Domains Stolen from GoDaddy, Four 3 Letter .com's

[BinderGang]

I have discovered over the past few weeks that following domains were stolen from my GoDaddy account by an overseas IP address:

HGX.com
WKZ.com
UKR.com
QVO.com
AtlantaFashion.com

The domains are now registered to a person using the email [email protected]. He is using fake whois information, a fake number, he charged back the domain reseller whom he transferred the domains to, faked email correspondence between myself and him, and is saying he paid by in untraceable Bitcoin.

I have been in constant email contact with Enom and Internet.BS. The two domain registrars whom the domains were transferred to. Yet both registrars are doing little to nothing and now I am going to have to explore my legal options.

Does anyone have any experience in this? Any good contacts to get in touch with. I appreciate your help.

 

[BinderGang]

Pacific Host is actually just the reseller. Those domains are actually with Internet.BS and the other 2 are with Enom.

As Acroplex pointed out, that is actually my Sedo account.

He is using Pacific Host for HGX, QVO and atlantafashion.com. Contact [email protected] and report him.

Also, he has a Sedo account since 2006 where he is parking WKZ.com. Here's what you can do

---
Reporting a Stolen Domain/ Stolen Domain Procedure
If you feel that one of the domains parked or listed for sale with Sedo has been hijacked from you, please comply with the following complaint procedure. In order to process your claim, please fax, ATTENTION LEGAL at (617) 499-7226 or email in PDF format to [email protected], a written statement on your company letter head (or in the case of an individual, a letter that includes all of your contact information) that states the following information:
When you originally registered the domain;
When you last registered or renewed the domain;
When you last had the domain under your control;
When you found out it had been stolen from you;
Whether or not you know or can name the person who is now in control of the domain;
The statement: “I have a good faith belief that the domain in question has been unlawfully removed from my control and the current registrant obtained the domain through fraudulent means.”
The statement: “I have either initiated a legal action with my local police or a currently unresolved complaint with the domain’s registrar to recover the domain.”
Once Sedo has received your complaint, an investigation will commence and you will be informed of the outcome within five business days.
---

---------- Post added at 04:49 PM ---------- Previous post was at 04:45 PM ----------

Bitcoin works with an unprecedented level of transparency that most people are not used to dealing with.
All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network.

Anyone can see the balance and all transactions of any address, i.e. use: http://blockexplorer.com/ or http://blockchain.info/

Hope it helps.

The thing is, I don't *USE* Bitcoin. I don't have any, I don't have a Bitcoin 'wallet' or account, I would not accept it as payment when I do sell a domain.

The thief either found a random Bitcoin transaction or created a Bitcoin transaction between two of their own accounts and is saying that is the transaction that he bought the domains with.

There's no way to prove who *owns* a Bitcoin account as far as I know.

 

[ulasbbtr]

Go to court in the states where servers of Enom and Internet.BS stays. For example, I guess for Godaddy you should go to court in Atlanta. Don't waste your time with registrars they will say everything is fine, just start a criminal investigation in the US courts. If you prove activity of stealing, court orders will be enough for registrars to give control of your domains to you.

 

[eqz13489]

The thing is, I don't *USE* Bitcoin. I don't have any, I don't have a Bitcoin 'wallet' or account, I would not accept it as payment when I do sell a domain.

The thief either found a random Bitcoin transaction or created a Bitcoin transaction between two of their own accounts and is saying that is the transaction that he bought the domains with.

There's no way to prove who *owns* a Bitcoin account as far as I know.

Thanks for that info. I was curious if you used bitcoin and through browsing bitocin sites unknowingly caught a bitcoin std (virus trojan). It's been happening to a good handful of new bitcoin users when they are browsing the internet for bitcoin "things"

I asked earlier, unsure if you saw it.....
You said you were able to communicate with this guy via email to get this informaiton.....can you continue that conversation and ask him if he is willing to share the public key or info about the bitcoin transaction so you can look at it yourself on the blockchain? 1. to verify that the transaction actually exists....among other reasons. Perhaps he "might" humor the question and show you the actual transaction.....like the public key of the wallet he used to do the transaction....or the SHA hash so you can look it up. Just curious.

