Domain Name Wire | Domain Name News & Website Stuff

Domain Name Industry News and Website Stuff

Featured Domains

Engineering firm sues to recover KFDE.com domain name

by Policy & Law 7 Comments

Company says a thief took the domain name it has been using for nearly two decades.

Picture of thief at laptop computerA California engineering firm has filed a lawsuit (pdf) to recover the domain name KFDE.com, which it says was stolen from it.

K.F. Davis Engineering has been using the domain name since it registered it in 2000. It alleges the domain name was stolen from its Network Solutions account this year.

Historical Whois records show that the domain was at Network Solutions in July of this year. The domain was renewed through 2023.

The first August record at DomainTools shows the registrar as Xiamen ChinaSource Internet Service Co., Ltd. Oddly, the registrar’s Whois now has a create date of August 20, 2019. (Verisign’s still shows 2000.)

Wiley Rein is assisting K.F. Davis Engineering with its in rem lawsuit to recover the domain name. It filed the dispute in U.S. District Court in Virginia, where .com registry Verisign is located.

 

Popular Brazilian website stolen, lawsuit claims

by Policy & Law 3 Comments

Site that tracks car prices has been hijacked.

Screenshot of tabelafipebrasil.com, which is the subject of a stolen domain lawsuit

The creator of tabelafipebrasil.com says his website has been stolen. The popular site has received 93 million page views since it was founded in 2013.

An unknown person has stolen the domain name and website TabelaFipeBrasil.com according to a lawsuit (pdf).

João Almeida started and ran the popular website that tracks vehicle prices in Brazil. According to the lawsuit, the site received 2.5 million page views last month and over 93 million since it was launched in 2013.

But Almeida found out that the domain was stolen from his registrar account and transferred elsewhere. Almeida alleges that the thief is now generated revenue from the Adsense ads on the site. (I reviewed the current Google Adsense code on the website and compared it to the ad code captured in Archive.org and it has changed. Some security services now use Adsense publisher IDs to track bad actors and I wonder if they could connect this to other domains used by the alleged thief.)

Wiley Rein LLP is representing Almeida. It filed the case as an in rem action in Virginia, where .com registry Verisign (NASDAQ: VRSN) is located.

Stolen domain lawsuit filed over $100k domain name 1001.com

by Policy & Law 0 Comments

Company that bought domain name for $100,000 in 2013 says that it has been stolen.

Picture of thief at laptop computer

Netherlands corporation Diginus BV has filed an in rem lawsuit (pdf) against the domain name 1001.com, which it alleges was stolen from it.

The company paid $100,000 to acquire the domain name on Sedo in 2013, according to NameBio.

Based on historical Whois records, it appears that the alleged theft occurred in May this year. That’s when the Whois record changed from Namecheap Whois privacy to GoDaddy’s DomainsByProxy.

DomainsByProxy was subsequently removed to reveal a registrant in China.

Diginus filed the lawsuit in U.S. Federal District Court in the Eastern District of Virginia, where .com registry Verisign is located.

David Weslow of Wiley Rein is representing Diginus.

How to keep your domains from being stolen (2019 edition)

by Domain Registrars 4 Comments

Consider these eight safeguards to keep thieves away from your domain names.

image of hackers breaking into online passwords, credit cards

If you own domain names–particularly good names–you are at risk of having your valuable assets stolen from you.

Thieves will try to compromise your domain registrar account (sometimes by first compromising your email account) and transfer the domains to another registrar. Sometimes they won’t change your nameservers, so you might not realize the domain name is stolen until much later. This makes it harder to recover the domain name.

Here are some tips to protect yourself from domain theft:

  1. Use two-factor authentication at your domain name registrar. Any reputable domain name registrar offers two-factor authentication. A thief then needs access to a secondary device (such as your phone number) if they want to crack into your account.
  2. Use secure email with two-factor authentication. A common way thieves get into your registrar account is by compromising your email. Once they have access to your email they can reset the password at your registrar. I’ve heard some advice that suggests you shouldn’t use free email services for your domain accounts. I disagree; web-based email services can be some of the most secure options. Consider using Gmail with a physical security key as secondary authentication.
  3. Use a different email address for your registrar account than Whois. While many registrars have masked email addresses in Whois, some still show it. Thieves use the email address on a Whois record as a starting point. They try to hack that email account to access the registrar account. One way to stump them is to use a different email address for your registrar account.
  4. Use a password manager. Another way thieves get into your registrar account is by phishing. They use your email address from Whois to ask you to log in to a fake site. They grab your credentials when you do this. Two-factor authentication (see #1) can stump them even if they have your username and password. Using a password manager can stop you from falling for the phishing scam because it won’t allow you to auto-fill your credentials on the wrong site.
  5. Remember that Whois privacy is a double-edged sword. While thieves use public Whois info to try to break into your account, masked Whois records aren’t always better. After all, if your domain is stolen it might not be reflected in the public database. It will be more difficult for you to discover that your domain is stolen.
  6. Use GoDaddy’s domain transfer verification services. This only applies to GoDaddy customers that have Premier Services account managers. The minimum to be considered is 300 domains but there are other qualifications, too. (Here are the qualifications from 2013.) With this added service, your account representative will call you to verify all domain transfers that aren’t Afternic fast transfer sales. It slows down the process but it’s a very good layer of additional security.
  7. Add transfer lock to your domains at your registrar. 
  8. Track your domains. Use a service like DomainTools to track your domains. You’ll get alerts when a domain is unlocked, transferred to another registrar, etc.

Feel free to comment about additional safeguards you take to protect your domain name portfolio.

Stolen domain name EQN.com returned to rightful owner

by Policy & Law 3 Comments

Thief doesn’t show up to defend lawsuit.

Picture of thief at laptop computer

Verisign has transferred the domain name EQN.com to its previous owner after a judge ordered the transfer.

Blackshore Properties, Inc. of San Marino, California acquired EQN.com in a NameJet auction in 2011 for $4,950. A thief subsequently stole the domain name from the company and transferred it to Chinese domain name registrar 22.cn in 2016.

Blackshore filed an in rem lawsuit in October last year in U.S. District Court in Virginia where .com registry Verisign is located. The thief (not surprisingly) didn’t show up to defend the domain, so the judge ordered Verisign to return the domain name.

The registrar for the domain switched from 22.cn to Enom around February 1, 2019. Enom doesn’t publish Whois records but the transfer likely indicates the domain has been returned to the legitimate owner.

David Weslow of Wiley Rein represented Blackshore Properties.