If you thought that the incident I reported about the stolen domains jis.com, Leading.net, Southeast.net and Jaxnet.com is isolated, you’d better guess again.
While that case involved the acquisition of FloridaDigital.net on Namejet in order to gain unlawful access to jis.com and eventually the other – bonus – domains, in the case I’m about to describe the domain was sold via Sedo.
Three letter .com domains are often targets of domain hijackers, as they represent a domain “coinage” that more or less retains its value. Three letter .com domains have seen better days, however there is no reason why a LLL .com would not sell for mid five figures or more.
In the case of OXI.com the domain changed hands several times, legitimately, and eventually was acquired by Australian corporation “Smsburst Pty Ltd” in August of 2008.
The domain name, OXI.com has been recently offered for sale on forums and on Sedo. Each time, the seller obscures the name, attempting to space apart the letters so as not to get it spidered by search engines – in two occasions he used an image to display the domain name, OXI.com
After doing some research on OXI.com after SMSBurst bought it, I discovered that “ghutcheson@smstech.com.au” was the handler email.
Until June 12, 2010 the same entity controlled the domain, OXI.com with no changes to the WHOIS.
Here comes the interesting part: In January 2010, smstech.com.au expired and dropped. However, it was re-registered and the owner set up a web site. In July, I contacted the owner and his response was:
I only recently registered this name, that email address doesn’t exist. It is either fake or quite old. Sorry I couldn’t be of more assistance. Cheers, Chris.
I decided to consult Mike Robertson of Fabulous on the status of SMSTech. After hearing back from the Australian Registry, Mike relayed to me that the domain dropped on January 25, 2010 and the Aussie current owner of SMStech.co.au registered the domain on March 28, 2010.
Let’s add some more clues to the OXI.com puzzle.
According to Domain Name Wire, OXI.com was sold on Sedo for $6,000 in the first week of July, 2010.
Indeed, DomainTools.com confirms that OXI.com first had its registrant email changed on June 22, 2010 to “mymobilewatch1@gmail.com”. The only person that could facilitate such a change would be “Chris” – the current owner of SMStech.co.au
The domain OXI.com was then sold on Sedo; WHOIS history at DomainTools shows that on July 7, 2010 the domain was in Sedo’s escrow. On July 16, 2010 the domain OXI.com is in the possession of the apparent buyer, a person from Turkey.
This new buyer tried to sell it – albeit, by masking the actual domain name as I explained – at DNForum and NamePros recently. The NamePros.com thread has been deleted but the cached version can be viewed right here. It is not known why NamePros deleted the thread.
The DNForum sales thread about OXI.com still exists although it was closed because the domain name OXI.com is not listed in the post or the title.
Conclusion: Someone took advantage of the lapsed domain SMStech.com.au, registered it again and gained access to OXI.com which they then sold on Sedo for $6,000. Whether the buyer and current owner was part of the plan in order to launder the domain, that remains to be seen. It’s very suspicious, however, that the current owner of OXI.com is ensuring the domain name does not get spidered by search engines.
@The only person that could facilitate such a change would be “Chris”
Maybe, could have been an employee of the registrar too. I saw the samething happen a few years ago but it was an employee of an ISP that took control of the email account.
mrx – the SMStech.com.au domain did not exist from January to March, all while an email address under that non-existing domain still managed OXI.com
Once SMStech.com.au came back to life in late March, it’s logical to assume that its new owner did some research that led to the relationship between OXI.com and SMStech.com.au – whether that was done prior or after the re-registration of the holding domain, is unknown.
In other words: domains that expire might hold the keys to other, live and potentially valuable domains. The case with FloridaDigital.net and the four stolen domains jis.com, leading.net, southeast.net and jaxnet.com is a great example.
It’s been going on for many many years, one old one was cubancigars.com, stolen, sold, re-sold, and now has a new legit owner.
Jj – interesting, would you like to share some details on cubancigars.com ?
