Dynadot

alert NWX.com stolen

Spaceship Spaceship
Watch

equity78

Top Member
TheDomains Staff
TLDInvestors.com
Impact
28,336
@Sedo @namesilo nwx.com listed for sale at $15,750 it's been stolen, NameSilo you are the new registrant I spoke to the owner it was stolen from his mydomain account and transferred to you, this name is stolen.
 
37
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Sometimes when we see a very high value domain being sold for peanuts, we need to take that as a possible red flag and do our due diligence. Some deals may be too good to be true.
The offer to me was priced high enough that I thought it was a legitimate reseller offer

The account had 10+ positive feedback on their NP account which I used as a benchmark

Everything about the transaction seemed legitimate

Thanks
 
4
•••
How can he stolen all this names maybe this guy got a virus that is working for him.
 
0
•••
I put the persons name (from paypal) in Google and it might be coincidence, but the persons name is the same as a person that was just convicted of drug trafficking in Texas.
 
1
•••
NWX.com was stolen from mydomain.com and I am looking for who is now hosting it. Thanks Ron

Hi Ron -- Welcome to namePros! (and +1 for having the coolest last name I've seen all year!)

Not sure how much details you have behind the alleged theft, but as the process goes on, the more you can uncover, the better your chances of recovering the domain. A good place to start, as indicated in a previous post above, is to review your email...

When did you lose access to the domain? Keeping in mind, the date the domain was transferred out might not be the date you lost access to the domain. e.g. The alleged thief most likely had entry to your email and/or registrar prior to the transfer out date.

DomainIQ WHOIS records show the domain at Domain.com on a December 7th entry, but a December 10th DomainIQ WHOIS shows the domain under privacy at Namesilo with a December 7th update date.

**Note the Updated Dates for possible specific time stamps**

The December 7th entry:

upload_2018-12-17_10-45-30.png


VS

December 10th entry:

upload_2018-12-17_10-46-13.png


The December 10th WHOIS Updated Date [2018-12-07T21:34:20Z] is a likely indication of when it may have been transferred out.


Also note the expiration difference between WHOIS entries, the December 10th entry shows a new 2020 expiration -- which combined with a registrar change indicates a transfer occurred.

Why did the alleged thief use Namesilo? One has to wonder if the transfer was paid for in Bitcoin.

Another thing to note, the nameserver changes:

From:
NS1.MYDOMAINWEBHOST.COM

To:
NS-1476.AWSDNS-56.ORG
NS-2037.AWSDNS-62.CO.UK
NS-546.AWSDNS-04.NET
NS-60.AWSDNS-07.COM


Before (August 5th, 2018)

upload_2018-12-17_10-54-31.png


Current:

upload_2018-12-17_10-55-9.png
 
Last edited:
12
•••
Thanks @equity78

There was a NS update between 06-12-2018 to 08-12-2018

NWX._COM.png
 
2
•••
The stolen domain I purchased was "The Endurance International Group, Inc." also.
 
1
•••
The stolen domain I purchased was "The Endurance International Group, Inc." also.

The first, last, and only (until now) time I heard of Endurance Group was during the CQD fiasco.
because of the email security breach with [email protected] on Startlogic AND because, unbeknownst to me, startlogic, a US company who has housed my CQD.com web site files (and my other websites) since 1996 when i created CQD.com, was sold to Endurance Group International.
 
2
•••
Thanks for tagging us. We have locked down this domain while we investigate. The rightful domain owner needs to contact us at [email protected] so we can validate that it was stolen.
 
Last edited:
22
•••
10
•••
Wow. I wonder how all these domains are being stolen.
They are being stolen through some form of hacking. A person doing the hack can be in any country in the world. As we can see here they posed as a member to gain our confidence, support and comfort and to also use us as a customer base. Most of our members here always do their due diligence when transacting a sale, however we see in this incident that hackers do find ways to slip through the cracks.
 
0
•••
They are being stolen through some form of hacking. A person doing the hack can be in any country in the world. As we can see here they posed as a member to gain our confidence, support and comfort and to also use us as a customer base. Most of our members here always do their due diligence when transacting a sale, however we see in this incident that hackers do find ways to slip through the cracks.

Hacking can be impeccably easy, at least some forms of it. Always have long and mixed passwords, always.
 
1
•••
It looks like VAP.com was stolen in 2013 by the same person; the legit owner - Venture Asset Partners, LLC - used a Yahoo email address. The domain has been resold several times since.
 
5
•••
Add the following to the list:

BCI.ORG
LGM.ORG
PVN.ORG
 
6
•••
0
•••
There's about 125 more linked to that account; I only shared the LLL kind after verifying odd changes in ownership. They all have in common previous yahoo/AOL/Comcast etc. accounts. Others are linked to domains that dropped, and re-registered - a common domain hijacking technique.
 
4
•••
There's about 125 more linked to that account; I only shared the LLL kind after verifying odd changes in ownership. They all have in common previous yahoo/AOL/Comcast etc. accounts. Others are linked to domains that dropped, and re-registered - a common domain hijacking technique.
With that amount of domain names being linked to a hacked account should warrant all the registries attached to these domain names to work together with the possibility of a law enforcement investigation....
 
