Dynadot

alert NWX.com stolen

Spaceship Spaceship
Watch

equity78

Top Member
TheDomains Staff
TLDInvestors.com
Impact
28,342
@Sedo @namesilo nwx.com listed for sale at $15,750 it's been stolen, NameSilo you are the new registrant I spoke to the owner it was stolen from his mydomain account and transferred to you, this name is stolen.
 
37
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Sounds like you had a bad rep. Ha. I think I remember pushing a domain from a domain.com affiliate to another domain.com affiliate in the past. But couldn't remember for sure. The chat with the rep confirmed it.



I wonder if this 'secret accnt question' method works with MyDomain.com to Domain.com pushes. Or if it would have required assistance from support.

But back to the topic... I'm wondering if:

The alleged thief pushed the domain to their (or somebody else's) Domain.com (or affiliate site) account prior to transferring to Namesilo.

Not sure how (if) transfer locks (from MyDomain.com to Domain.com) would effect this.

well.. if you can't rememeber if you did it for sure... and you too had a bad rep on the fone, then him saying it, doesn't really confirm anything ;) I guess the only way to confrim it would be for you to remember for sure that you did it :)

as for your question you wonder about, as I just said, pushing ALWAYS requires assistance. it doesn't matter the registrar(s)... and regardless if you have secret question or not.. this is due to the fact that the domain needs to be removed first from old owner.. before it can be added to new one. and you cannot remove domain from your account on your own. without support call/chat.

if you own domainX on mydomain.com... and try add it to another accnt on mydomain it will say the domain already exists. it will also say same if you try to add it to a doster account etc.. regardless if you have secret questions or not. its actually not relevant here. in short, it'll keep saying domain already exists in their database, until you call support to remove it. once you do that, there are like I said two ways to do it.. one is: you tell them to remove it only. and then tell new owner to ADD it through their panel. or 2nd method is with secret question, whereby after agent removes name on phone, u give new owner email+secret question/answer.. and they complete the push themselves. the new owner does nothing.
 
2
•••
I doubt 'it' is a female. More likely, posing as female is part of the social engineering process.

you mean the thief/hacker could be pretending to be her by stealing that identity?
 
0
•••
@alcy Pushing domains between Domain.com, MyDomain.com, Netfirms and Dotster is possible. I've done it many times in the past. You need to have the details of both accounts and it involves a regular push as well as asking them to change the RSP (RSP stands for Registered Service Provider, if I'm not mistaken) to the new registrar. When they don't do that (or say they did but didn't because... well... often they're incompetent and have no idea what they're doing)- the domain is still technically in the first registrar even after the push is done and can't be controlled from the new registrar until the RSP is changed.
 
2
•••
@alcy Pushing domains between Domain.com, MyDomain.com, Netfirms and Dotster is possible. I've done it many times in the past. You need to have the details of both accounts and it involves a regular push as well as asking them to change the RSP (RSP stands for Registered Service Provider, if I'm not mistaken) to the new registrar. When they don't do that (or say they did but didn't because... well... often they're incompetent and have no idea what they're doing)- the domain is still technically in the first registrar even after the push is done and can't be controlled from the new registrar until the RSP is changed.

yes it can get quite complex... especially with the followup RSP changes etc.. and as you put it, incompetent reps outnumbering the competent ones...

however, the fact remains that it cannot be done on your own and needs support call.. or chat... whether its a mydomain to mydomain push... or mydomain to affiliated registrar.

cheers
 
1
•••
@alcy Yes, it can't be done alone. I thought you were saying that a push between them can't be done at all. Maybe I misunderstood.
 
0
•••
@alcy Pushing domains between Domain.com, MyDomain.com, Netfirms and Dotster is possible. I've done it many times in the past. You need to have the details of both accounts and it involves a regular push as well as asking them to change the RSP (RSP stands for Registered Service Provider, if I'm not mistaken) to the new registrar.
I tried that once. NEVER AGAIN!!!
 
