Latently I have seen accusations of comanies monitoring whois requests. People were saying that days or maybe a week after they had done a whois with a registrar that the domain was registered. I found these accusations pretty harsh and decided to do a little test myself.

Every 3 days for the past 3 weeks i have done whois lookups with the same domains at the following registrars:

godaddy
1and1
enom
dotregistrar
directnic
netsol

Each registrar has two specific domains tied to it so I know if they got registered which one had done it. So far 0 have been registered, so you make the call whether to give the stories credit or not.

I once tried to register a domain name with netsol but didn't complete the process
for some reason (I think I got a call or something that time). I eventually just didn't
think about it anymore.

A day or 2 later, I receive an email from netsol saying the domain name I tried to
register is still available. So apparently netsol does data-mine, but what they'll do
with it (as well as any registrar, I guess) is up to them.

After all, it's their data.

Okay so weird....right after I posted this I was searching for domains.

I searched for the domain aeebo.com (a mis-spelling of aeeboo.com) from my server. I came home a few hours later to register it and bam it is registered.

[root@monitor ~]# whois aeebo.com
[Querying whois.internic.net]
[Redirected to whois.domaindoorman.com]
[Querying whois.domaindoorman.com]
[whois.domaindoorman.com]
This whois service shows the information for .COM, .NET and .ORG domains
The fact that your query returns "NOT FOUND" does not necessarily mean that
the domain may be available for registration. To search all domains, please
go to the shared registry whois located at:
http://www.internic.net/whois.html


Registrant:
DOMIBOT (AEEBO-COM-DOM)
Avenida Caroni 5478
Colinas Monte, Caracas
Venezuela
+1.2085751538
<script>open('http://AEEBO.COM');</script>
+1.2085751538
domains@domibot.com

Domain Name: AEEBO.COM
Status: PROTECTED

Administrative Contact:
Admin domains@domibot.com
Avenida Caroni 5478
Colinas Monte, Caracas
Venezuela
+1.2085751538
Fax- +1.2085751538

Technical Contact, Zone Contact:
Webmaster domains@domibot.com
Avenida Caroni 5478
Colinas Monte, Caracas
Venezuela
+1.2085751538
Fax- +1.2085751538

Record last updated on 06-Apr-2006.
Record expires on 05-Apr-2007.
Record created on 05-Apr-2006.

Domain servers in listed order:
Name Server: NS3.MY-NAME-SERVER.COM
Name Server: NS2.MY-NAME-SERVER.COM
Name Server: NS1.MY-NAME-SERVER.COM

Excuse my ignorance but what would this prove? Are you implying they are watching your search and register the name for themselves?


Okay so weird....right after I posted this I was searching for domains.

I searched for the domain aeebo.com (a mis-spelling of aeeboo.com) from my server. I came home a few hours later to register it and bam it is registered.

[root@monitor ~]# whois aeebo.com
[Querying whois.internic.net]
[Redirected to whois.domaindoorman.com]
[Querying whois.domaindoorman.com]
[whois.domaindoorman.com]
This whois service shows the information for .COM, .NET and .ORG domains
The fact that your query returns "NOT FOUND" does not necessarily mean that
the domain may be available for registration. To search all domains, please
go to the shared registry whois located at:
http://www.internic.net/whois.html


Registrant:
DOMIBOT (AEEBO-COM-DOM)
Avenida Caroni 5478
Colinas Monte, Caracas
Venezuela
+1.2085751538
<script>open('http://AEEBO.COM');</script>
+1.2085751538
domains@domibot.com

Domain Name: AEEBO.COM
Status: PROTECTED

Administrative Contact:
Admin domains@domibot.com
Avenida Caroni 5478
Colinas Monte, Caracas
Venezuela
+1.2085751538
Fax- +1.2085751538

Technical Contact, Zone Contact:
Webmaster domains@domibot.com
Avenida Caroni 5478
Colinas Monte, Caracas
Venezuela
+1.2085751538
Fax- +1.2085751538

Record last updated on 06-Apr-2006.
Record expires on 05-Apr-2007.
Record created on 05-Apr-2006.

Domain servers in listed order:
Name Server: NS3.MY-NAME-SERVER.COM
Name Server: NS2.MY-NAME-SERVER.COM
Name Server: NS1.MY-NAME-SERVER.COM

This was actually discussed in webmasterworld. Many posts strongly suggest the
WHOIS lookups are being "monitored", for lack of a better term.

I'm probably paranoid saying this, but I won't really be surprised if someone out
there has developed a method for doing so. Spammers found ways to harvest all
and any email addresses they can find online, so why should this be impossible to
achieve?

