accounts, the domains
continue to disappear.
How could someone even know my
login/username for these
accounts, let alone
passwords? This is why we
think the error or hack has
taken place at Verisign -
domains are showing in both
registrars at the same time,
there are no email notifications
or EPP code requests,"
Weitzman said.
"I
am wondering if anyone else has
had this experience with Enom or
knows whether Verisign has been
hacked. We cannot understand
how |
|
this
could happen, right under our
watchful eyes, and may still
be going on. Enom claims to
have locked down my accounts
from further domain movement and
to have contacted the gaining
registrars," Weitzman said.
"They said they will notify
me when they hear back from the
registrars who hold the names
now." |
Meanwhile,
some of the names that have already been
taken from Weitzman's account continue
to move (a common situation with stolen
domains). "We noticed that Sou.com,
the first of the hijacked domains, was transferred
again, this time to NamesDirect
as registrar and again, fastpark.net as
the lander and another private Whois,"
Weitzman said. "I hope that by
publicizing this, we can find out if
anyone else has had this experience and
what the resolution might be. It
is also our hope that no one will
purchase any of these names,"
Weitzman added.
If
you have any information that could help
Warren recover his stolen domains, you
can send it to Warren at Warren.com.
We will follow up with new developments
as they occur.
|
