Dynadot

[RESOLVED] - Domain Name Stolen...A Horrible Story and a Warning...

NameSilo
Watch
Impact
346
Hi All. I've not been in here for a number of years, but a week ago I had my domain of 20 years (dustie.com) stolen and I have to tell the story. it looks like I'm out of luck here, and out a lot of money, but maybe my story can help prevent this happening to someone else. This happened at Godaddy, though I don't blame them, and i still have all of my domains with them, as well as my websites. I blame the no good slimy thief who stole my domain name!

Here's the story... First off, my name is Dustie, and I've owned Dustie.com since 1998.
Sometime in 2017 (I think) I decided to go ahead and list dustie.com as a premium domain for a high price. It being my name, I wasn't real keen on selling it, but, as they say, everything is for sale for the right price. I'd had someone offer me 5,000.00 for it, but after taxes (it would have put me in a higher tax bracket for the year) and commisison, it wasn't worth it wasn't worth it to sell it for that amount. However, I figured that if someone were willing to pay that for it, maybe someone would pay even more. So I listed it as a premium domain for 20,000.00. I seriously didn't think it would sell but it woudn't hurt to list it (or so I thought).

All was well, until a bit over a week ago. I had been out that evening and didn't get home till nearly 10:00 PM. It was 11:00 before I was able to get onto the computer. That's when I saw the 5 emails from Godaddy.... I'm sure you can imaging my reaction when I saw that, within 20 minutes, my domain name, dustie.com, which I have owned since 1998, sold and transferred for a mere 450.00? I was sick...simply sick. How could this happen! First off, I've never had a domain name sell and transfer inside of 21 minutes and then be paid for it a little over a day and a half later. That's unheard of!

Immediately after reading those 5 emails and realizing my domain name had sold for less then 5% of what I'd had it listed for on Premium Domains, I was online with Godaddy help. Though they were sympathetic, no one there could help. They said I'd have to wait till morning and call auctions help. Needless to say, I didn't sleep well and was on the phone as soon as they opened their office. Though I was on the phone for a good 30 or so minutes with them (a good part of that time on hold), I was ultimately told there was nothing they could do for me. My domain was bought, paid for, and transferred and that was that! (Oh, and this even though they found the price had been tampered with twice that same night, long before I got online). They said this had to be me because no one else had access to that account! That was proof to me that someone was in there messing with my account and screwed me over big time, but not to them.

So I've been sick all week...trying to forget that someone illegally reached into my pocket and stole a lot of money , as well as my NAME! Needless to say, even a week later, I'm just sick about the whole thing.

Today, on a lark I looked up dustie.com on godaddy and was sick all over again when I saw that it is now listed as a premium domain for 12,000.00 (by the person who stole it from me?). That's just wrong, in so many ways! How do I get over this? I want to know how this could have happened!!??

I am posting in here as a warning to you all, as well as wanting to go on record that this did happen, regardless that the guy at [email protected] said that dustie.com had always been listed at 450.00 and it was a legitimate sale! I know how to use GoDaddy. I'm a long time user and have over 50 domain names with GoDaddy, more the half listed as premium domains! Ever since Dustie.com was originally listed as a premium domain at 20,000.00 that was the price that showed up whenever I went to maintain my premium listings. It always stuck out like a sore thumb, because most my other domain names are listed below 1000.00. There is simply no way Dustie.com was ever listed for as little as 450.00. Even go daddy suggested a price of nearly $5,000 as a premium listing starting point for dustie.com.

Without a doubt, my godaddy account was hacked and my domain name of 20 years stolen from me and relisted for 27 times what they paid for it! That burns me to the core!!!

I'm sure that, since this happened to me it will surely happen again. If any of you hear about such a thing, could you please have them get in touch with me? If I can find others that this has happened to, maybe we can do something as a group?

In the meantime, if you have a valuable domain name on Godaddy Premium domains, then you might want to take screen shots of the listed prices. Also, I was told that if I had the original email when it was listed that would be proof that it was listed at 20,000.00. Alas, I did not have it...I had, not long ago, deleted emails that were more then a year and a half old. If you don't have emails for your most valuable domain names, then remove them from listing, then relist them to get a new email and save those emails just in case!!

And Thanks for listening to my very long rant!

Dustie
(was [email protected] for over 20 years...now I am [email protected] and my site is dustie.art ... cool name, but it's certainly not worth what I lost in dustie.com!)
 