Bitcoin is both anonymous and transparent. ---> this conversation extends deeper but its more worth it to talk about it if you can get some info on the actual transaction if he's willing to share it with you. Perhaps you can express interest in these domains to the guy, saying you will match the price or double it to buy it off him, but he needs to verify how much he paid in bitcoin through giving you the info you need to see in on the blockchain (just off the top of my head lol)

My friend had something similar happen, not with domain names, just with a bitcoin problem. He was finally told the info to look it up in blockchain, and afterwards he found the transaction himself with the supposed public key wallet address used. He than backtraced that from google, and found a website where the "scammer" had posted somewhere else the same wallet address on social networking. Long story short, he was able to finally identify the person because that scammer didn't cover his tracks very well.

 

[BinderGang]

I have never communicated with the thief. Not before, not after. He has never reached out to me either.

However, the thief created an entire fake email conversation between myself and him to send to the registrars in an attempt to make them believe his story. One of them forwarded the "email" thread to me which contained the Bitcoin address he is claiming is mine.

I did look up the Bitcoin address previously when this was first forwarded to me, it has only two transactions. One which is claiming was his payment to it, which you can see is a ridiculously hilarious low amount if the sale was indeed true for the domains he stole, and a second transaction which is just after the first quickly getting the Bitcoins out of that account.

I have been unable to find anymore info on it, but if anyone can help, have a go at it:
https://blockchain.info/address/17dmGHwHmzsGmmREXU4zaTQ1VZ7tFLEXBV

Thanks for that info. I was curious if you used bitcoin and through browsing bitocin sites unknowingly caught a bitcoin std (virus trojan). It's been happening to a good handful of new bitcoin users when they are browsing the internet for bitcoin "things"

I asked earlier, unsure if you saw it.....
You said you were able to communicate with this guy via email to get this informaiton.....can you continue that conversation and ask him if he is willing to share the public key or info about the bitcoin transaction so you can look at it yourself on the blockchain? 1. to verify that the transaction actually exists....among other reasons. Perhaps he "might" humor the question and show you the actual transaction.....like the public key of the wallet he used to do the transaction....or the SHA hash so you can look it up. Just curious.

Bitcoin is both anonymous and transparent. ---> this conversation extends deeper but its more worth it to talk about it if you can get some info on the actual transaction if he's willing to share it with you. Perhaps you can express interest in these domains to the guy, saying you will match the price or double it to buy it off him, but he needs to verify how much he paid in bitcoin through giving you the info you need to see in on the blockchain (just off the top of my head lol)

My friend had something similar happen, not with domain names, just with a bitcoin problem. He was finally told the info to look it up in blockchain, and afterwards he found the transaction himself with the supposed public key wallet address used. He than backtraced that from google, and found a website where the "scammer" had posted somewhere else the same wallet address on social networking. Long story short, he was able to finally identify the person because that scammer didn't cover his tracks very well.

 

[eqz13489]

It looks like those transactions happened in october?

---------- Post added at 06:23 PM ---------- Previous post was at 06:14 PM ----------

i can't post links but there is a place where i saw a related IP to that transaction who supposedly stole 91 bitcoin or something after a whois search? have you seen this?

whatismyipaddress . com /ip / 64.120.253.194

(i pulled IP off transaction visulatization tree from blockchain and backtraced that IP address)

 

[bonavee]

Great to see so many positive contributions to this thread. Well, since we do not know who could be next to be 'savaged', my humble contribution is that, alongside the implementation of some or all of these points, I suggest that BinderGang and us all should give as much publicity as possible to this saga online AND offline. Effect? This will at least delay the quick flip of the affected domain names by the 'international thief, thief'! Please publicize it in your blogs, websites, magazines, etc. Thank you.

 

[bemarnet]

Go to Vegas and tell your Story

I suggest you go to Las Vegas for http://namescon.com/ and tell your story to all Domainers present. You have high profile executives at this conference from all involved companies, like Godaddy, and the other registrars. This is a onetime opportunity!!!

 

[Cyphix]

Would be good to know any updates on how this is going? Any more communication from the registrars? Any legal stuff happening?

 

[Chappelp]

I see these names are posted in your signature.. this person could also very well be on this forum watching this and/or where they found you in the first place.

