IT.COM

alert Epik Had A Major Breach

NameSilo
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.

I wonder the backstory behind robmonsterenablesnazis.com...

It's currently unregistered.

upload_2021-9-20_22-16-58.png


I wonder if somebody used epik to register that domain, and rob confiscated, and dropped the domain?

upload_2021-9-20_22-16-16.png


...

Is this a joke tweet... made by Emily G after finding that domain discovery in the DB?

Or... not a joke tweet, and the story of how this domain ended up at epik in the first place?


...

 
Last edited:
0
•••

Domain Name: sexynazi.com
Registry Domain ID: 1766911442_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2019-01-12T01:34:33+00:00
2019-01-12
Creation Date: 2012-12-17T01:20:08+00:00
2012-12-17
Registrar Registration Expiration Date: 2028-12-17T01:20:08+00:00
2028-12-17

NOT TRUE ! Fake Shit ....That name above is not Rob Monsters Domain...

This is wrong for whoever.. to try and put that bullshit on Rob Monster ...
 
Last edited:
9
•••
Last edited:
2
•••
2
•••


Domain Name: sexynazi.com
Registry Domain ID: 1766911442_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2019-01-12T01:34:33+00:00
2019-01-12
Creation Date: 2012-12-17T01:20:08+00:00
2012-12-17
Registrar Registration Expiration Date: 2028-12-17T01:20:08+00:00
2028-12-17

NOT TRUE ! Fake Shit ....

This is wrong for whoever.. to try and put that bullshit on Rob Monster ...

Just a minor plural/singular typo in the tweet/your WHOIS info..

GoDaddy = SexyNazi.com
Epik/Anonymize = Historical SexyNazis.com


upload_2021-9-20_22-42-58.png


SexyNazi.com was not in the DB according to the screenshot.

SexyNazis.com was, however, in the DB/screenshot. The domain is currently unregistered but according to Whoxy.com, it was under Anonymize WHOIS in February 2019.

upload_2021-9-20_22-38-27.png


...

Side wtf moment regarding Godaddys SexyNazi.com

upload_2021-9-20_22-36-33.png
 
Last edited:
9
•••
who really knows ... because now ..fake false shit is being posted up on social media concerning the whole thing....

It's all in the data, brother. God bless.
 
0
•••

Most, if not all of the screenshot "nazi domains" (I only checked a few) seem to be now deleted, or registered elsewhere. But we already knew not all domains in the DB were current. The db/screenshot does however appear to disrobe historical WHOIS connections, which is likely what we see here with this subset of once epik nazi domains.

upload_2021-9-20_22-49-27.png
 
12
•••
The db/screenshot does however appear to disrobe historical WHOIS connections.

Glad they were dropped. Appreciate the updates and research. You have really brought a lot of light to this thread.
 
2
•••
Glad they were dropped.

On a side note, what's so bad about the domain NaziHunt.com?

I know this might be a far out stretch, but could @Rob Monster be an actual real life undercover Nazi Hunter?

https://en.wikipedia.org/wiki/Nazi_hunter
A Nazi hunter is an individual who tracks down and gathers information on alleged former Nazis, or SS members, and Nazi collaborators who were involved in the Holocaust, typically for use at trial on charges of war crimes and crimes against humanity. Prominent Nazi hunters include Simon Wiesenthal,[1] Tuviah Friedman, Serge Klarsfeld, Beate Klarsfeld, Ian Sayer, Yaron Svoray, Elliot Welles, and Efraim Zuroff.[2]

I mean, those don't alert customer FBI subpoena notes in the DB dump were/are pretty darn interesting.
 
Last edited:
7
•••
.
On a side note, what's so bad about the domain NaziHunt.com?

I know this might be a far out stretch, but could actually @Rob Monster be an undercover Nazi Hunter?

https://en.wikipedia.org/wiki/Nazi_hunter



I mean, those don't alert customer FBI subpoena notes in the DB dump were/are pretty darn interesting.

I had the same thought, what if Epik is just one big epic "HoneyPot" to expose all. But again that is just another theory. As long as the innocent people are protected too, by not exposing all CC's/Pass'/etc.
 
5
•••
The memorabilia domain redirects to a site selling dildos.
 
Last edited:
9
•••
.


I had the same thought, what if Epik is just one big epic "HoneyPot" to expose all. But again that is just another theory. As long as the innocent people are protected too, by not exposing all CC's/Pass'/etc.

I mean, it is. They all become informants after they are busted. I could name many Proud Boy informants now.
 
0
•••
Last edited:
0
•••
They honeypot is for whoever made the backdoor. Not Epik...

Anyway, just being goofy here.

The facts show complete negligence.

Also famed Nazi hunter Lyudmila Pavlichenko has been articles lately.
 
Last edited:
0
•••
The memorabilia domain redirects to a site selling dildos.

Well this takes the cake as the most interesting edit of the year.

I had quoted your honey pot comment, but as I was writing my response, I noticed your honey pot text disappeared, and suddenly I was commenting on a post citing NaziMemorabilia.com as being a dildo distributor.

