Dynadot

alert The fund can't be withdrawal from Epik.com via Masterbucks wallet

Spaceship Spaceship
Watch

enamebroker

Top Member
Impact
493
It happened on 23rd Aug 2022 and this matter lasted almost one month without any process. Masterbucks.com declined my fund withdrawal and disabled the button of fund withdrawal. And I contacted Epik.com and got no further action even if Rob Monster got involved in it for two weeks. All the time I was told in email by management review.

What is wrong with Epik.com? Do you think it is normal to disable fund withdrawal? How can I get back my fund from Epik.com? Thanks for your suggestion.

Capture4.JPG
 
85
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Some more data.
Based on: .com zone file of today (27/01) and bulk whois check I just run.

There are 9984 .com domains registered with Key-Systems GmbH and using ndsplitter dns.

2 domains from the above list were regged in 2022 and are expiring in 2023, so those handregs could not be transferred from Epik.

From remaining 9982 domains, 4104 were "updated" on 2023-01-24, as most of domains mentioned by @Michele Dinoia as stolen.

Accordingly, it is likely that most if not all of these 4104 domains were transferred from Epik as a part of bulk sale(?).

Annexures:

com-keysystems-ndsplitter-full.txt : full list of 9982 domains

com-keysystems-ndsplitter-0124.txt : domains updated on 01/24

*only dotcoms are covered*
*E&O expected*
Wondering if an Excel expert could give me a hand... @bmugford ??
Suppose I have my list of domains in Column A, and Epik's list in Column B. What formula do I need in order to check whether any values from my list appear in their list?...
 
2
•••
After my questions, Anita Walker closed her LinkedIn account.
I don't understand what company can hire Epik employees now.
Or if they have their own business, who will deal with them?
 
0
•••
Wondering if an Excel expert could give me a hand... @bmugford ??
Suppose I have my list of domains in Column A, and Epik's list in Column B. What formula do I need in order to check whether any values from my list appear in their list?...
I am NOT an Excel expert, but this solution seems super simple....
Select both columns of data that you want to compare. On the Home tab, in the Styles grouping, under the Conditional Formatting drop down choose Highlight Cells Rules, then Duplicate Values. On the Duplicate Values dialog box select the colors you want and click OK.

Result = Any duplicates will have the selected color(s) and any text that is normal does NOT have a duplicate on the other list.
SOURCE:
dickinson .edu
 
Last edited:
14
•••
I am NOT an Excel expert, but this solution seems super simple....
Select both columns of data that you want to compare. On the Home tab, in the Styles grouping, under the Conditional Formatting drop down choose Highlight Cells Rules, then Duplicate Values. On the Duplicate Values dialog box select the colors you want and click OK.

Result = Any duplicates will have the selected color(s) and any text that is normal does NOT have a duplicate on the other list.
SOURCE:
dickinson .edu
Indeed, that is a perfectly simple (and useful) solution @GNP - thank you.
For anyone following along at home, I also then did this:
Select both columns; On the Home tab, in the Editing grouping, under the Sort & Filter drop-down choose Filter. Then using the Filter drop-down at the top of each Column you can choose Sort by Colour, and select the cell colour that you used from GNP's instructions. This will put any duplicate domains at the top of the column so you don't have to scroll through thousands of rows to see if the duplicate colour is there somewhere...
 
5
•••
Indeed, that is a perfectly simple (and useful) solution @GNP - thank you.
For anyone following along at home, I also then did this:
Select both columns; On the Home tab, in the Editing grouping, under the Sort & Filter drop-down choose Filter. Then using the Filter drop-down at the top of each Column you can choose Sort by Colour, and select the cell colour that you used from GNP's instructions. This will put any duplicate domains at the top of the column so you don't have to scroll through thousands of rows to see if the duplicate colour is there somewhere...
Yeah, there are lots of online solutions for this like http://www.listdiff.com/ and others.

You can do it in excel, but the tools online are easy as well.

Brad
 
Last edited:
4
•••
3
•••
Should employees who knew about the crimes and participated in them be liable with their property?
Well, that would be for the the legal system to decide.

