Domains Stolen from GoDaddy, Four 3 Letter .com's

Jesus..I am upset every time I read about this kind of thing. But how did they do it?
It really takes someone good to steal all your passwords and also to redirect the messages from GODaddy to your email address ( the ones with the codes ).

Are you sure you don't have a trojan in your computer? Or maybe you logged in in a public place?? A lot of public wifi connections are not protected and secure

Damn, you should file a report with both the registrars , i'm sure you did, and then just start the legal procedure, consult your attorney
He will tell you to record your statement along with all proof and proceed accordingly

They managed to get into my email account somehow (I've had all these domains since 2009 or earlier and just discovered my email account was getting bombarded with hacking attempts left and right). I had what I assumed was a secure password, I guess not. The person forwarded my GoDaddy emails to themselves it seems and had them deleted before I could see them.

.

BinderGang said:

I have discovered over the past few weeks that following domains were stolen from my GoDaddy account by an overseas IP address:

HGX.com
WKZ.com
UKR.com
QVO.com
AtlantaFashion.com

The domains are now registered to a person using the email [email protected]. He is using fake whois information, a fake number, he charged back the domain reseller whom he transferred the domains to, faked email correspondence between myself and him, and is saying he paid by in untraceable Bitcoin.

I have been in constant email contact with Enom and Internet.BS. The two domain registrars whom the domains were transferred to. Yet both registrars are doing little to nothing and now I am going to have to explore my legal options.

Does anyone have any experience in this? Any good contacts to get in touch with. I appreciate your help.

Click to expand...

Contact a domain lawyer immediately. File a report with IC3. Additionally, get the Feds involved if need be, as there should be a local office right there in NY. They can trace all activity globally. Internet fraud is a major crime, and depending upon the dollar amount, could bring heavy consequences, regardless in which country the thieves are hiding. The arms of the Law reach far and wide in this day and age, especially with regard to the internet. Just because they may not live in the US doesn't mean they can't be found and brought to justice. A little pressure on the registrars and they should be able to transfer the names back to you, but again, this is something for the aforementioned entities to advise you of. Good luck and do keep us posted.

Just out of curiosity,

I see you were selling these names throughout the years in the past including Flippa and multiple forums.

Any reason they never sold?

It seems your guy also owns UKR.com.

Here >who.is

.NJ said:

Just out of curiosity,

I see you were selling these names throughout the years in the past including Flippa and multiple forums.

Any reason they never sold?

It seems your guy also owns UKR.com.

Here >who.is

Click to expand...

I received many offers ranging 4 to 5 figures for each. Never wanted to sell and decided to hold.

I would consult a lawyer asap. You need to contact both registers using the language they suggest (or get them to do it).

I'm curious too:

- what is your email provider? gmail, yahoo...
- how often do you use email?
- what was your password? Just type it here, I wanna see how complex it is
- where did you get email correspondence?
- did you use whois privacy?

BinderGang said:

I had what I assumed was a secure password, I guess not.

Click to expand...

You may want to consider changing all your passwords on everything asap since they had access to your emails and god knows what else.

I find Keepass a useful tool to manage passwords. It's at keepass.info and lets me easily manage good unique passwords for multiple logins for email, websites and desktop applications.

Sorry to hear this Binder, I swear bodily harm needs to be done to these people.

what is your email provider?

He is using Pacific Host for HGX, QVO and atlantafashion.com. Contact [email protected] and report him.

Also, he has a Sedo account since 2006 where he is parking WKZ.com. Here's what you can do

---
Reporting a Stolen Domain/ Stolen Domain Procedure
If you feel that one of the domains parked or listed for sale with Sedo has been hijacked from you, please comply with the following complaint procedure. In order to process your claim, please fax, ATTENTION LEGAL at (617) 499-7226 or email in PDF format to [email protected], a written statement on your company letter head (or in the case of an individual, a letter that includes all of your contact information) that states the following information:
When you originally registered the domain;
When you last registered or renewed the domain;
When you last had the domain under your control;
When you found out it had been stolen from you;
Whether or not you know or can name the person who is now in control of the domain;
The statement: “I have a good faith belief that the domain in question has been unlawfully removed from my control and the current registrant obtained the domain through fraudulent means.”
The statement: “I have either initiated a legal action with my local police or a currently unresolved complaint with the domain’s registrar to recover the domain.”
Once Sedo has received your complaint, an investigation will commence and you will be informed of the outcome within five business days.
---

uswebdev said:

...
I find Keepass a useful tool to manage passwords. It's at keepass.info and lets me easily manage good unique passwords for multiple logins for email, websites and desktop applications.