3
•••
Just received a message from the owner of eca.net, it is confirmed stolen

He owned the name for 20 years and his email and NS accounts was hacked

Quite the hack job that has taken place here
 
Last edited:
5
•••
5
•••
Both NWX and ECA were managed by email addresses of legacy providers, AOL and Comcast; both email addresses are in the compromised list.

Move your domains away from such providers.

Please, please, please move away from legacy providers, especially Yahoo and anything related to them. NamePros sends hundreds of thousands of emails each month; we get a very clear picture of which providers care about their users and which don't. Yahoo has all but given up. We have more problems with them than all the other providers combined.

Never use your ISP's email service. You're probably not going to be with that ISP forever, and most--including Comcast--have horrible email infrastructure. Hosting providers often have similar issues; for example, we've had a lot of problems delivering to SiteGround-hosted mailboxes lately.

And don't think hosting your own email infrastructure is a good idea, either: there are a lot of nuances involved in that; even I wouldn't dream of attempting it.

I would only recommend three email providers: Google (Gmail/G Suite), Microsoft (Outlook.com/Office 365; formerly Hotmail), and ProtonMail, in no particular order. If you're using anything else, it's worth the trouble of switching.

This is particularly important if you're a domainer because you rely on your email address to protect your assets. If someone compromises your email address, they can most likely steal your domains. Google, Microsoft, and ProtonMail have superior security in this area--most other services are trivial to get into.
 
9
•••
I have discovered sufficient evidence to determine that @PatyGMar is @AlejandroGarcia.

Accounts are closed or restricted for failure to verify ownership of the domain name.

Hope that helps,

Weird. I have dealt with AlejandroGarcia in the past dating back several years and he has strong trade reviews. I wonder what is going on here...

Brad
 
2
•••
Can confirm that both appear to be the same person (not just the same IP address).

The possibility of either account being compromised shouldn't be ruled out, though there is circumstantial evidence suggesting that isn't likely to be the case.

This is a good opportunity for a PSA: If your password here is the same as your password anywhere else, change it. You need a password manager. If you're doing business online, it's not optional. It is quite possibly the single best step you can take toward security your online assets. If you can remember your password, it's a bad password.

Some reputable password managers, in no particular order:
Additional security tips:
  1. SMS doesn't count as 2FA. It's nearly useless. I don't even know why websites still offer this; it's security theater and offers no significant protection. All it does is inconvenience you. Don't even add SMS as a backup option; you're completely eliminating the benefits of 2FA when you do that.
  2. OATH is your best option for 2FA. Typically this involves installing an app on your phone and taking a picture of a funky-looking QR code. Google Authenticator and Authy are both popular apps for this purpose. This is what NamePros offers and recommends.
  3. If you find 2FA codes inconvenient, consider getting a YubiKey. Not all websites support them, but the number is growing, and NamePros plans to support them in the near future. The cheap blue one is all most people need. I linked to the two-pack, as it's a good idea to have a backup.
  4. When choosing security questions and answers, don't use real answers. Generate random passwords in your password manager and use those instead. Hackers are better at figuring out the real answers than you are at remembering them.
 
Last edited:
9
•••
I have discovered sufficient evidence to determine that @PatyGMar is @AlejandroGarcia.

Accounts are closed or restricted for failure to verify ownership of the domain name.

Hope that helps,

This was the person I suspected, but did not have proof enough to name.
 
3
•••
Last edited:
1
•••
3
•••
I am awaiting an update (due 12/27) on my PP dispute. I have not yet returned the domain to the registrant who's account was compromised. I don't want to move too hastily until I hear from the seller or PP. The gentleman is being patient.
 
1
•••
I have discovered sufficient evidence to determine that @PatyGMar is @AlejandroGarcia.

Since so far, at least two domains sold by this user have been reported stolen, will there be any investigatory updates into the other domains sold by this user?