From what I've gathered so far, 2 very common names that crop up are Unasi and
Kenyatech. And I remember that domibot's tied up to Unasi, somehow.

I think that is exactly what he is implying. It doesnt surprise me at all that internic are involved with their track record of being in cohorts with dubious companies like kenyatech in the past. This domibot seems they up to the same dubious tactics. Bottom line is, do not use internic or any related organisation to do a whois search. I think RossH's investigation proves beyond any shadow of doubt that internic are up to some pretty shady practises. Maybe not illegal, but dubious

Domaindoorman is one of the companies "tasting" traffic. Companies such as this are registering hundreds of thousands if not 1,000,000+ a day. Odds are you're going to run across them all the time aslong as they are doing it.

check it out all

after a lil digging, dotregistrar was company that was out of venezula (at least 2 years ago). I think if you do a search on dotregistrar they are buying the names for themsellves

Domaindoorman is one of the companies "tasting" traffic. Companies such as this are registering hundreds of thousands if not 1,000,000+ a day. Odds are you're going to run across them all the time aslong as they are doing it.

yeah but if dotregistrar was a company he is searching the names for and a company from venuezala registrars the name that is no accident yo

Well either way you can thank ICANN and Verisign for that and the many other things registrars are getting away with.

people say directnic is also doing the same kind of slammin.

people say directnic is also doing the same kind of slammin.

Supposedly under kenyatech and noldc.

It shouldn't also be surprising if this is the case. All they have to do is register a
separate and different LLC or something similar and go their merry way.

Supposedly under kenyatech and noldc.

It shouldn't also be surprising if this is the case. All they have to do is register a
separate and different LLC or something similar and go their merry way.

yes, they go after african names

RossH: Did you search for the domain at DomainDoorman? If not, where'd you do the search? That would prove to be an interesting piece of the puzzle.

The nameservers are owned by Cambridge Capital in Miami, Florida. Their web site has no meaningful information. But if you Google 'Cambridge Capital Miami' you'll see that they're no strangers to domain disputes.

There was a similar thread recently about another domibot acquisition, but I don't recall the domainname. IIRC, though, the registrar wasn't DomainDoorman. It was Capital Domains -- that's the same registrar as My-Name-Server.com's.

It is, however, interesting that the nameservers' domain's WHOIS record has the same script tag as other of the domibot domains.

While there may be some funny business, I'd really like to know if you searched at DomainDoorman....

Its happened to me lots of times...I dont know if its true or maybe just a coincidence.

Maybe it will help to first check if the domain shows up in a browser, then google it and finally do a whois when you are ready to register.

I think with registrars that lead a double life and do domain tasting this is pretty common. With Godaddy since the auction model is so big for them I do not trust them with searching for names on their site.

RossH: Did you search for the domain at DomainDoorman? If not, where'd you do the search? That would prove to be an interesting piece of the puzzle.

For the specific domain that was registered i searched from my own server, so it was all probably just a coincidence but I thought it was just pretty strange

When I tried the demo of ModernBill I noticed that even it displayed recent whois searches to the admins.

For the specific domain that was registered i searched from my own server, so it was all probably just a coincidence but I thought it was just pretty strange

Did you use an API or whois?

Did you use an API or whois?

I used plain old whois

Whois is always behind from what I have seen.

I still think Godaddy and a couple others are taking names

I still think Godaddy and a couple others are taking names

No need to think, they are.. Not in the sense of monitoring whois because quite frankly thats not as lucrative as checking monitoring during redemption period.

FYI domainbot just dropped the domain aeebo.com which they registered after my whois....

FYI domainbot just dropped the domain aeebo.com which they registered after my whois....

Not surprising. These guys are really taking whatever they could, keeping those
that make money, and letting go those that don't.

But it's disconcerting to think they found out despite your searching via your own
server. As if it's now "not safe" to search using a registrar via a 'net browser.

Not surprising. These guys are really taking whatever they could, keeping those
that make money, and letting go those that don't.

But it's disconcerting to think they found out despite your searching via your own
server. As if it's now "not safe" to search using a registrar via a 'net browser.

Like everyone says it is probably just coincidence.....just seemed like a pretty big coincidence to me.....

Like everyone says it is probably just coincidence.....just seemed like a pretty big coincidence to me.....

Indeed it's possible it's just plain coincidence. But since the name of a group who's
heavily involved in such activity is listed, well...I just hope not...

Only one way to find out...

Here's the thing....