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
I wonder if you're all overthinking this. Is it not just possible that Dustie was making bulk updates and mistakenly changed the price to 450?
We've been over this one already in the thread.

Have a nice day :xf.smile:
 
0
•••
Dustie was told by GD that the price was changed first from 20K to 30K and then immediately to $450. Which sequence is strange by itself. Why the price change happened two times... Looking at the sequence "20K-30K-450" separately and outside this thread or domain pricing, one may guess that there is a mistake and it should be "20K-30K-45K" (missed "00"), but it is unlikely that somebody (including Dustie herself) might wish to set 45K price on this domain for any purpose. All this is a big puzzle.

@tonyk2000 -

Which is why knowing the transaction request source and IP address would provide clarity to who & when each of the $30,000 & $450 requests were placed. If it were via Dustie's IP address and via a GD Panel (request source) then what transpired is somewhat obvious.

I agree - Dustie doesn't need to know what all the terminology represents as by sharing the data with us - we will be able to provide interpretation of the data (potentially).

BTW - the reason for the 30,000 jack is to test the change technique, then go for the lower $450 drop.

For example - a common Retail fraud is to "always be over on your cash drawer" - statistically not normal and a red flag is tossed when it occurs.

-Cougar

ps: I'm pretty certain that if Dustie was still without the domain, she would be crawling at the opportunity to have this data and have our assistance assessing it.
 
Last edited:
1
•••
Which is why knowing the transaction request source and IP address would provide clarity to who & when each of the $30,000 & $450 requests were placed. If it were via Dustie's IP address and via a GD Panel (request source) then what transpired is somewhat obvious.

To remove one possible venue of an untoward scenario and solve this case with 99,999 certainty it’d be helpful for us to know the exact time of occurrence for each price change (including that of Dustie) taking place across the spectrum of Dusties’ domains. If it can verified that all those changes happened nearly simultaneously or during the same log-in session, down to the same hour, being within the minutes or seconds of each other, and, furthermore, if Dustie can herself attest to having undisputable memory of voluntarily changing a pricing outlook on the rest of the domains from the Premium bunch, then it’d stand as the most convincing piece of evidence to suggest that the whole painting, masterful brush-strokes and all, was sketched by and attributed to the HAND of the same master, ie Dustie.Art ; )

In the second instance, the knowledge on IP addresses map is limited in giving answers, being that it can only elucidate the matter by INCLUSION, rather than EXCLUSION of a potential for a hacker's involvement, since it's possible for a skillful hacking heist to operate from within the confines of a Dustie's IP address thus creating a false impression of everything emanating from the computer of an invaded host.
 
Last edited:
0
•••
Hope you all had a great Easter!! I am sure @Dustie did!! :xf.smile::xf.smile::xf.smile::xf.smile::xf.love::xf.love::xf.love::xf.love: You three really rock @maxtra, @Joe Styler and @MapleDots - What an awesome thing to do!

I had read till page 2/3 the last I was on this thread and was disappointed how it was turning out! You guys seriously made my day!! Do read on coz I might have figured out how the error occurred.

I have now pushed Dustie.com to you and we can all move on once you accept

I am happy I was able to do this for you :)

If it was bought by big domainer you might have never gotten it back

Another thanks to @MapleDots for that act and the refund has been sent as you know

Also thanks to @Joe Styler and GoDaddy for offering an additional credit in addition to the refund, that is very kind :)

Thank you for offering to split the profit of a future sale but I think you should take advice from others here and never list it for sale again

You clearly have a very personal connection to it and your first name in .com is great for personal/business uses and branding

I know if I had my first name in .com I would not even consider selling unless I was offered an unbelievable sum of money

Thanks

You are just amazing @maxtra - Thank you for stepping up and doing the right thing. You and @MapleDots really showed humility through the whole thing. May God bless you both and your families more and more in everything you do! I think @Dustie hit a string immediately with all of us. :xf.cry: We wished, you guys DID amazing! I think namepros also added another feather to it's cap via this!! :xf.love::xf.love:


It's ICANN who is trying to send an email to [email protected] for approval of the transfer

I had a similar issue a few years back and almost lost a domain name. I would recommend you never tie your registered email ID of a domain name to the domain name itself, especially if you are selling it. I use my gmail ID (which is super secure with phone auth) so that I can never miss an email.