Most of their old posts have been edited. But some can still be found in caches.... (dates are not 100% confirmed)

11/9 | Pited.com, Foffe.com, Yosly.com
upload_2018-12-20_22-58-23.png


11/10 | OfficeLamp.com, TorchLamps.com
upload_2018-12-20_23-3-59.png


11/10 | T-15.com, BoudoirLamps.com, BrassTubing.com, GoldCharts.com
upload_2018-12-20_23-0-47.png



11/25 | RobinNest.com +
upload_2018-12-20_22-55-51.png


12/1 | CaRestoration.com
upload_2018-12-20_22-48-43.png



12/1 | xAND.org, GotCaffeine.com, AmericanaCoffee.com, BoudoirLamps.com, BondCommodities.com, GasCommodities.com, GasolineCharts.com
upload_2018-12-20_22-45-43.png


12/6 | KXRD.com
upload_2018-12-20_22-39-7.png


12/13 | PGF.net
upload_2018-12-20_22-41-45.png

**Keeping in mind, there appear to be other domains sold; this is most likely not the full list.**

A lot of the domains I just posted [KXRD.com, GoldCharts.com, TorchLamps.com, T-15.com etc...] have a long lasting digital footprint to a Larry Austin of California using a @ sprintmail.com email address. -- Not sure if he is aware that his domain(s) may have been compromised...
 
Last edited:
2
•••
Foffe.com had received qurey on transfer day. but it resolved from Godaddy side, and they unlocked domain name..
 
0
•••
Last edited:
0
•••
Received query from who? And what was the query about?

What was the outcome? ... did they award the domain to you, or was it returned?

they had locked domain for 2 days,
and after investigation they awarded domain to me. and unlocked them as well.


I had to send mail to godaddy support..

Very first time, i had doubt that there might be stolen domain, but when dispute came, i contacted seller, and she told me to return money, if domain are not removed from dispute.

but when it got resolved from Godaddy, i denied for refund, and i found that domains are not stolen...

"There might be a possibility that seller wanted to get trust by selling some domains, and preparing for bigger scam..."

"Unless old owner file dispute, we can not tag every domain as stolen one.., but better to file paypal claim for disputed domain...."
 
2
•••
they had locked domain for 2 days,
and after investigation they awarded domain to me. and unlocked them as well.


I had to send mail to godaddy support..

Very first time, i had doubt that there might be stolen domain, but when dispute came, i contacted seller, and she told me to return money, if domain are not removed from dispute.

but when it got resolved from Godaddy, i denied for refund, and i found that domains are not stolen...

Thanks for the clarification.

I've never encountered this before. Just so I understand, GoDaddy sent you an email notifying you the domains had been locked and were under investigation?

Then they finished their investigation, and awarded you the domains?

For educational purposes, would you mind sharing those emails?

"There might be a possibility that seller wanted to get trust by selling some domains, and preparing for bigger scam..."

This is possible. But at the same time, should the seller have sold domains they legitimately registered, there may be a footprint leading back to their identity. As such, a scammer could have motive to only deal in stolen domains.

All three domains being sold in the below screenshot have a longstanding digital footprint attached to a John Makowski of Maryland using a @comcast.net email.

122359_e788731943847f8a0465ca476245507f.png


Mr. Makowski could have legitimately sold them, and Paty could have legitimately acquired, and sold them in effort to build trust. But given the current shenanigans, there could be more to this. Might be best to contact Mr. Makowski and see what (if anything) can be confirmed.
 
Last edited:
2
•••
Thanks for the clarification.

I've never encountered this before. Just so I understand, GoDaddy sent you an email notifying you the domains had been locked and were under investigation?

Then they finished their investigation, and awarded you the domains?

For educational purposes, would you mind sharing those emails?



This is possible. But at the same time, should the seller have sold domains they legitimately registered, there may be a footprint leading back to their identity. As such, a scammer could have motive to only deal in stolen domains.

All three domains being sold in the below screenshot were previous owned by a John Makowski of Maryland using a @comcast.net email.