However, in theory, can someone be held liable if they have knowledge of nefarious actions?
Sure, that is possible. That is basically just being complicit.

Though, that is hypothetical. In this case we don't really know who has done what and who might or might not be involved.

Brad
 
Last edited:
3
•••
As a vicious organization, legal responsibility for their property should be borne not only by the leaders of the gang but also by ordinary villains. America's real estate is expensive, so can take a few million far to pay the victims.
 
0
•••
Masterbucks was supposed to re-open Monday.
It is now Friday.

As far as I can tell there were a handful of payments that went out via Paypal.

Has any non-Paypal withdrawal been completed yet? Has anything for a significant amount of money been completed?

I have seen other amounts here like $25K, $55K, etc.

Epik should really just give up on their plans of Masterbucks world domination and competing with Paypal, and instead actually compete with other companies in the domain field.

When I get paid via GoDaddy, Dan, SEDO, etc. it doesn't require a whole rigmarole. The money just goes into my bank account, in a timely manner.

Brad

posted my funds stuck back in October, finally arrived $20k this week

contacted my lawyer and police on the funds stolen
 
29
•••
What is the process for recovering a stolen domain?
 
2
•••
So they have access to login to customer accounts as customer? That is super sus! How many admin accounts were there? Do they have emails?
As a previous employee with admin access, I can explain a bit how this feature worked.
First of all, there were different roles. Not everyone working there was an admin. I had that access but there were different levels. The support staff had stricter permissions. Country managers had about the same as support but limited to the countries they were active in, etc.
This feature didn't provide the user's password but allowed the staff member to login "as" the given user. You searched an user then clicked a "Login as" button which opened the customer portal connected as that account.
It was not used for anything bad. (Also, it's important to note that every action done at Epik, by a staff or customer was logged - even when using that feature, so it's easy to see if someone does something wrong)

Are you able to see from the code how that expiration date is generated? Probably some API connected to registry? Is there a way to overwrite that date from admin, change it to show another date?
There is the registry expiration date and the registrar expiration date.
The registrar expiration date in the case of Epik was pulled from the main database, it's not directly connected to the registry however it usually matches the registry date. (when everything works fine)
From the admin, as far as I know, it wasn't possible to change that date; However a few tech staff had access to the database directly and could edit it there. (I doubt they took the time to do that though, there were more important tasks)
What probably happened is that they ran out of funds at the registry for your renewals, the system created an error log in the system (so that an admin can review it & fix it later/when possible)
-- This system is also useful when a registry goes down for instance, so that the renewal, registration, transfer, change, .. tasks can be restarted later

In the case of a failed renewal the expiration date on Epik's side could have been updated but not on the registry's side (If I remember it was updated directly on Epik's side because when you did a renew, the date was updated instantly in the customer portal but the EPP request could be queued and so the date at the registry could be updated a few minutes later)
 
37
•••
This feature didn't provide the user's password but allowed the staff member to login "as" the given user. You searched an user then clicked a "Login as" button which opened the customer portal connected as that account.
It was not used for anything bad. (Also, it's important to note that every action done at Epik, by a staff or customer was logged - even when using that feature, so it's easy to see if someone does something wrong)

agree. here's what an admin-login looks like in logs_users_actions table. I anonymized (lol) some. pipe delimited.

"XXXXXX"|"login attempt [[email protected]] through auto-login feature from admin area"|"XXXXXXXXX"|"2021-02-23 12:48:25"|"107.170.78.86"|"1"|"{\"HTTP_HOST\":\"registrar.epik.com\",\"HTTP_USER_AGENT\":\"Mozilla\\/5.0 (Macintosh; Intel Mac OS X 11.0; rv:84.0) Gecko\\/20100101 Firefox\\/84.0\",\"REMOTE_ADDR\":\"107.170.78.86\"}"

and here is audit of admin moving domains. so if there is any wrong doing on customer domains, there is a 10 year log of epik.