If you search for a domain using a command line-based WHOIS the WHOIS query goes to the registry. If the domain's not yet registered no registrar will see the query. So, in the case of a .COM, for example, Verisign will 'know' that you did a WHOIS. But absolutely no registrar will see the query because they only see queries for domains for which they're the registrar of record.

Doing a real availability check via a registrar, or doing a web-based WHOIS, especially from a registrar's site, is a different kettle of fish altogether. (And checking for domains with WHOIS isn't a very reliable method, anyway.)

So if you use a command-line based WHOIS, and some random entity -- domibot or otherwise -- acquires the domain some time later, that means, as near as I can figure, that one of two things has happened:

1: The REGISTRY is sharing a list of failed WHOIS queries with a third party, or
2: the random entity had the same thought that you did and it's a coincidence.

davezan: What's the "one way to find out?"

I'd suggest that doing real availability checks or using a registrar's web-based WHOIS (which really is a waste of time) aren't the best ways to keep the cat in the bag. So, as has been said in other threads many times before: Don't do the search unless you're willing to acquire the domain on the spot.

Is it at all possible that #1 could exist? Do you really think that Verisign are sharing their list of failed whois queries? I think it's highly unlikely.

Of course I'm convinced that using a command-line based whois is much more secure than using ANY web-based whois.

Of course, I never do a web-based whois without buying the domain immediately, if it's available. But do you think this still has to be true for a command-line based whois?

I've often just typed the domain I'm looking for into the web browser bar. If I get an error, then I try to register. Not fail-safe because many domain names dns don't resolve. Is this any more or less secure than a command-line based whois?

With my jaundiced view of the domain business, both supply and demand side, I don't believe there are any coincidences :(

I made the word REGISTRY all caps to be clear that I didn't mean a registrar. And, no, I think that it's highly unlikely -- and would open Verisign up to oodles of legal problems -- that Verisign are sharing their WHOIS failures with a third party.

And looking at the picture that's been presented thus far, I continue to believe that, overall, we're seeing coincidences, not foul play.

If anyone has more data (not speculation) that they'd like to share, I find the whole concept facinating. And if there is foul play it'd be interesting to know about it. (In this context, there doesn't seem to be any restriction in the ICANN or per-registry agreements into which we registrars enter that would legally prevent such activity, but it makes the playing field uneven, which is why I characterize it as "foul play.")

Ok. RossH confirmed that he used his command-line whois. He wasn't specific when he reported. So I'd assumed that he must have searched for it on one of the several identities of internic and their cohorts. In this case it must have been... mumble, mumble... a coincidence :blush:

I understood exactly what you mean by REGISTRY, Domainator :)

I stumbled on this thread through a google search.

A friend's "name" domain (like "janedoe.com" if her name was Jane Doe) was registered a couple years ago by somebody in California. The owner renewed it after a year, then failed to renew after the second year. I watched as it went through a long registrar hold, then redemption period, then pending delete, and I suggested to my friend that she put in an order at snapnames or one of the other backorder services. She forgot to do so.

The day her domain was finally released, I went to see if I could snag it for her, but it had already been registered by eNom.com. Then a few days later, I checked whois and found it was registered to a different registrant with a registration date a few days later. A week or so later, it switched hands again. Currently, it's regsitered by capdom.com, and it looks like it was just registered on May 13. This is at least the third, if not the fourth registrant listed for this domain since it expired a couple weeks ago.

What the heck is going on here, and what should she do to try to get ahold of the name? Is it possible that a network of squatters are registering but not paying to keep the name, which is why it keeps getting registered by different registrants? Am I making things worse by checking whois every few days?

According to whois-search.com/deleting/who.php NameWinner.com is the "drop service" associated with capital domains (the current registrar at which her domain resides). Should I just tell her to put in a bid on namewinner?

This is really a pain, as it seems that the squatters don't even make it easy to ransom the domain if you want to.

Unfortunately there's currently no "fair metric" on how one can establish rights to
a domain name except to demonstrate trademark rights. So unless your friend can
do such (which is highly unlikely), there's no way s/he can get the domain name
from its current registered owner.

Problem here is they now know someone's interested in the name. Assuming it's
beyond the 120-hour window from the time it was first registered, only chance left
is to wait it out for how long it's regged but don't give them any hints.

FYI, practically all .com domain names are being regged the moment they're let go
by the Registry. They're being "tasted" to see what gets any "significant result"
(i.e. traffic), then they keep what gets hits and let go what don't.

FYI, practically all .com domain names are being regged the moment they're let go by the Registry. They're being "tasted" to see what gets any "significant result" (i.e. traffic), then they keep what gets hits and let go what don't.