#OnlyOnNamePros :)

They honeypot is for whoever made the backdoor.
 
Last edited:
6
•••
Well this take the cake as the most interesting edit of the year.

I had quoted your honey pot comment, but as I was writing the response, I noticed the honey pot text disappeared, and suddenly I was commenting on a post citing NaziMemorabilia.com as being a dildo distributor.

#OnlyOnNamePros :)

nP should add a LOL button!
 
13
•••
I know this might be a far out stretch, but could @Rob Monster be an actual real life undercover Nazi Hunter?

I mean, those don't alert customer FBI subpoena notes in the DB dump were/are pretty darn interesting.

I had the same thought, what if Epik is just one big epic "HoneyPot" to expose all. But again that is just another theory. As long as the innocent people are protected too, by not exposing all CC's/Pass'/etc.

Besides going undercover, how else do you catch nazi's?

#CodeNameEpik #HighlyClassified

They honeypot is for whoever made the backdoor.

And for "whoever" made all the data too easy to be cracked/exposed (plain text, "weak" unsalted MD5 hashes etc.,) that could also be part of the honeypot. This all together with the easy accessed backdoor by "lack of security" and "negligence".

I would certainly hope this to be true for Epik and Rob, but if not, I wish Epik and all the people affected all the best to recover from this nightmare and to learn from their "mistakes".
 
Last edited:
9
•••
And for "whoever" made all the data too easy to be cracked/exposed (plain text, "weak" unsalted MD5 hashes etc.,) that could also be part of the honeypot. This all together with the easy accessed backdoor by "lack of security" and "negligence".

I would certainly hope this to be true for Epik and Rob

Call me a sucker for happy endings, but this is the Hollywood ending I'm hoping for. If it just so happens that my data loss is collateral damage of a large scale undercover nazi hunt, this is the scenario I'd be OK with.

but if not, I wish Epik and all the people affected all the best to recover from this nightmare and to learn from their "mistakes".

So much for the hollywood ending then :( ...

But if this is the case, I really hope (as you do) for everyone to recover, and learn from this nightmare. It also wouldn't hurt if a nazi or two or three or more than four hundred and twenty not so sexy nazis were exposed as byproduct to the leak/poor code/security. Even if not the original intent of the leak, perhaps
it is Gods plan to expose
more than four hundred twenty not so sexy nazis?
As they say, everything happens for a reason, and often times, curses may be unseen blessings.
 
Last edited:
5
•••
OnlyOnNamePros... "Investigative journalists" working with mainstream media should definitely read this thread . There are a lot of technically incorrect facts and suggestions in mainstream media now. If any member here is also commenting elsewhere (reddit, etc... ) - please invite the authors to NP. They will learn that a domain registrar is a domain registration company for all sorts of domains/customers, and not a "webhosting company". They will also learn that each IT company has servers in some datacenter (colocation, etc) so trying to find any other connections between epik (with or without ideology) and their colocation provider is illogical. Etc, etc, etc...
 
Last edited:
13
•••
I think it has been useful for the security and research minded to add their perspective to what these tweets are showing, and how the data can be and is being used.

This can make a difference in patching a security hole in someone's life, i believe.

I am hoping that both better registrar practices and consumer practices come out of these discussions.

Also, as a seeker of truth, I am glad misinformation networks protected by epik are starting to be exposed and connected. Another win for the good guys there.
 
5
•••
0
•••
Last edited:
0
•••
4
•••
How much of this forgivable $100k PPP went to security/coders opposed to marketing/qommunication?
Quoting from Molly's transcript, I guess it was around that time, May 2020:

Monster, 3:38:54 There was a time when, before Epik became more wildly successful, there was a time actually during the time of COVID when a lot of businesses were shutting down, and you couldn’t actually borrow any money very easily. And so we had refinanced the house and I used the proceeds of the refinance of the house to keep everybody fully employed at Epik. And that at the time was slightly awkward [unintelligible] but it all worked out, and we’re better off for it.
 
Last edited:
4
•••
How much of this forgivable $100k PPP went to security/coders opposed to marketing/qommunication?

.
Not defending Epik as I made it clear I'm p*ssed off with their reported security practices. But to be fair, 100K won't help much. Security is bloody costly.

Fair point.

Out of curiosity, does anybody know who the VP of Security is over at epik now?

We know they have/had a VP of Strategy and Qommunications, just wondering if their marketing team/budget is greater than their security team/budget?

I mean, who is epiks CTO now? According to a comment from Joseph Peterson (@Slanted), April 19th, 2021 via DomainNameWire.com, @NickLim was at one point named epik's CTO.

https://domainnamewire.com/2021/04/14/bloomberg-writes-about-nick-lim-and-epik/#comment-2264695
"...Indeed, Nick’s sudden appearance as CTO, as part of Rob’s shift in strategic direction for Epik, was 1 factor that led to my resignation...."

But @NickLim who according to the DNW article remains an epik shareholder, has since left epik. Thus a fair question might be, who's been at the security wheel prior to and after @NickLim's epik departure? And how long has there been holes in the ship?
 
Last edited:
6
•••
Back