NameSilo

[email protected] was hacked - Premium domains being sold by hacker

Labeled as alert in Warnings and Alerts started by Rob Monster, Jun 10, 2019.

Replies:
23
Views:
3,747

  1. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    Epik.com has just busted a domain thief.

    The domain account at Network Solutions controlled by [email protected] is a hacked account. The person portraying themselves to be [email protected] is selling domains for crypto.

    The seller was offering these premium names for implausibly attractive prices:

    WEED.COM
    WIND.COM
    WIND.NET
    MODERN.COM
    GARDEN.COM
    FARM.COM
    CANNABIS.ORG
    CANDLE.COM
    CAMPING.COM
    ERGONOMIC.COM
    HIKE.COM
    GREEN.ORG

    This person was unable to get the auth code which is a requirement for selling a domain at Epik.com registrar and marketplace. Upon investigation, the person on the email was not actually the real Alex.

    The lesson here is the extreme importance of using a registrar for securing transactions. It is much easier to game the system with a domain push where the security controls can be less strict.

    The other lesson here is that the email address matching the WHOIS is not always sufficient evidence of legal ownership, with or without domain privacy.

    For anyone forensically inclined, I am attaching the header of the domain thief's email. Perhaps it can be used for tracking down this person. The actual owner, the real Alex, was alerted this morning.

    The would-be buyer is relieved that they sold through Epik. He is a NamePros member is welcome to comment on this thread if he likes.

    The actual domain owner has his account locked down at Network Solutions and will eventually regain control of their account. The registrant alerted the authorities.

    Approved accounts can list external domains for sale, including with BIN pricing. However, actual closing requires the domain to be at Epik. This is an important way that we protect buyers from fraud.
     

    Attached Files:

    Last edited: Jun 10, 2019
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. TrueDN

    TrueDN Top Member VIP

    Posts:
    2,182
    Likes Received:
    2,262
  3. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    Hopefully @Maxwell is not the scammer.

    Domain Name: WIND.COM
    Registry Domain ID: 1724938_DOMAIN_COM-VRSN
    Registrar WHOIS Server: whois.networksolutions.com
    Registrar URL: http://networksolutions.com
    Updated Date: 2019-05-25T00:56:57Z
    Creation Date: 1994-05-07T04:00:00Z
    Registrar Registration Expiration Date: 2023-05-08T04:00:00Z
    Registrar: NETWORK SOLUTIONS, LLC.
    Registrar IANA ID: 2
    Reseller:
    Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
    Registry Registrant ID:
    Registrant Name: Zcapital
    Registrant Organization: Zcapital
    Registrant Street: 1015 GAYLEY AVE STE 200
    Registrant City: LOS ANGELES
    Registrant State/Province: CA
    Registrant Postal Code: 90024-3475
    Registrant Country: US
    Registrant Phone:
    Registrant Phone Ext:
    Registrant Fax:
    Registrant Fax Ext:
    Registrant Email: [email protected]

    @Maxwell do you actually have this domain or you arbitraging? The guy who is emailing folks from [email protected] is not the legal registrant.
     
  4. TexasDomainer

    TexasDomainer Top Member VIP ★★★★★★★★★★

    Posts:
    1,855
    Likes Received:
    224
    I tried to buy camping.com for $xx,xxx. Thankfully Rob contacted the real owners and discovered that the email was hacked.
    I wonder why they still have the same email listed on the whois after finding out that it was hacked. Hopefully they have secured their NetSol account.
    I would like to thank Rob for providing excellent escrow service and protecting his customers. He personally got involved in the transaction and assisted me at every step. I doubt any other escrow service offers such help and service like Epik.
     
  5. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    An important point to note here is that when Epik steps in intermediary, we are effectively doing a buy and a sell. We are buying from the seller, and we are selling to the buyer. The domain itself is on Epik, which is also how we make sure that the seller has full control over the domain -- 90% of the fraud risk is eliminated this way. Anyone who has been ripped off via Sedo MLS transactions knows what I am talking about here. Other than the seller wasting some people's time, this one ended without anyone taking a bath.
     
  6. Maxwell

    Maxwell Top Member VIP

    Posts:
    1,444
    Likes Received:
    617
    Wow. No, I am not the scammer. I was just brokering wind.com for him and some other domains.
     
  7. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    If you know the person you were representing, he should be outed.
     
  8. Maxwell

    Maxwell Top Member VIP

    Posts:
    1,444
    Likes Received:
    617
    Wish I knew but I don't.
     
  9. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    You can do better than that. You are complicit in a fraud, wittingly or not. For starters, you can post the mail headers of your correspondence with [email protected].

    You can make some token effort to identify and hold accountable someone who was in the process of defrauding people to a material sum.

    Man up Bro or there will always be an asterisk next to your account as someone who is not a trusted source of domain dealflow. Is that not totally obvious?

    Thanks
    Rob
     
  10. Maxwell

    Maxwell Top Member VIP

    Posts:
    1,444
    Likes Received:
    617
    Rob,

    I of course looked through my emails immediately upon hearing this to see if there is anything that might help identify the scammer but there is nothing, no matter how desirable it might be.

