IT.COM

alert Stolen Four Letter Names

Spaceship Spaceship
Watch

jberryhill

Top Member
John Berryhill, Ph.d., Esq.
Impact
12,416
The following names were stolen from a GoDaddy customer:

wumz.com
fexz.com
cclw.com
yded.com
clcy.com
kdtx.com
wohp.com
ubve.com

The names interactivebrain.com and cloneclothing.com appear also to have followed similar unauthorized transfer patterns.

The same person attempted a theft of qauf.com, but the intended victim caught the transfer email in time to stop it.
 
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Last edited:
4
•••
He probably received stolen merchandise. But until we know, he is the guy in possession. His last NP activity was liking Mr Berryhill's lock post

https://www.namepros.com/threads/i-...-com-help-please.1059035/page-13#post-6626095
Now isn't that one ironic LIKE.

A few posts up LOTK mentioned he has already been sold the domains, and even he flipped them down the line to someone else, I mean I know how these things just trade in bundles for a few hundred profit, until it has peaked at max valuation, so not sure how many more flips it could get until they find an actual end user.

I saw the CloneClothing thread, nobody even wanted the domain for $20, sitting there for 3 weeks.
 
Last edited:
6
•••
He probably received stolen merchandise.

I have strong reasons to doubt that.

But perhaps he'd like to explain what happened.
 
2
•••
I think you need to dig deeper, on where he got them from.

Just to be clear. I am legal counsel to Uniregistry, and this got onto my radar during a fraud investigation at Uniregistry, including review of his account activity log.
 
Last edited:
8
•••
A quick update on my side, @AlejandroGarcia has refunded my purchase of ubve.com and wohp.com. I have refunded the buyer of ubve.com but will need to track down the buyer of wohp.com to give them a refund as well. That way I am not in the middle of this mess...
 
20
•••
I have only had pleasant dealings with @AlejandroGarcia, so it will be a shock to me if he has done something like this.

Would love for him to comment in this thread.
 
2
•••
I confirm that as a buyer of ubve.com (I bought it in December 2017) I have been today fully refunded by @lotk right after I kindly requested it, so that means I can confirm he is a Seller of high standards. I have also asked Brandbucket to delist the domain, right after I learned that it is suspected to be stolen.
I now await instructions as to what to do with the domain in question.
So we have at least one domain sorted out.
 
8
•••
2 factor authentication is the way to go
 
1
•••
That's awful. It's surprising - and super sad - how much work people will put in when it comes to stealing other peoples' money. If they applied that time and knowledge into other ventures they could make something of their own. I've learned some valuable lessons though: Monitor my email regularly and use every security precaution available.
 
3
•••
Enable 2-factor authentication is a must...
 
0
•••
A quick update on my side, @AlejandroGarcia has refunded my purchase of ubve.com and wohp.com. I have refunded the buyer of ubve.com but will need to track down the buyer of wohp.com to give them a refund as well. That way I am not in the middle of this mess...

Could you let us know if Alejandro gave you an explanation as to what has happened?
 
0
•••
I can personally add that I've only ever had good/ honest dealings and advice exchanges with @AlejandroGarcia in the past- but something doesn't seem to add up here? I'm sure (as stated above) he wouldn't try and sully his rep for a few llll.com's? But as @Embrand said, I'd also be interested as to what, if any, explanation he has given for the refund/ or situation he's found himself in?
 
0
•••
My piece of advice is to use a business email address in for whois as in

[email protected]

This way the person doing the hacking does not know who your email carrier is.
It's harder to hack a gmail account when you're using outlook :xf.laugh:

Most business email will use a carrier like google apps etc but like I said.... make it as hard as possible.

I use 2-factor with godaddy and 2-factor with my email and I monitor both every day for activity.
Also, move it to a place like NameSilo where you can get free whois privacy. That way no one will know who to attack.
 
4
•••
Could you let us know if Alejandro gave you an explanation as to what has happened?

He just let me know that he is still doing his own research on the batch of domains he purchased last year and that he issued my refund.
On a side note, I have bought several domains off of Alejandro in the past without any issues.
 
7
•••
So bad.. Its mean our account is not safe also.
 