2021-02-28 02:31:32XXUSERIDXX91.149.227.100Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XDOMAIN.COMX\"]}
2020-08-10 11:13:39XXUSERIDXX144.76.33.130Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XDOMAINS.COMX\"]}
2021-01-18 15:15:25XXUSERIDXX144.76.33.130Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XDOMAINX.COM\"]}
2020-11-23 14:14:51XXUSERIDXX45.89.99.3Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XARRAYX.COM\",\"XOFX.COM\",\"XDOMAINSX.COM\"]}
 
27
•••
posted my funds stuck back in October, finally arrived $20k this week

contacted my lawyer and police on the funds stolen
If you don't mind me asking, are you located in the US or somewhere else?

Brad
 
2
•••
As a previous employee with admin access, I can explain a bit how this feature worked.
First of all, there were different roles. Not everyone working there was an admin. I had that access but there were different levels. The support staff had stricter permissions. Country managers had about the same as support but limited to the countries they were active in, etc.
This feature didn't provide the user's password but allowed the staff member to login "as" the given user. You searched an user then clicked a "Login as" button which opened the customer portal connected as that account.
It was not used for anything bad. (Also, it's important to note that every action done at Epik, by a staff or customer was logged - even when using that feature, so it's easy to see if someone does something wrong)
So someone with access at Epik could login as a customer, then push a domain to another account in theory?
Could they make other domain or account changes?

What does that look like in the system? Does that look like the customer moved the domain or made the changes?

How did my domain PianoMoving.com move to another account after about a month of ownership?
It was clearly done internally by Epik, as only they had access to do it.

However, I didn't see any record in my account of this domain moving. Why would that be?
It was just moved with no notification or record that I could see.

If everything is logged, and there is a question about ownership, Epik should be able to produce all of these records.

Brad
 
Last edited:
3
•••
As a previous employee with admin access, I can explain a bit how this feature worked.
First of all, there were different roles. Not everyone working there was an admin. I had that access but there were different levels. The support staff had stricter permissions. Country managers had about the same as support but limited to the countries they were active in, etc.
This feature didn't provide the user's password but allowed the staff member to login "as" the given user. You searched an user then clicked a "Login as" button which opened the customer portal connected as that account.
It was not used for anything bad. (Also, it's important to note that every action done at Epik, by a staff or customer was logged - even when using that feature, so it's easy to see if someone does something wrong)


There is the registry expiration date and the registrar expiration date.
The registrar expiration date in the case of Epik was pulled from the main database, it's not directly connected to the registry however it usually matches the registry date. (when everything works fine)
From the admin, as far as I know, it wasn't possible to change that date; However a few tech staff had access to the database directly and could edit it there. (I doubt they took the time to do that though, there were more important tasks)
What probably happened is that they ran out of funds at the registry for your renewals, the system created an error log in the system (so that an admin can review it & fix it later/when possible)
-- This system is also useful when a registry goes down for instance, so that the renewal, registration, transfer, change, .. tasks can be restarted later

In the case of a failed renewal the expiration date on Epik's side could have been updated but not on the registry's side (If I remember it was updated directly on Epik's side because when you did a renew, the date was updated instantly in the customer portal but the EPP request could be queued and so the date at the registry could be updated a few minutes later)
Thanks very much. Interesting. Couple follow-up questions:
1) When you did a "login as" to a customer account were you able to edit their account - CC details, domain transfers, masterbuck transfers as that customer?
2) Did you or other admins have access to all logs or only your log report?
3) Where both the registry and registrar dates displayed in UI for users?
4) So epik updated in real time when user tries to renew but the registry renewal could take more time. Was there a way to verify the registry date and update registrar date through some cron job? How would they know if registry failed to update record?
5) Do you know how many admin types there were and was there a super admin and that account show up in log reports as well?
 
2
•••
agree. here's what an admin-login looks like in logs_users_actions table. I anonymized (lol) some. pipe delimited.

