It appears companies are finally heading for the hills and transferring out domain names at mad status out of Moniker.com after the recent security breach. Telepathy is a large portfolio owner and has a focus on 3 letter .com domain names owning many, and they appear to have started on or about September 29, 2014 to transfer out many, if not all domains at Moniker which contained almost all of 3 letter domains (most of the .com’s).
I have checked many domains manually they own like CIR.com, COD.com, DCC.com, ECT.com and all have transferred from Moniker.com to Name.com .
At this point, I can not say for certain if any of Telepathy domain names were stolen.
It appears that “other” domains besides 3 letter are also transferring out, like FG.com, Focus.com and a couple other generics etc so it is likely that this is a total portfolio move for Telepathy from Moniker. Based on numbers provided in whois, it appears Telepathy owns somewhere around 7,000 + domain names and of those, it appears around 1,300 + with Moniker.
At this point I scanned over 600+ Telepathy domains at Moniker…
Currently there is a block of about 50 J-K 3 letter domains that are still at Moniker, but it’s unclear the reason those still remain. All of these domains have a status of ClientDeleteProhibited, which means the domains can be updated, transferred or renewed. The majority of the 600+ domains I scanned have already moved from Moniker to Name.com .
Others At Risk
There are some very valuable domain names at Moniker and many from well known domainers like the Castello Brothers, Rob Grant, Warren Royal, Page Howe, eCorp, DomainCapital and many more.
FMA was the single largest Moniker.com customer and I did say WAS. They had several domain names stolen like Busy.com (which they got back), BMT.com (have not yet), YN.com, Bit.com and more but they are or have transferred to Uniregistry.com as seen and reported by OnlineDomain.com . That report states about 100K domains were transferred.
GNO Inc. (Gregg Ostrick) is the next largest customer at Moniker and there has been some activity on his domains around the time of the breach. GNOUSA.com for an example, had a status update on 9/23/2014 and that is a main domain used for email.
Mike Mann, eCorp and Cities Unlimited all fall in line by volume according to email address search.
The $3 Million dollar domain name Candy.com is still registered at Moniker.
Reflex Publishing Inc. holds many, many very valuable domain names at Moniker.
Mrs Jello LLC / ExoticDomains.net holds many, many valuable domains at Moniker.
Roy Messer / Nett Corp holds many, many valuable domains at Moniker.
It is hard to track a specific registrar but I am working to get a track on how many domains are going out of Moniker. There are some services, but not ones that I use or can gain access to or that I feel are even accurate with near to date data. Again, even seeing the ones leaving, doesn’t show “why” they are leaving. This is one hard thing in tracking domain names if they may have been stolen, sold etc. A stolen domain can retain the “current” whois, minus an email address… so it makes it harder to track. Some domains may simply change accounts with-in a registrar and not update whois at all. Companies “hide” a domain sale this way as well. Domains go into privacy for sales and stolen.. Tracking by DNS wouldn’t reveal much if the DNS wasn’t changed. Since it’s hard to “know” what email address a cyber criminal will use, it can be hard to track a specific one. They also change email address rapidly, so once you do find one, they are likely already using another. Well, you get my point.
RegistrarStats.com was always the best for tracking by registrar but they went to a pay system and they never reply to my emails or application. WebHosting.info is another, but the site rarely works.
With hundreds of thousands of domain names “moving” every single day, tracking is a daunting task. Only using “whois” data can make your mind wonder, because you can really only see so much data that is often very hard to verify.
I have been working with DomainIQ.com to get something in order to do detective work by registrar and the product is in place, it just a bit of tweaking.
P.S. Moniker just sent out an email this morning while I was writing this article which they FINALLY admit domains were stolen! Or as they put it…
In addition to suspicious activity, there have been brute force attacks against Moniker accounts resulting in unauthorized domain name transfers. Our staff is working diligently to identify instances of unauthorized transfers and to revert them as soon as possible. To date, we have recovered any domain that was transferred without authorization.
I like that last line… we have recovered any domain? What does that mean, let alone does it really make sense? They are Lying because I know of domains that have been reported to them that are still not “recovered”.
They title the email “Ongoing Security Measures”…. Come On! Maybe an email with the title Security Breach At Moniker.com, Domains Stolen? would be more fitting.
We encourage you to notify us immediately if you feel your account has been compromised
Come on! You have control over the domains and Moniker accounts… YOU should be contacting customers that you suspect have had activity… not just sending plain text passwords and account numbers without even identifying your customers by name and the REAL reason for the password and account number changes from the first email sent on 10/6/2014 which many thought was a spam email.
I’m not a fan of a company who beats around the bush and Moniker is doing just that right now!