0
•••
I notice @AlejandroGarcia has closed his account and does not respond to emails anymore. Not a good sign.

For full disclosure I would like to state that I have bought three domains from him in recent months. I am now satisfied that one of them was indeed stolen and I will be returning it to its rightful owner.

The two others I am still looking into. None of these three names came from GoDaddy, by the way. So there may be many affected names from several different registrars.
 
5
•••
I also bought 3 domains from Alejandro during the last few months. Two of them have now been confirmed as stolen. I already returned one to its owner. The other one will be returned shortly. Still looking into the third one. Whether Alejandro is an innocent victim of the thief or directly responsible for this mess- I hope that he'll end up doing the right thing, take responsibility and refund all the buyers.
 
Last edited:
3
•••
I notice @AlejandroGarcia has closed his account and does not respond to emails anymore. Not a good sign.

For full disclosure I would like to state that I have bought three domains from him in recent months. I am now satisfied that one of them was indeed stolen and I will be returning it to its rightful owner.

The two others I am still looking into. None of these three names came from GoDaddy, by the way. So there may be many affected names from several different registrars.

Looks like it was "Auto-Closed" - maybe a mod can answer more.
 
3
•••
So... now the 4 letter.coms are getting stolen.

Right.

Good news for 4 letter.com holders atleast there are people out there trying to steal it and that means it does has some value.
 
0
•••
YOo would think it would be easy to get your stolen domain back. What really stunk was that I could not prove I did not transfer it. But thank goodness for the help of strangers.
 
2
•••
A quick update on my side, @AlejandroGarcia has refunded my purchase of ubve.com and wohp.com. I have refunded the buyer of ubve.com but will need to track down the buyer of wohp.com to give them a refund as well. That way I am not in the middle of this mess...

@lotk Have you been able to track down and get in touch with @j2tuff911 regarding wohp.com?
Not sure he was the purchaser from you, mentioned above, but I did notice he has one of the stolen names listed for sale on his website. Hoping the domain will find it's way back to the rightful owner at GoDaddy!
 
0
•••
@Lola Lola has asked me to upload the attached file since she is a new member and cannot upload yet. It concerns her domain, but it is better that she explains herself I think.
 

Attachments

  • Alejandro stuff.JPG
    Alejandro stuff.JPG
    157 KB · Views: 102
7
•••
@Lola Lola has asked me to upload the attached file since she is a new member and cannot upload yet. It concerns her domain, but it is better that she explains herself I think.
Thank you embrand for posting this for me. You will notice in the image is a list of email transactions. These were all involved in the theft of my domain name. Sadly I believe Alejandro Garcia hacked my email account and used it to change all my passwords and perform transactions posing as me. He did so via comcast webmail. I did not see any of these as my email was spotty during this time. Now I know why. He had deleed the messages but Comcast helped me to restore them and you will notice in the middle of the list there is a test email from himself to my comcast account. This is 5 minutes before he recieved the transaction record for the domain transfer. Sadly I did not find any of this out until it was too late. He changed my passwords for himself then changed them all back. I had been registered at Network Solutions since 1998 and the domain was paid until 2021. They were no help nor was Icann. I could not prove that it was not me. But thanks to Embrand things are getting taken care of. I would never had proof that Alejeandro was truly involved had it not been for Embrand and his honesty and integrity,
 
8
•••
Yes. And things like infrequently-monitored email accounts or legacy accounts from providers like earthlink.net are prime pickings.

Another attack vector is to hope to lose the transfer and account recovery emails in a wave of spam.
Exactly what happened to me. I did not think to change things. I thought I was protected at Network Solutions. I did not know I could hide my identity at Whois. That is what got me scammed. I really think you should be able to request unlisted.
 
2
•••
General idea. But don't they need access to the registered email id to get the password reset emails so the account can be accessed?

Obviously, and if that email is not within your control (owned and operated) and is something from a provider like Verizon, AT&T, Comcast, etc,. then those 3rd-world call centers just have a kid phone in to tech support, use your WHOIS data for any address/phone verification, and get the main account password changed - then they have control over everything including all your emails.

It's called "Social Engineering" and they also steal your phone access by calling your cell phone company and port your number to defeat 2-factor authentication.
 
Last edited:
2
•••
Back