Dynadot

alert [email protected] was hacked - Premium domains being sold by hacker

NameSilo
Watch

Rob Monster

Founder of EpikTop Member
Epik Founder
Impact
18,389
Epik.com has just busted a domain thief.

The domain account at Network Solutions controlled by [email protected] is a hacked account. The person portraying themselves to be [email protected] is selling domains for crypto.

The seller was offering these premium names for implausibly attractive prices:

WEED.COM
WIND.COM
WIND.NET
MODERN.COM
GARDEN.COM
FARM.COM
CANNABIS.ORG
CANDLE.COM
CAMPING.COM
ERGONOMIC.COM
HIKE.COM
GREEN.ORG

This person was unable to get the auth code which is a requirement for selling a domain at Epik.com registrar and marketplace. Upon investigation, the person on the email was not actually the real Alex.

The lesson here is the extreme importance of using a registrar for securing transactions. It is much easier to game the system with a domain push where the security controls can be less strict.

The other lesson here is that the email address matching the WHOIS is not always sufficient evidence of legal ownership, with or without domain privacy.

For anyone forensically inclined, I am attaching the header of the domain thief's email. Perhaps it can be used for tracking down this person. The actual owner, the real Alex, was alerted this morning.

The would-be buyer is relieved that they sold through Epik. He is a NamePros member is welcome to comment on this thread if he likes.

The actual domain owner has his account locked down at Network Solutions and will eventually regain control of their account. The registrant alerted the authorities.

Approved accounts can list external domains for sale, including with BIN pricing. However, actual closing requires the domain to be at Epik. This is an important way that we protect buyers from fraud.
 

Attachments

  • alex69-at-gmail-source.txt
    5.3 KB · Views: 136
Last edited:
49
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
3
•••

Hopefully @Maxwell is not the scammer.

Domain Name: WIND.COM
Registry Domain ID: 1724938_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2019-05-25T00:56:57Z
Creation Date: 1994-05-07T04:00:00Z
Registrar Registration Expiration Date: 2023-05-08T04:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Zcapital
Registrant Organization: Zcapital
Registrant Street: 1015 GAYLEY AVE STE 200
Registrant City: LOS ANGELES
Registrant State/Province: CA
Registrant Postal Code: 90024-3475
Registrant Country: US
Registrant Phone:
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

@Maxwell do you actually have this domain or you arbitraging? The guy who is emailing folks from [email protected] is not the legal registrant.
 
1
•••
I tried to buy camping.com for $xx,xxx. Thankfully Rob contacted the real owners and discovered that the email was hacked.
I wonder why they still have the same email listed on the whois after finding out that it was hacked. Hopefully they have secured their NetSol account.
I would like to thank Rob for providing excellent escrow service and protecting his customers. He personally got involved in the transaction and assisted me at every step. I doubt any other escrow service offers such help and service like Epik.
 
17
•••
I tried to buy camping.com for $xx,xxx. Thankfully Rob contacted the real owners and discovered that the email was hacked.
I wonder why they still have the same email listed on the whois after finding out that it was hacked. Hopefully they have secured their NetSol account.
I would like to thank Rob for providing excellent escrow service and protecting his customers. He personally got involved in the transaction and assisted me at every step. I doubt any other escrow service offers such help and service like Epik.

An important point to note here is that when Epik steps in intermediary, we are effectively doing a buy and a sell. We are buying from the seller, and we are selling to the buyer. The domain itself is on Epik, which is also how we make sure that the seller has full control over the domain -- 90% of the fraud risk is eliminated this way. Anyone who has been ripped off via Sedo MLS transactions knows what I am talking about here. Other than the seller wasting some people's time, this one ended without anyone taking a bath.
 
13
•••
Wow. No, I am not the scammer. I was just brokering wind.com for him and some other domains.
 
2
•••
Wow. No, I am not the scammer. I was just brokering wind.com for him and some other domains.

If you know the person you were representing, he should be outed.
 
4
•••
1
•••
Wish I knew but I don't.

You can do better than that. You are complicit in a fraud, wittingly or not. For starters, you can post the mail headers of your correspondence with [email protected].

You can make some token effort to identify and hold accountable someone who was in the process of defrauding people to a material sum.

Man up Bro or there will always be an asterisk next to your account as someone who is not a trusted source of domain dealflow. Is that not totally obvious?

Thanks
Rob
 
3
•••
You can do better than that. You are complicit in a fraud, wittingly or not. For starters, you can post the mail headers of your correspondence with [email protected].

You can make some token effort to identify and hold accountable someone who was in the process of defrauding people to a material sum.