Ok here is how I traced out the most probably POE (point of error). OP said she has never used Afternic not knowing that Afternic is Godaddy owned and controls the premium listings so the error has to have occurred in Godaddy's premium listings control panel was my start. I suspected it was a bulk change that caused it coz on a daily basis I have to keep my eyes peeled so I don't unknowingly change or undo a change when working in the domain manager. When I went into my Godaddy domain manager to follow my hunch the premium domains link is missing (making me suspect they found this error). See step 4 here to know which particular link: https://in.godaddy.com/help/adding-domains-to-premium-listings-3492

Screen of my DM:

upload_2019-4-22_9-37-35.png


Since I can't show steps now, here is my theory based on what I struggle with. There is an irritating little bug in Godaddy domain manager that I have always wanted to report coz it's become a pet peev, but I never bothered with the occasional bites (so clear only now!). Dunno if anyone else has noticed it but when you select domains in Godaddy to make changes the domain selections persist even after we have finished making updates to the domains. For example I changed a couple of domains to Undeveloped nameservers after they didn't get approval for my asking price on SquadHelp. Immediately after that step I had to update nameservers to SquadHelp for a few domain names... and guess what? The two I had just changed were also selected. So i ended up undoing the first change. After this incident (was a reoccurrence that finally made me take note) I am very cautious and was wondering if I have to go through my entire list to do a full scan if all's in order.

With that background and armed with the information that "the price went to 30k and then down to 450" I think that Dustie had in fact upped the price to 30k and right after that set some other domain's price as 450 (I am guessing multiple as that's when we are more error prone). When that happened Dustie.com piggy-backed into that selection and was updated. Please note that this bug is very hard to keep track of - peel your eyes guys lolz :xf.rolleyes: - and I have time and again made mistakes I have to undo. :xf.frown: It's specific to doing multiple updates one after the other now I see clearly in retrospect.

This is just my educated guess without having the element of any fancy conspiracy theories :xf.wink: I feel it's just an untraced bug that slipped through.

And @Dustie - You dear, are one super lucky lady! So happy for you!! I agree with Maxtra, you shouldn't sell unless it's a really phenomenal offer you can't refuse. I can't imagine your plight if the person who bought it was not on NP and had bought it with immediate transfer (out of Godaddy's hands - hell!). I bet your entry here was the biggest bang in NP history :xf.wink:

Cheers!
Anita
 
Last edited:
4
•••
SmartWebby...I've always thought this was some sort of untraceable bug, though I can assure you I would have never tried to raise dustie.com to 30,000.00 I thought 20,000.00 was really pushing the envelope. If anything, I would have tried to lower it, maybe to 15,000.00 So that part still has me the most stumped.

The part about a slippery untraceable bug though. Of that I have almost no doubt. Thank you so much for your well thought out post. And you are absolutely right of the things you said about Maxtra and MapleDots and everyone here in NamePro. They came through like real champs, without a doubt, and I will be forever greatful.

Dustie.com is the one real and personal prize in my stable of names and it will, for the forseeable future, remain off any for sale list or program. It's more my identity then I ever realized before this. I've always had it and have always taken it for granted. No more, that's for sure! This was a real wakeup call!
 
2
•••
Well I am super forgetful (I call myself a muddlehead hehe) - have always been - so in your place I wouldn't and you shouldn't be surprised if it was you who changed the price to 30k while making other changes :) It's worth much more IMHO (20k is only base price for a super strong one word) in the right hands. The buggy scenario I outlined sounds more and more plausible rather than a hacking if you think of it.

Yes am sure it's a huge wakeup call. Every domainer (more like every person in the internet world I guess rofl) would love to have their own name .COM!! You sure are lucky and you should put yourself out there more coz the vibe I get from you is amazing. Wish you all the best for taking Dustie.com to a higher lever!!
 
Last edited:
0
•••
Oh we have much in common I think. I'm also terribly muddleheaded and have also always been so. Oh girl, I can tell you stories! So though I can't imaging a scenerio where I would have tried to change dustie.com to 30,000, I can't 100% discount the fact that it might have been user error here, along with a pesky undetectable bug at play, and therefor is going to remain always in the realm of "The mysterious". If it's ever made into a movie, my part can be played by Meryl Streep if she wants it. ;)
 
1
•••
Good call! Lol I can absolutely imagine a movie like Mamma Mai .. Domainer edition! :-P:xf.laugh::ROFL::ROFL:
 
0
•••
I was playing her during all this trauma the last week... I was walking all around holding my head all week and groaning Mamma Mia, Momma Mia! So it's only fair she play me!
 