    I did provide proof of my brokerage agreement with him to Eric Lyon, which he requested.

    As much as I'd like for him to get caught, the truth is I have no info on him.
     
  11. TexasDomainer

    TexasDomainer Top Member VIP ★★★★★★★★★★

    Posts:
    1,855
    Likes Received:
    224
    Then there is a possibility that the account was not hacked at all and the seller lied about it so he can back out of a deal.
     
  12. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    First of all, I am glad to hear that @Eric Lyon is involved here. I would appreciate his review here particularly if the brokerage agreement involves a NamePros user. It could be that you were duped into brokering on behalf of a fraud. The person certainly had us all convincingly fooled for a while until they failed to produce a valid auth code, at which point the jig was up.

    In the interest of forensic completeness, I do think the since a crime was perpetrated, you should produce the email headers of your correspondence with the "seller". If you need help with that request, happy to coach you offline. Fraud involving domains needs to be dealt with and rooted out in order to make domains the respected asset class that it deserves to become!

    Thanks in advance for cooperating in this investigation.
     
  13. dande

    dande UNNATURE.COM VIP

    Posts:
    1,681
    Likes Received:
    1,174
    This is really serious. But how someone could own such valuable assets and not care about the protections is beyond me. Protection in this case means moving those names out of NetworkSolutions.

    I think many premium domain asset owners believe having their old domains on NetSol is a form of prestige. I don't share such idea
     
  14. jamesall

    jamesall Upgraded Member Gold Account VIP

    Posts:
    1,211
    Likes Received:
    1,066
    I get people on this forum, facebook and linkedin asking me to act as a broker for them. (That makes me suspicious enough :xf.grin: ) Now I know that this could end up with being an accomplice to theft and domain name fencing.

    Nail those ?&%¤#%¤# guys! :pompous:
     
    Last edited: Jun 26, 2019
  15. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    Exactly.

    It would have helped a lot if @Maxwell would produce correspondence with this seller. Until then, there is an asterisk on Maxwell, and while unfortunate, that is how it goes.
     
  16. LarryDomain

    LarryDomain Top Member VIP

    Posts:
    802
    Likes Received:
    1,227
    I agree... Why not share the email headers.. We can atleast trace a few things about the correspondence.
     
  17. biggie

    biggie Top Member VIP ★★★★★★★★★★

    Posts:
    9,579
    Likes Received:
    8,962
    those who presume to be brokers, should at least perform due diligence, to confirm that the seller is actual owner of the domains, before they agree to take on the task.

    especially with names of such caliber,
    as your rep can go down the tube, along with scammer if identified.

    the time and possible commission may not be worth it, when you don't.

    imo..
     
  18. LarryDomain

    LarryDomain Top Member VIP

    Posts:
    802
    Likes Received:
    1,227
    oh on a side note.. Even if you decide to pay someone via crypto.. consider using a Crypto Escrow service. You might have to do your own research as to what's reliable. Lots of crypto scams out there. I can honestly say I've been duped several times when I was too lazy to deal with escrow on transaction under a certain price.
     
  19. TexasDomainer

    TexasDomainer Top Member VIP ★★★★★★★★★★

    Posts:
    1,855
    Likes Received:
    224
    That’s exactly the reason why I used Epik. They offer crypto escrow service.
     
  20. jamesall

    jamesall Upgraded Member Gold Account VIP

    Posts:
    1,211
    Likes Received:
    1,066
    The Cat Burglars of old have transitioned to become Domain Burglars in the Digital Age but they are still using Confidence Scamming and Social Hacking in order for their dastardly schemes to work.

    From now on I will think of someone who is asking me to help sell a domain as if they are asking me to help sell some precious Jewelry/Jewellry. 💍
     
  21. gipson

    gipson Next Domain Market VIP

    Posts:
    1,870
    Likes Received:
    2,213
    That is why my domains passwords is from 19 to 25 long..change every 6 mon
     
  22. Tia Wood

    Tia Wood Business Website Consultant VIP ★★★★★★★★★★

    Posts:
    1,222
    Likes Received:
    1,404
    "This person was unable to get the auth code which is a requirement for selling a domain at Epik"

    Why is this so hard for other companies??? *cough* SEDO *cough*
     
  23. TexasDomainer

    TexasDomainer Top Member VIP ★★★★★★★★★★

    Posts:
    1,855
    Likes Received:
    224
  24. Rob Monster

    Rob Monster CEO, Epik Epik.com Staff PRO Gold Account VIP

    Posts:
    2,065
    Likes Received:
    6,643
    As I understand it, Alex Tabibi managed to regain control of his NetSol account which had been locked down following the email hack.

    You can see that WHOIS has since been updated on June 20. For example:

    Domain Name: WEED.COM
    Registry Domain ID: 77200_DOMAIN_COM-VRSN
    Registrar WHOIS Server: whois.networksolutions.com
    Registrar URL: http://networksolutions.com
    Updated Date: 2019-06-20T16:41:55Z
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...