Ensuring that the domain name does not get spidered by search engines in appraisal thread can be explained quite easily though – some people, especially newbies, are just conspiracy theorists. Or just want to ensure that when an end user searches for the offered name he won’t find out that thread – as the requested price could be significantly higher than the one in the appraisal and it could break the potential deal. In this particular case it was senseless though, the name was typed in by another participant anyway 🙂
But considering all the story, other reasons are possible, of course, as well.
Just saw Oxi.com listed on the great domains banner @ SEDO
AB – True, the ‘washing cycle’ continues.
hi
i am the owner of oxi.com. why didn’t contact me before writing this post? you can get my mail adress from the whois information of oxi.com.
huseyin – You were contacted at DNForum and you never responded to the question who did you buy the domain from, for $6,000 on Sedo.
It’s interesting that on the oxi.com sales page you note how this domain was sold for $21,500 in 2007.
So tell us, who’s the guy you bought it from at 1/3 its previous selling price?
he is my friend, who opened the thread at DNforum and he didn’t tell me that.
if someone sends a message and asks “who did you buy the domain from, for $6,000 on Sedo?” do u reply it?
at namepros i open a thread for selling it. my username is maruchi. here is the link
http://www.namepros.com/high-priced-domains/666649-pronounceable-lll-com.html
my username isn’t oxi. i dont know the person who opened this
http://webcache.googleusercontent.com/search?q=cache:9PXs9nQ1pZAJ:www.namepros.com/domain-appraisals/669879-o-x-i-dot-com-worth.html+oxi.com+namepros&cd=1&hl=en&ct=clnk&gl=us
if u look his profile he doesnt have any post. he is fake i think.
i always offer low prices on sedo and on godaddy auctions or on ebay for buying domains for a cheap price. the seller of oxi.com accepted my offer. so i bought it. isn’t it normal?
if u want to learn the “who’s the guy i bought it?” u can ask it to sedo.
please write the trues.
huseyin – Did you or did you not buy the domain oxi.com on Sedo for $6,000 in July? This cannot be disputed.
What also can’t be disputed is the fact that oxi.com was snatched from its owners by whoever sold it to you. If you don’t want to reveal his country of origin or other info then that makes your role all more suspicious.
i bought it from sedo which is the most security platform for buying and selling domains. nobody can accuse or judge me. if u want to learn the seller’s name, please ask it to sedo. dont ask me. and if it snatched from its owners why dont they contact me or sedo? how do u know it snatched?
Did you read the entire article or only the fact that oxi.com is now in the search engines and you tried to hide it? How come your “friends” started threads all over the place about oxi.com putting it for sale or asking for appraisals?
Again, not disclosing the identity of the seller makes your purchase even more suspicious. Sedo might be a secure platform but nothing stops a stolen domain from being sold.
Read the article again, and understand that oxi.com was controlled by a domain which expired. Whoever sold oxi.com to you recreated the admin email and took oxi.com to his possession. You bought a stolen domain, whether you like it or not.
-why i tried to hide search engines?
read Al’s comment.
-the man who opened the thread asking for appraisals is NOT my friend. (read my second comment)
this is my last comment. i dont want to continue the discussion. your behaviours arent ethic. you accuse me and my domain wrongly. i dont have to answer u but all the web shared this article. it reduces my domain’s value.
please understand and accept that it is not a stolen domain.
and please delete my name and surname in the article.
Fact: you bought the domain for $6,000 at Sedo (public information).
Why are you so cryptic about the identity and location of the seller you bought oxi.com from?
I already explained why the domain is stolen. I didn’t say you personally stole it but you are holding stolen goods.
Your name was removed – again it’s public information in the WHOIS. I suggest that you research your purchases better.
It looks like you are right on spot. I see you deleted the previous name but if I recall correctly the lastname for the owner was something like Kaim which did not really sound turkish in the first place.
The DNforum profile that listed the domain leads back to this person;
[removed]
who is a registrant for one of the previous names listed for sale by the same person.
Now, another name is listed here and it will probably be crawled soon by the big G. Can they ask you to delete it? You know who I am in case someone needs to take responsibility.
HRO – The current WHOIS shows the First/Last name of our friend Huseyin here. It’s public information. I did it to show him that it doesn’t matter what he believes, public information (and WHOIS records) exist. It doesn’t get deleted 😉