Latest news of the domain name industry

Recent Posts

Three-letter .com owned by hospital “hijacked”

Kevin Murphy, August 20, 2019, Domain Registrars

A California hospital has seen its three-letter .com domain reportedly hijacked and transferred to a registrar in China.

Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was using svh.com as its primary domain until earlier this month, when it abruptly stopped working.

The Sonoma Index-Tribune reports that the domain was “maliciously acquired”, according to a hospital spokesperson.

It does not seem to be a case of a lapsed registration.

Historical Whois records archived by DomainTools show that svh.com, which had been registered with Network Solutions, had over a year left on its registration when it was transferred to BizCN in early August.

BizCN is based in China and has around 711,000 gTLD domains under management, having shrunk by about 300,000 names over the 12 months to April.

The Sonoma newspaper speculates that the domain may have been hijacked via a phishing attack. It’s not clear whether the hospital or NetSol, part of the Web.com group, was the target.

Three-letter .com names are highly prized, usually selling for tens of thousands of dollars.

Domain investors should obviously steer clear of svh.com, which will is probably already up for sale.

Not only is there a possibility of attracting unwelcome legal attention, but there’s also the moral implications of paying somebody who would steal from a hospital.

The hospital in question has now changed its name to sonomavalleyhospital.org. This transition, which includes migrating the email addresses of all of its staff, seems to have taken several days.

Anyone sending personal medical information to the old svh.com email addresses may find that information in the wrong hands.

KnujOn scores a win as BizCN gets first breach notice

The Chinese registrar BizCN has received its first breach notice from ICANN’s compliance department, following a sustained campaign by anti-abuse activist KnujOn.

The notice concerns Whois accuracy, specifically for the domain names rapetube.org and onlinepharmacy4.org, and a bunch of other peripheral breaches of the Registrar Accreditation Agreement.

The “porn” site rapetube.org was the subject of a Washington Post article last December, in which KnujOn’s Garth Bruen said he feared the site might contain footage of actual crimes.

Bruen has been chasing BizCN about Whois inaccuracy, and specifically the rapetube.org domain, since 2011.

He said in a September 2013 CircleID post that he’s filed Whois inaccuracy complaints about the domain with ICANN “multiple times”.

His campaign against ICANN Compliance led to an Ombudsman complaint (which was rejected) last year.

Now Compliance appears to be taking the case more seriously. ICANN, according to the breach notice, has been on BizCN’s case about rapetube.org’s Whois since March 24 this year.

At that time, the name was registered to a Vietnamese name with a French address and phone number and a contact email address at privacy-protect.cn.

According to Bruen’s interview with the Post, this email address bounced and nobody answered the phone number. The privacy-protect.cn domain does not appear to currently resolve.

ICANN evidently has some unspecified “information” that shows the email “does not appear to be a valid functioning email address”.

But BizCN told ICANN April 2 that it had verified the registrant’s contact information with the registrant, and provided ICANN with correspondence it said demonstrated that.

ICANN says the correspondence it provided actually predated KnujOn’s latest complaint by six months.

In addition, when BizCN forwarded a scanned copy of the registrant’s ID card, ICANN suspected it to be a fake. The notice says:

Registrar provided copies of correspondence between the reseller and registrant. The response included the same email address that was still invalid according to information available to ICANN, and included a copy of a government identification card to confirm the registrant’s address. According to information available to ICANN, the identification card did not conform to any current or previous form of government identification for that jurisdiction.

Despite repeated follow-up calls, ICANN said it still has not received an adequate response from BizCN, so its accreditation is now in jeopardy.

BizCN has something like 450,000 gTLD names under management and is in the top 50 registrars by volume.

As for rapetube.org, it’s still registered with BizCN, but its Whois changed to a Russian company “Privat Line LLP”, at privatlinellp.me, on or about April 17.

That change is not going to help BizCN, however, which is being asked to provide evidence that it took “reasonable steps to investigate and reasonable steps to correct the Whois inaccuracy claims”.

It has until May 29 to sort out the breaches or face termination. Read the breach notice here.