1
•••
I've been a bit quiet on this whole event for the last day or so because I wanted to make sure Dustie had her domain before I said anything.

The question everyone keeps asking me is why I stepped in to purchase the domain and did I get my money back.
....
Good job everyone, this is definitely as good as it gets.
I disagree. You put your money out up front regardless of whether it was needed or not. PM me your address please I'd like to send you something via snail mail as a thank you.
 
7
•••
If it is the case, then the radio silence would not be too surprising :( Unless until the issue is 100% fixed...
There was no security issue.
 
1
•••
Dustie.com is back with the original owner. Thank you to Maxtra and Mapledots for their help and for everyone who offered their advice and tried to help. This is truly what is great about being a part of the domain community and the spirit of NamePros, everyone working together to help each other. I do not want to go into details publicly about the domain sale. I have provided them to the interested parties while working privately behind the scenes the last few days with them. I do however want to address some legitimate concerns. We investigated this very thoroughly and took it very seriously leaving no stone unturned. We do not believe there is any security risks or technical issues involved in this transaction. We take security very seriously and also are able and willing to help if any issue arises outside the norm. I see no reason from looking at this that your domains would be at risk listing with us, we have and continue to provide a safe and secure marketplace for your domain name assets. When something arises outside the norm we do take it seriously and work hard to make sure our customers are happy with the results.
 
11
•••
@ Joe Styler...You are a ROCK STAR as is Maxtra and MapleDots! and it's been a pleasure meeting and working with all of you.

Maxtra trophy.jpg
MapleDots trophy.jpg
Styler trophy.jpg
 
0
•••
I thought thru reading this entire thread it would show how a $20,000 domain listed for sale sold for $450, as the owner said they never changed the stated price. Is there an answer to how, or why this happend?

If the theory of a hacker changed the price, in order to buy it thru a legit fashion, it would have sold to someone else who would have put up an argument, and the domain would not have been returned in such a quick fashion.

So the final answer is the owner miskeyed a bin of $450, and the domain sold thru a legitimate sale to a listed bin? Legally it was a legit sale, if not for the kindness of the buyer to return it, what recourse could the original owner really have in terms of recovering the domain on the basis it was never listed at the bin price of $450?
 
0
•••
@Dustie this really sucks what a horrible story. I am sorry you had to go through that. I agree with above comments about 2 factor authentication this really works well and will hopefully add some additional security to your account. I am really sorry this happened but thank you for posting as this is something to defiantly be aware of for all Domainers hope you get a big sale soon to take your mind a little off this unfortunate circumstance.
 
0
•••
@ Godaddy, @ Joe Styler, why not send out a confirmation email after a price change of a domain - such as Epik.com does with marketplace listings, or at least a daily summary of account changes?
 
2
•••
@ Godaddy, @ Joe Styler, why not send out a confirmation email after a price change of a domain - such as Epik.com does with marketplace listings, or at least a daily summary of account changes?
Such messages would look like spamming IMHO.
 
0
•••
@Dustie this really sucks what a horrible story. I am sorry you had to go through that. I agree with above comments about 2 factor authentication this really works well and will hopefully add some additional security to your account. I am really sorry this happened but thank you for posting as this is something to defiantly be aware of for all Domainers hope you get a big sale soon to take your mind a little off this unfortunate circumstance.
Thank you .Domainted. That would be nice for sure! I am so greatful for all the help I had with this. I'd love to sell a domain name and use some of the money to thank Maxtra and Maple dots for their part in allowing me to get my domain name back! Dustie
 
1
•••
@ Godaddy, @ Joe Styler, why not send out a confirmation email after a price change of a domain - such as Epik.com does with marketplace listings, or at least a daily summary of account changes?
I like that idea Blue! That certainly would help...
 
0
•••
I am confused why GD is not offering more information whether specific details or confirmation that they have checked times, dates, IP addresses, etc and confirmed the change came from Dustie's IP and at what precise date/time? This should be very easy to establish using logs. After reading this thread, I am not convinced on anything. Whether it was OP's error, OP's computer was hacked, GD was hacked, GD had a technical glitch, etc. It could've been done by a third party to gain attention to demonstrate a weakness with GD, OP could've been specifically targeted, etc.
 
Last edited:
0
•••
Back