0
•••
Moral of the story...

1. Don't use weak passwords.
2. REQUIRE 2 Factor Authentication for any account changes.
 
1
•••
There's about 125 more linked to that account

Which account?
I got this name for sale via a so called broker for only $12k

Was it a broker, or the alleged thief?

If alleged thief, care to post the email address and/or header?

Or if the so called broker is different than the alleged thief, maybe you can tag / reach out to them for more information?
I purchased an LLL.net from this person. I did do my due diligence on the name as best I could. I required the auth code and transfer prior to paying. It went smooth.

A day later, I received a contact via whois privacy from a gentleman in North Carolina. He noticed his email stopped working. Long story short, he has owned the domain for over 20 years. His domain account was apparently hacked and both his password and secret questions were changed. He is still trying to access his domain account.

I have initiated a paypal dispute. Obviously I can't keep the mans domain. It's stolen property.

I alerted NP mgmt, and they apparently have closed the user's account.

What a shame.
Did the seller use patygmar @ gmail.com as their PayPal address?

You should probably update the trade review you left, to reflect the negative experience.
This is not the only domain @PatyGMar has stolen and attempted to sell

I bought eca.net from she/he not knowing it was stolen

Were you refunded / was the domain returned to the rightful owner?

You also might want to update the trade review you left, to reflect the negative experience.
 
Last edited:
3
•••
i removed my trade reviews...
(will put -ve review once case comes to conclusion)
 
2
•••
There was a NS update between 06-12-2018 to 08-12-2018

122125_7d6a25f596bcc9d132826731d9c0b20f.png

Something I'm wondering...

... Could the domain have been pushed to another domain.com affiliated registrar prior to being transferred to Namesilo?

According to SecurityTrails.com, the NameServers were changed to ns1.domain.com on or around December 6th. There is no record on SecurityTrails of the nameservers being changed to ns1.domain.com within the last 10 years; it appears to be a first.

I believe the default nameservers for MyDomain.com is ns1.mydomain.com. Whereas the default nameservers for Domain.com is NS1.domain.com.

... hence my thinking, that the domain may have been pushed from mydomain.com to another domain.com affiliated registrar prior to being transferred out.
Not sure if that would be reflected in WHOIS updates to confirm or deny.

Just a thought.
 
Last edited:
1
•••
Were you refunded / was the domain returned to the rightful owner?

You also might want to update the trade review you left, to reflect the negative experience.
I filed claim with PayPal and the name is still under GoDaddy dispute

Trade reviews wont matter as the account is banned, but updated nonetheless

Thanks
 
2
•••

Something I'm wondering...

... Could the domain have been pushed to another domain.com affiliated registrar prior to being transferred to Namesilo?

According to SecurityTrails.com, the NameServers were changed to ns1.domain.com on or around December 6th. There is no record on SecurityTrails of the nameservers being changed to ns1.domain.com within the last 10 years; it appears to be a first.

I believe the default nameservers for MyDomain.com is ns1.mydomain.com. Whereas the default nameservers for Domain.com is NS1.domain.com.

... hence my thinking, that the domain may have been pushed from mydomain.com to another domain.com affiliated registrar prior to being transferred out.
Not sure if that would be reflected in WHOIS updates to confirm or deny.

Just a thought.

afaik u cant push between mydomain dotster netfirms etc
 
0
•••
afaik u cant push between mydomain dotster netfirms etc

I just asked MyDomain.com chat support if a free push to Domain.com is possible, or if it'd require a paid transfer.

Their response:

"If you buy a domain name with MyDomain, we can move the domain name to Domain.com for free as it our sister concern company ."
 
2
•••
I just asked MyDomain.com chat support if a free push to Domain.com is possible, or if it'd require a paid transfer.

Their response:

"If you buy a domain name with MyDomain, we can move the domain name to Domain.com for free as it our sister concern company ."

not all reps are created equal. proof is in the fact that I was told exact opposite by another rep a while back when I wanted to do that.

pushes are hard even mydomain to mydomain. cause you always have to call them or chat. u cannot do it yourself. then even when u call them, there are 2 ways to do it. and one of them involves knowing the secret accnt question of new owner.
 
3
•••
not all reps are created equal. proof is in the fact that I was told exact opposite by another rep a while back when I wanted to do that.

Sounds like you had a bad rep. Ha. I think I remember pushing a domain from a domain.com affiliate to another domain.com affiliate in the past. But couldn't remember for sure. The chat with the rep confirmed it.

pushes are hard even mydomain to mydomain. cause you always have to call them or chat. u cannot do it yourself. then even when u call them, there are 2 ways to do it. and one of them involves knowing the secret accnt question of new owner.

I wonder if this 'secret accnt question' method works with MyDomain.com to Domain.com pushes. Or if it would have required assistance from support.

But back to the topic... I'm wondering if:

The alleged thief pushed the domain to their (or somebody else's) Domain.com (or affiliate site) account prior to transferring to Namesilo.

Not sure how (if) transfer locks (from MyDomain.com to Domain.com) would effect this.
 
0
•••
Back