The domain name WTD.com is being offered for sale on several venues, including DNForum; this premium LLL .com has been stolen from its rightful owner, a British solicitor.
So how did they do that?
According to DomainTools, the managing domain ProfReg.com was allowed to lapse and expire, and in a matter of days, it was re-registered by someone who is using WHOIS shield on it.
The registrar is DharanaDomains.com, an ICANN accredited registrar that appears to be a sister company of Name.net. Although both registrars are based in Colorado, they seem to share a background with China.
After getting hold of ProfReg.com, the thief created the administrative email domains@profreg.com which managed WTD.com and was able to take control of it.
The domain WTD.com was then listed for sale on the Chinese domain forum, Damingcheng.com. The fact that the sales post was made by the forum administrator, establishes solid proof that whoever runs Damingcheng.com stole WTD.com
In the same post, the following domains are listed for sale, making them candidates for researching their ownership status:
- XOZ.NET
- EZS.NET
- xpj.net
- TQU.NET
- qlx.net
- auy.net
- gzs.net
- dgg.net
Information we gathered shows that the domain was recently auctioned on ename.com with an asking price of 25,000 yuan, or approximately $4,000 USD. The current owner states that they won and paid for the domain, that they are not related to the theft and that ename.com refuses to hand over any information about the seller.
A quick WHOIS of Damicheng.com using historic information at DomainTools, shows a “Han Pengfei” with an email of “chongwudong@tom.com” as the owner.
At this point, the legitimate owner of the hijacked domain, WTD.com, has been contacted and we are expecting a response and an obvious initiation of reclaiming the stolen domain.
Check out what was just listed in the high price section on namepros
My bad meant to say just got a 9k offer it looks like
Thanks for the heads-up Corey, it has now been removed.
Not to be an ass, but why would you keep a valuable asset at a 3rd rate registrar, you did a great background and investigation on this, but imagine how many people could be screwed by this whole pirate game, assuming they did not just hi-jack one domain name.
Don – I don’t think the issue here is the registrar. Assuming the registrant was informed about the pending expiration of the domain managing the account, it appears to be negligence on their part. Still, the non-expired domain, WTD.com, was stolen regardless of what happened to the managing account. It’s as if your house is condemned to be demolished, I walk in your kitchen and take the keys to your Rolls parked outside.