Hmm... so maybe what we're seeing is serial-tasting. One squatter is picking it up, then letting it go, and another squatter is picking it up.

Hmm... so maybe what we're seeing is serial-tasting. One squatter is picking it up, then letting it go, and another squatter is picking it up.

Registars are actually doing this, most likely. They have the ability to registar a domain, and then drop it before a certain number of days without paying for it. I was reading an article about this not long ago, hopefully I can find it again.

Registars are actually doing this, most likely. They have the ability to registar a domain, and then drop it before a certain number of days without paying for it. I was reading an article about this not long ago, hopefully I can find it again.

That seems consistent with what I've seen. eNom.com (who snagged the domain right when it expired) and capdoms.com (who currently hold it) are both registrars. And I think there were a couple of other registrars in between the two of them.

I'd love to see the article if you can find it. Thanks.

That seems consistent with what I've seen. eNom.com (who snagged the domain right when it expired) and capdoms.com (who currently hold it) are both registrars. And I think there were a couple of other registrars in between the two of them.

I'd love to see the article if you can find it. Thanks.

It was very intersting. I think it mentioned some potential issues with ICANN. I can't remember if it was over on HostingTech, or somewhere else, but I'll try and find it over the next few days....

Basically, you are just going to need to wait, or try contacting the current registar who owns it.

Registars are actually doing this, most likely. They have the ability to registar a domain, and then drop it before a certain number of days without paying for it. I was reading an article about this not long ago, hopefully I can find it again.
This is true. Minus the ICANN fees though which is normally $0.25.

This is true. Minus the ICANN fees though which is normally $0.25.

25 cents is the published rate.

I wouldnt be suprised if the actual rate paid by large companies is lower (Godaddy, etc)

The ICANN fees are what they are. No registrar gets any break of any kind. Volume is not a factor in the fee.

That seems consistent with what I've seen. eNom.com (who snagged the domain right when it expired) and capdoms.com (who currently hold it) are both registrars. And I think there were a couple of other registrars in between the two of them.

I'd love to see the article if you can find it. Thanks.

Not all registrars, though. Just the ones who can "afford" it.

If you're looking for an article on the subject, look no further than Bob Parson's
latest blog entry.

Yep, here is an article:

http://www.bobparsons.com/adddropscheme.html

I liked the new article I found better, but I just can't find it :(

Yep, here is an article:

bobparsons.com/adddropscheme.html

I liked the new article I found better, but I just can't find it :(

This describes exactly what I believe is happening with the domain in question. Thanks for the link.

This describes exactly what I believe is happening with the domain in question. Thanks for the link.

No problem, good luck recovering it though...

No problem, good luck recovering it though...

Yeah, I wonder how many more registrars will add/drop it before we get our shot. I'm pretty sure it's already been add/dropped by at least 3 different registrars (it was released on 4/30 and registered by eNom on that day, and capdom.com registered it on 5/13).

I guess we'll take another shot at it on Thursday morning (5/18).

I guess we'll take another shot at it on Thursday morning (5/18).

Forgot to try yesterday, but I just checked, and... it was AVAILABLE. I just registered it for my friend.

So this was definitely a case of serial add/droppers who found the domain not to get a lot of traffic so they dropped it rather than paying the ICANN fees. And now my writer/photographer friend will have her full name (jenniferLastname.com) instead of her nickname (jenLastname.com) for her website.

Woo hoo! Thanks for your help, all. Without the article about the add/drop scheme I probably wouldn't have even bothered checking today and it might have gotten snatched.

Glad it worked out for your friend.

Domibit/Domaincar/Unasi, etc etc etc... Domain tasting, or "add/drop scheme" as Bob Parsons calls it, is becoming absolutely huge. I can only imagine what things will be like a year from now.

Ipwalk just wrote a blog entry on how to find nameservers that are used for domain tasting, but I'd probably get a slap on the wrist if I linked to it.

Anyway, it is a small blessing that it often suffices with waiting 5 days, after which the domain tasters have usually dropped it, but it could get snapped up pretty soon again by some other automated domain-tasting system, so be quick once you get a chance.

Domibit/Domaincar/Unasi, etc etc etc... Domain tasting, or "add/drop scheme" as Bob Parsons calls it, is becoming absolutely huge. I can only imagine what things will be like a year from now.

If enough tasters get into the swing of things, once registered, no domain will ever again be available to someone else.

In this case the domain was released on April 30. At least three tasters (maybe four) held it since then. As soon as one dropped, another picked it up.