Wonder if it would be worth checking with namepros and see if there has been any attempts even on this account from overseas.

Just a thought

Good luck

 

[BinderGang]

BIG UPDATE:

After a total of 43 back-and-forth correspondences from December 15th 2013 to today, internet.bs has concluded their investigation, proven the domains were stolen, and have returned to me the 3 domains that were transferred to them.

The domains back in my control are hgx.com, qvo.com and atlantafashion.com.

internet.bs has been an incredible help, more than Enom and more than GoDaddy, where the domains were stolen.

I mention the amount of correspondence between myself and internet.bs because the way they handled the situation is no doubt THE reason why they were able to return the domains. I must stress: these domains are back in my hands because of MYSELF and Internet.bs working together. GoDaddy did little to nothing to help resolve the issue.

Each time I received an email from Internet.bs, the rep (they had one dedicated rep working with me the entire time, he even sent me updates on weekends) brought me an actual update, sharing with me information, working with the reseller PacificHost, asking me for specific items to help prove the thief stole domains from me, going over what I provided and what the thief was providing, and trying to build an actual case. They were able to prove the thief had fabricated his side of the story (I will talk more about this publicly later) and that he had truly stolen the domains from me.

Enom continues to be of no assistance in getting the domains back to me. I have a total of 14 back-and-forth correspondences with them. GoDaddy, my own registrar, is no better, having only 21 back and forth correspondences, most of them being myself requesting information or an update and being told "we'll let you know." In addition, both Enom and GoDaddy are the 2 companies I was able to speak with on the phone, both being of absolutely no help. In fact, when I told the Enom phone rep my situation the first time, he made a comment on how Enom and GoDaddy are the two biggest domain registrars and at least my domains are in good hands, as if he was referencing that internet.bs would be the registrar I was going to have trouble with.

So, as of this moment, the thief still has possession of WKZ.com and UKR.com. They were both stolen in the same GoDaddy crime sweep that took my other 3 domains, both stolen by the same person, via the same PacificHost reseller, etc. but these two happened to be transferred to ENOM, who have made it pretty clear via email that they are uninterested in helping me.

 

[uswebdev]

I have been loyal to Godaddy since they got my domains back in my control back after registerfly crashed and burned.

After reading your story, I have added inernet.bs / internetbs.net to my study list. Bahamas--go figure. Thanks!

 

[Joseph Green]

I highly recommend that you enable DTVS at Go Daddy to keep your domains safe.

Go Daddy offers its customers with high-valued domain assets a service called Domain Transfer Validation Service (DTVS), which requires that Go Daddy call your phone to verify every domain transfer with you before it can complete. If a domain transfer is not vocally approved by you, the transfer will fail. They do not accept inbound calls from your phone number to verify the domain transfer, since those can be spoofed. They always call you directly to verify.

It's incredibly secure and no one can steal your domains even if they have access to your Go Daddy account and email address.

Dynadot has a couple options for additional security that I also recommend:

• Dynadot Token Authentication for iPhone/Android: Requires that you generate and provide a unique code using an app on your phone each time you want to unlock any domain names in your account. The code changes every few minutes.
• SMS Authentication: Sends you a text message with a random code, unique each time, to your mobile phone that is required to unlock any domain names in your account.

Other registrars have similar security measures, but these are the ones that help me sleep better at night.

 

[john_karr]

Damn,hope everything works out for you man. Contact a lawyer ASAP.

I have discovered over the past few weeks that following domains were stolen from my GoDaddy account by an overseas IP address:

HGX.com
WKZ.com
UKR.com
QVO.com
AtlantaFashion.com

The domains are now registered to a person using the email [email protected]. He is using fake whois information, a fake number, he charged back the domain reseller whom he transferred the domains to, faked email correspondence between myself and him, and is saying he paid by in untraceable Bitcoin.

I have been in constant email contact with Enom and Internet.BS. The two domain registrars whom the domains were transferred to. Yet both registrars are doing little to nothing and now I am going to have to explore my legal options.

Does anyone have any experience in this? Any good contacts to get in touch with. I appreciate your help.

 

[FX]

I hope everything works out for you dude.


The best and safest place to keep your money is www.fabulous.com

The security and service is the best in the business.