122359_e788731943847f8a0465ca476245507f.png


Mr. Makowski could have legitimately sold them, and Paty could have legitimately acquired, and sold them in effort to build trust. But given the current shenanigans, there could be more to this. Might be best to contact Mr. Makowski and see what (if anything) can be confirmed.


@PatyGMar told me that she purchased from person having paypal id *****@comcast.net

Another possibility is the systematically planned scam, where she made some evidance by making fake deals on her own paypal, and domain transferred accounts more than one time...

So that she can easily misguide latest registrar, and paypal also. by providing proof that she has purchased domain from xyz person. (she might be trying to prove herself as victim..)

if registrars are changed more than one time, then there might be a possibility that they will not easily respond ownership disputes, unless UDRP case filed...
 
1
•••
@PatyGMar told me that she purchased from person having paypal id *****@comcast.net

Did she happen to message you a screenshot of that?

I wonder, if GoDaddy had opened a investigation, if they would have received such correspondece from her (or John -- maybe even correspondence from the @comcast.net email 'not knowing if it was hacked or not'), in order for GoDaddy to have came to the conclusion they had in awarding you the domain.
 
Last edited:
0
•••
Did she happen to message you a screenshot of that?

I wonder, if GoDaddy had opened a investigation, if they would have received such correspondece from her (or John -- maybe even correspondence from the @comcast.net email 'not knowing if it was hacked or not'), in order for GoDaddy to have came to the conclusion they had in awarding you the domain.
if email ids of original owners are hacked, then it will be hard to prove @PatyGMar as scammer in Paypal and Godaddy...
 
0
•••
Can confirm that both appear to be the same person (not just the same IP address).

The possibility of either account being compromised shouldn't be ruled out, though there is circumstantial evidence suggesting that isn't likely to be the case.

This is a good opportunity for a PSA: If your password here is the same as your password anywhere else, change it. You need a password manager. If you're doing business online, it's not optional. It is quite possibly the single best step you can take toward security your online assets. If you can remember your password, it's a bad password.

Some reputable password managers, in no particular order:
Additional security tips:
  1. SMS doesn't count as 2FA. It's nearly useless. I don't even know why websites still offer this; it's security theater and offers no significant protection. All it does is inconvenience you. Don't even add SMS as a backup option; you're completely eliminating the benefits of 2FA when you do that.
  2. OATH is your best option for 2FA. Typically this involves installing an app on your phone and taking a picture of a funky-looking QR code. Google Authenticator and Authy are both popular apps for this purpose. This is what NamePros offers and recommends.
  3. If you find 2FA codes inconvenient, consider getting a YubiKey. Not all websites support them, but the number is growing, and NamePros plans to support them in the near future. The cheap blue one is all most people need. I linked to the two-pack, as it's a good idea to have a backup.
  4. When choosing security questions and answers, don't use real answers. Generate random passwords in your password manager and use those instead. Hackers are better at figuring out the real answers than you are at remembering them.

Thanks for the post, why does SMS not count for 2FA?

Secondly I never use a password manager because I always thought that was the hacker goldmine if one of them get hacked, your thoughts on that Paul.

Thank you.
 
2
•••
SMS can be intercepted by rogue operators with access to the SS7 network. BTC have already been stolen that way.
But the most common approach is SIM swapping. Simply posing as the legitimate line holder, you tell your operator your phone got stolen, you get a new SIM card and take over the phone number.

I use a password manager, so I can have super-complicated passwords and they are different for each service. The password manager database itself is protected by a master password.
Of course you still need good computer security hygiene.

Domain names are usually stolen through one of these methods:
  • taking over the E-mail address, especially a legacy address like Yahoo/Comcast, with a weak password that has a good chance of being found in pwnlists, or an address based on a domain name that dropped and is free to register.
  • phishing in order to grab registrar credentials from the account holder, for example by spoofing the Icann yearly reminder to verify whois accuracy.
But it's almost always E-mail that is the gateway to domain theft.

My advice, especially to domainers, is not to use free E-mail, but instead use a domain name that you control. For your registrar account, use an address that is different than the one listed in whois.
 
9
•••
Back