Whc? - Explain this one. Plus I have never used Atom (2.Viewing)

  • Topic Starter Topic Starter mikeyboy
  • Start date Start date
  • Replies Replies: Replies 33
  • Views Views: Views 645

mikeyboy

Member
Joined
Oct 28, 2021
Topics
61
Posts
260
Likes
181
Country flag
Explain this one. Plus I have never used Atom

1743513657476.png

1743513735484.png
 
Last edited by a moderator:
Picked up in drop through WHC I believe.
Had it parked and should now resolve to an Afternic for sale landing page. Doesn't resolve
Updated 26th? Wasn't me. Strange innit lol
 
I'd contact WHC and see if this is one of those strange domains that can be in multiple accounts at the same time (as expired/cancelled), and the prior owner changed the NS (probably by calling WHC) without realizing he no longer owns it.

I think Frank closed most of the loopholes, but there can still be problems here and there.

I am going to bet that the WHOIS registrar in 2023 (prior to the TBR run) was WHC.
 
Well that's scary AF. Whois says:

Updated Date: 2025-03-26T21:11:47Z
Creation Date: 2023-08-30T19:00:05Z
Registry Expiry Date: 2025-08-30T19:00:05Z

I am going to bet that the WHOIS registrar in 2023 (prior to the TBR run) was WHC.

Good thought, but wrong guess. The domain was with Namecheap.com prior to dropping in 2023, so it does not sound like a previous WHC customer account conflict unless it was from even prior to that. The domain was previously regged from 2014-2023.

So for a nearly 2 year old domain, the fact that someone other than the owner could change nameservers, well that's pretty messed on and sounds like a huge security flaw.

Furthermore, WHC displays the AUTH code rather than only sending it by email to the registrant email. So presumably a person that could change the nameservers could also retrieve the auth code - and boom - your domain is gone.

Displaying the auth code inline is convenient and should in theory be secure assuming the account itself is secure. But this incident is suggesting that their accounts may not be so secure, or their system architecture allows for something like this to happen if it is some misconfiguration issue on their end, or their support people screwed up and it was the result of a social engineering hack, or ??? There must be some explanation. WHC certainly owes you that.

Please report back as to what the explanation is.

Sounds like a good time for me to go round up any stray TBR domains and consolidate them back to my main registrar... Much easier to keep tabs on everything that way.
 

Sponsors who contribute to keep dn.ca free for everyone.

Sponsors who contribute to keep dn.ca free.

Back
Top Bottom