For years, cybercriminals have been targeting domain owners to take over valuable domains.
The number of domain theft incidents has skyrocketed since 2014, after an ICANN-mandated account verification led to the creation of spoofed, “phishing” email campaigns mimicking legitimate registrar requests.
In the case of Omed.com, a domain registered in 2000 with development in mind, its owner is reporting it as stolen.
An apparent Russian hacker infiltrated the owner’s email, successfully transferring the domain to one of Russia’s largest registrars, Reg.ru.
At the time of the theft, the domain’s WHOIS info was recorded as such by DomainTools:
Domain Name: OMED.COM
Registry Domain ID: 20507434_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.reg.ru
Registrar URL: www.reg.ru
Updated Date: 2016-01-22T01:28:42Z
Creation Date: 2000-02-23T12:29:01Z
Registrar Registration Expiration Date: 2018-10-01T11:59:59Z
Registrar: LLC “Registrar of domain names REG.RU”
Registrar IANA ID: 1606
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Anton Murzin
Registrant Organization: Private Person
Registrant Street: Mochalina str, 8-6
Registrant City: Pervomaysk
Registrant State/Province: Nizhegorodskaya
Registrant Postal Code: 607760
Registrant Country: RU
Registrant Phone: +7.9000006754
Registrant Phone Ext:
Registrant Fax: +7.9000006754
Registrant Fax Ext:
Registrant Email: chehov184@yandex.ru
The domain was unlawfully removed from the owner’s account at GoDaddy in late January, and the theft was just now discovered.
The owner has initiated the process of reclaiming the domain, reversing this unlawful, criminal act.
If you are approached to acquire the domain Omed.com keep in mind that you would be receiving stolen property.
We will update this story once new developments become available.
To ensure that your domains are safe, always enable two factor authentication at your registrar, and use a strong password that is not shared across a number of accounts.
Update – 8/11/2016 – We were notified that the domain has been reclaimed by GoDaddy, and it’s soon to be returned to its legitimate owner.