Man up Bro or there will always be an asterisk next to your account as someone who is not a trusted source of domain dealflow. Is that not totally obvious?

Thanks
Rob
Rob,

I of course looked through my emails immediately upon hearing this to see if there is anything that might help identify the scammer but there is nothing, no matter how desirable it might be.

I did provide proof of my brokerage agreement with him to Eric Lyon, which he requested.

As much as I'd like for him to get caught, the truth is I have no info on him.
 
4
•••
Then there is a possibility that the account was not hacked at all and the seller lied about it so he can back out of a deal.
 
2
•••
Rob,

I of course looked through my emails immediately upon hearing this to see if there is anything that might help identify the scammer but there is nothing, no matter how desirable it might be.

I did provide proof of my brokerage agreement with him to Eric Lyon, which he requested.

As much as I'd like for him to get caught, the truth is I have no info on him.

First of all, I am glad to hear that @Eric Lyon is involved here. I would appreciate his review here particularly if the brokerage agreement involves a NamePros user. It could be that you were duped into brokering on behalf of a fraud. The person certainly had us all convincingly fooled for a while until they failed to produce a valid auth code, at which point the jig was up.

In the interest of forensic completeness, I do think the since a crime was perpetrated, you should produce the email headers of your correspondence with the "seller". If you need help with that request, happy to coach you offline. Fraud involving domains needs to be dealt with and rooted out in order to make domains the respected asset class that it deserves to become!

Thanks in advance for cooperating in this investigation.
 
5
•••
This is really serious. But how someone could own such valuable assets and not care about the protections is beyond me. Protection in this case means moving those names out of NetworkSolutions.

I think many premium domain asset owners believe having their old domains on NetSol is a form of prestige. I don't share such idea
 
6
•••
Wow. No, I am not the scammer. I was just brokering wind.com for him and some other domains.
I get people on this forum, facebook and linkedin asking me to act as a broker for them. (That makes me suspicious enough :xf.grin: ) Now I know that this could end up with being an accomplice to theft and domain name fencing.

Nail those ?&%¤#%¤# guys! :pompous:
 
Last edited:
2
•••
I get people on this forum, facebook and linkedin asking me to act as a broker for them. (That makes me suspicious enough :xf.grin: ) Now I know that this could end up with being an accomplice to theft and domain name fencing.

Nail those ?&%¤#%¤# guys! :pompous:

Exactly.

It would have helped a lot if @Maxwell would produce correspondence with this seller. Until then, there is an asterisk on Maxwell, and while unfortunate, that is how it goes.
 
4
•••
I agree... Why not share the email headers.. We can atleast trace a few things about the correspondence.
 
4
•••
those who presume to be brokers, should at least perform due diligence, to confirm that the seller is actual owner of the domains, before they agree to take on the task.

especially with names of such caliber,
as your rep can go down the tube, along with scammer if identified.

the time and possible commission may not be worth it, when you don't.

imo..
 
5
•••
oh on a side note.. Even if you decide to pay someone via crypto.. consider using a Crypto Escrow service. You might have to do your own research as to what's reliable. Lots of crypto scams out there. I can honestly say I've been duped several times when I was too lazy to deal with escrow on transaction under a certain price.
 
3
•••
oh on a side note.. Even if you decide to pay someone via crypto.. consider using a Crypto Escrow service. You might have to do your own research as to what's reliable. Lots of crypto scams out there. I can honestly say I've been duped several times when I was too lazy to deal with escrow on transaction under a certain price.
That’s exactly the reason why I used Epik. They offer crypto escrow service.
 
4
•••
The Cat Burglars of old have transitioned to become Domain Burglars in the Digital Age but they are still using Confidence Scamming and Social Hacking in order for their dastardly schemes to work.

From now on I will think of someone who is asking me to help sell a domain as if they are asking me to help sell some precious Jewelry/Jewellry. 💍
 
1
•••
That is why my domains passwords is from 19 to 25 long..change every 6 mon
 
2
•••
"This person was unable to get the auth code which is a requirement for selling a domain at Epik"

Why is this so hard for other companies??? *cough* SEDO *cough*
 
1
•••
2
•••
I wonder how wind.com was sold when the email on the whois is supposedly hacked? Something doesn’t add up here!

https://www.namepros.com/blog/bqdn-brokers-the-sale-of-wind-com.1144798/

As I understand it, Alex Tabibi managed to regain control of his NetSol account which had been locked down following the email hack.

You can see that WHOIS has since been updated on June 20. For example:

Domain Name: WEED.COM
Registry Domain ID: 77200_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2019-06-20T16:41:55Z
 
1
•••
Back