"XXXXXX"|"login attempt [[email protected]] through auto-login feature from admin area"|"XXXXXXXXX"|"2021-02-23 12:48:25"|"107.170.78.86"|"1"|"{\"HTTP_HOST\":\"registrar.epik.com\",\"HTTP_USER_AGENT\":\"Mozilla\\/5.0 (Macintosh; Intel Mac OS X 11.0; rv:84.0) Gecko\\/20100101 Firefox\\/84.0\",\"REMOTE_ADDR\":\"107.170.78.86\"}"

and here is audit of admin moving domains. so if there is any wrong doing on customer domains, there is a 10 year log of epik.



2021-02-28 02:31:32XXUSERIDXX91.149.227.100Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XDOMAIN.COMX\"]}
2020-08-10 11:13:39XXUSERIDXX144.76.33.130Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XDOMAINS.COMX\"]}
2021-01-18 15:15:25XXUSERIDXX144.76.33.130Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XDOMAINX.COM\"]}
2020-11-23 14:14:51XXUSERIDXX45.89.99.3Push domains to another account{\"admin_initiator\":\"[email protected]\",\"account_email\":\"[email protected]\",\"domains\":[\"XARRAYX.COM\",\"XOFX.COM\",\"XDOMAINSX.COM\"]}
Thanks! Great stuff. Lots of info. Couple follow up questions:
1) How many admins are there and can you make list of them with emails?
2) Is there a super admin and does it show up in logs reports?
 
1
•••
What is the process for recovering a stolen domain?
It can be relatively complex and expensive to recover stolen domains.

It depends on a large number of factors.
No two cases are identical really.

Brad
 
1
•••
How many admins are there and can you make list of them with emails?

here's all who used "push domain to another account" and how many times. a push can contain 1 or many domains. remember this could be for valid support reasons.

admin_initiatortimes seen
robert @ epik.com2162
<admin initiator is blank>763
sarah @ epik.com513
jessica @ epik.com279
tony @ epik.com255
admin.sergey.p @ wecandevelopit.com240
rajmohan.sindhu @ gmail.com186
brooke @ epik.com168
joseph @ epik.com151
anand @ epik.com142
admin @ epik.com126
raquel @ epik.com113
rajmohan.sindhu @ epik.com82
gube @ epik.com56
admin.victor.m @ wecandevelopit.com51
amy @ epik.com46
nhi @ epik.com42
admin.aleksey.v @ wecandevelopit.com38
nelson @ epik.com38
jessica.robison @ epik.com37
nicole @ epik.com18
matheus @ epik.com16
jaime @ epik.com13
maychen @ epik.com12
robert.davis @ epik.com10
simon @ epik.com10
barbara @ epik.com9
marlene @ epik.com9
admin.vitaliy.s @ wecandevelopit.com6
siful @ epik.com6
k.sobolev @ epik.com3
saheed @ epik.com3
stephen @ epik.com3
admin.aleksey.p @ wecandevelopit.com2
dan.iel @ epik.com 1
sufyan @ epik.com1
 
Last edited:
30
•••
here's all who used "push domain to another account" and how many times. a push can contain 1 or many domains. remember this could be for valid support reasons.

admin_initiatortimes seen
robert @ epik.com2162
<admin initiator is blank>763
sarah @ epik.com513
jessica @ epik.com279
tony @ epik.com255
admin.sergey.p @ wecandevelopit.com240
rajmohan.sindhu @ gmail.com186
brooke @ epik.com168
joseph @ epik.com151
anand @ epik.com142
admin @ epik.com126
raquel @ epik.com113
rajmohan.sindhu @ epik.com82
gube @ epik.com56
admin.victor.m @ wecandevelopit.com51
amy @ epik.com46
nhi @ epik.com42
admin.aleksey.v @ wecandevelopit.com38
nelson @ epik.com38
jessica.robison @ epik.com37
nicole @ epik.com18
matheus @ epik.com16
jaime @ epik.com13
maychen @ epik.com12
robert.davis @ epik.com10
simon @ epik.com10
barbara @ epik.com9
marlene @ epik.com9
admin.vitaliy.s @ wecandevelopit.com6
siful @ epik.com6
k.sobolev @ epik.com3
saheed @ epik.com3
stephen @ epik.com3
admin.aleksey.p @ wecandevelopit.com2
dan.iel @ epik.com1
sufyan @ epik.com1
Nice. Very nice! Are you also able to generate list of all those domains pushed to other Epik accounts? I guess we could correlate to the Epik admin(s) at a later date if needed.
 