Click to expand...

So, you put all your important passwords into just one basket.
How convenient is that for a password thief? :lala:

I don't have any 3 letters in my portfolio but I still keep 2 factor authentication on in my gmail.

Atleast that can add an extra layer of security even if the password is stolen.

Thanks.

Yup! Two level security authentication is a must to avoid hacking attempts,..having a 3 letter dot com is my dream...oh god..try your best to get back all your assets....i also noted that you are still keeping your Domain names in your signature, i think its not a good idea because Domain is under the control of hacker..am i wrong?..

Bitcoin works with an unprecedented level of transparency that most people are not used to dealing with.
All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network.

Anyone can see the balance and all transactions of any address, i.e. use: http://blockexplorer.com/ or http://blockchain.info/

Hope it helps.

there is something happening:
http://www.ricksblog.com/2014/01/bulletin-godaddy-com-phishing-scam/

I would highly recommend that everyone look into using a password utility like 1password. It is a little pricey, around $70 for mac and pc, but you just have one master password, and then it makes creating complex passwords for sites really easy. So no more notepad with all your usernames and passwords in it. It also syncs across multiple devices, so if you save a new username/password on your mac, you immediately have access to it on your pc.

domainhacks said:

Also, he has a Sedo account since 2006 where he is parking WKZ.com.

Click to expand...

Actually, verified with Matt that this is his account at Sedo. The thief did not change the DNS of most of these to remain undetected.

My first question would be, are you or have you been buying trading bitcoin?

If you are...the whole situation makes a touch more sense to me.

Some inexperienced (aka or new) bitcoin traders are visiting bitcoin websites that will infect you with malware, troj. etc. with aims of overtaking their bitcoin wallets and site passwords if they are online or stored on PC. So if you are or have been playing with bitcoin, I might be curious to think this is how this all may have happened to you ----and in the process they got your godaddy account too.

I only say that because you brought up the bitcoin, and the chances that someone who uses bitcoin while targeting your godaddy to me are kind of rare. Does this make sense?

So if you are a bitcoin trader, think hard about the places you have been online if you want to try to backtrack to where the problem may have started.

On the otherhand, he could just be saying "i paid in bitcoin" because he stole them somehow and just named dropped bitcoin. Ask him for the public key he used to transact that bitcoin.....than you can look it up on the blockchain...

with a side bar of, if you are talking to this guy, can you pull an IP off the email by any chance?

I know that Godaddy send email whenever was any change in my domains. Did you receive one? or you didn't check that?

aalrashed said:

I know that Godaddy send email whenever was any change in my domains. Did you receive one? or you didn't check that?

Click to expand...

That's an awesome point. And just to add more info about that, you get two emails, one one you start the account change, and one after the person accepts the change.

Both of these emails, before and after, give links and opportunities to dispute the account change if you did not actually approve it.

This is what it would look like when the account change was initiated:

Dear xxxxxxxxxxxx,

This message is to confirm that a change of registrant has been initiated for the following domain name(s):

xxxxx

The email address for the new registrant of the domain is xxxxxxxxxx

GoDaddy has determined that the registrant has provided the necessary documentation to initiate a change of account. If for any reason this information is incorrect or you feel this change of registrant request was made in error, please contact us within 15 days at undo (AT) godaddy .

To retrieve your customer number or password hint or to reset your password, click here.

Sincerely,
GoDaddy



And this is what the email says after the person provides the correct info to accept that account change:

An important notice regarding your domain

This email is to confirm the recent change of registrant of the following domain name(s):

xxxxxxxxx

The change has been completed and the available information has been recorded in our system.

GoDaddy has determined that the registrant has provided the necessary documentation to initiate a change of account. If for any reason this information is incorrect or you feel this change of registrant request was made in error, please contact us within 15 days at undochange (AT) godaddy ..

Sincerely,
GoDaddy

If that helps.....

If hes email was hacked, it may be deleted as soon as the changes had made. This is really frustrating.

Did you look at this thread? Is this maybe what happened to you?

https://www.namepros.com/warnings-a...whois-verification-email-beware-phishing.html