0
•••
What if a domain expired according to the registry, but not according to the registrar. Can this even happen? Can expiraton dates be different? If the answer is yes, then this is bad. I lost some domains which I was thinking I renewed (not blaming anyone in this sentence).
 
0
•••
What if a domain expired according to the registry, but not according to the registrar. Can this even happen? Can expiraton dates be different? If the answer is yes, then this is bad. I lost some domains which I was thinking I renewed (not blaming anyone in this sentence).
Really all that matters is what the registry says. That is basically the official record of registration status.

The registrar can be showing you inaccurate information.

I have used many registrars that have orphaned records where the domain still shows in my account, when it has already been transferred or expired.

Brad
 
5
•••
What if a domain expired according to the registry, but not according to the registrar. Can this even happen? Can expiraton dates be different? If the answer is yes, then this is bad. I lost some domains which I was thinking I renewed (not blaming anyone in this sentence).
Yeah, they whole concept of "expired" domains is a joke on Epik and could be challenged for all if:
1) If API for registry exp dates doesn't update in short jobs.
2) If registry exp dates aren't displayed to users. Registrar dates mean nothing.
3) If exp dates can be edited by admin(s), especially if no log report, ven if only for super admin.
 
2
•••
Yeah, there are lots of online solutions for this like listdiff .com and others.

You can do it in excel, but the tools online are easy as well.

Brad
Thanks for the extra suggestions.
Personally, I prefer the direct excel way, since you are NOT giving an UNKNOWN 3rd party access to your valuable domain data (as well as the potential ability to link domains back to YOU via IP address, etc).
 
Last edited:
4
•••
Yeah, they whole concept of "expired" domains is a joke on Epik and could be challenged for all if:
1) If API for registry exp dates doesn't update in short jobs.
2) If registry exp dates aren't displayed to users. Registrar dates mean nothing.
3) If exp dates can be edited by admin(s), especially if no log report, ven if only for super admin.
Regarding #2.
I have used dozens of different registrars over the years. I don't recall ever seeing one that gave TWO expiration dates (registrar & registry). I typically will go through my domain list from time to time and plug the names into WHOIS and see what expiration date is says there and there were a FEW registrars where the date would be off by a day (I can't recall seeing any larger discrepency than that).

HOWEVER, on a related note, there were a few? registrar's where over the course of several 1-year renewals the expiration date would seemingly "migrate" by a day with each renewal or so, ie one day earlier each time (or to put another way if the expiration date was 1-10-18, next year it would be 1-9-19, etc.) I found it interesting that when those domains ended up being transferred to a different registrar, the expiration date "jumped" back to the original time period, if I remember correctly.
 
Last edited:
3
•••
Regarding #2.
I have used dozens of different registrars over the years. I don't recall ever seeing one that gave TWO expiration dates (registrar & registry). I typically will go through my domain list from time to time and plug the names into WHOIS and see what expiration date is says there and there were a FEW registrars where the date would be off by a day (I can't recall seeing any larger discrepency than that).

HOWEVER, on a related note, there were a few? registrar's where over the course of several 1-year renewals the expiration date would "migrate" by a day EACH time or so, ie one day earlier each time. I found it interesting that when those domains ended up being transferred to a different registrar, the expiration date "jumped" back to the original time period, if I remember correctly.
Yeah, I have never seen 2 dates displayed either and it seems that Epik is showing is only showing their registrar exp date, which, like everything epik does is a joke and/or a scam. Perhaps people with a couple domains important to them would check/double check exp dates in whois but these guys with dozens, hundreds or even thousands will almost never do that. They will rely entirely on that exp date column, order them by ascending and select the ones they want to renew.

It would be very easy for super admin to change exp date, let it expire, snatch it, and then update exp date to correct date. But it would take a real slimy person to do something like that.
 
0
•••
Back