alert NWX.com stolen

[equity78]

@Sedo @namesilo nwx.com listed for sale at $15,750 it's been stolen, NameSilo you are the new registrant I spoke to the owner it was stolen from his mydomain account and transferred to you, this name is stolen.

 

[namesilo]

Thanks for tagging us. We have locked down this domain while we investigate. The rightful domain owner needs to contact us at [email protected] so we can validate that it was stolen.

 

[Silentptnr]

I purchased an LLL.net from this person. I did do my due diligence on the name as best I could. I required the auth code and transfer prior to paying. It went smooth.

A day later, I received a contact via whois privacy from a gentleman in North Carolina. He noticed his email stopped working. Long story short, he has owned the domain for over 20 years. His domain account was apparently hacked and both his password and secret questions were changed. He is still trying to access his domain account.

I have initiated a paypal dispute. Obviously I can't keep the mans domain. It's stolen property.

I alerted NP mgmt, and they apparently have closed the user's account.

What a shame.

 

[Silentptnr]

My Final Update
I have connected with the true owner of the stolen domain I purchased. He followed my instructions to create a free account at NameSilo (the domain was transfer locked). I then pushed the domain to him. He is very happy to have recovered his domain. The end.

 

[Chris Hydrick]

NWX.com was stolen from mydomain.com and I am looking for who is now hosting it. Thanks Ron

Hi Ron -- Welcome to namePros! (and +1 for having the coolest last name I've seen all year!)

Not sure how much details you have behind the alleged theft, but as the process goes on, the more you can uncover, the better your chances of recovering the domain. A good place to start, as indicated in a previous post above, is to review your email...

When did you lose access to the domain? Keeping in mind, the date the domain was transferred out might not be the date you lost access to the domain. e.g. The alleged thief most likely had entry to your email and/or registrar prior to the transfer out date.

DomainIQ WHOIS records show the domain at Domain.com on a December 7th entry, but a December 10th DomainIQ WHOIS shows the domain under privacy at Namesilo with a December 7th update date.

**Note the Updated Dates for possible specific time stamps**

The December 7th entry:

VS

December 10th entry:

The December 10th WHOIS Updated Date [2018-12-07T21:34:20Z] is a likely indication of when it may have been transferred out.

Also note the expiration difference between WHOIS entries, the December 10th entry shows a new 2020 expiration -- which combined with a registrar change indicates a transfer occurred.

Why did the alleged thief use Namesilo? One has to wonder if the transfer was paid for in Bitcoin.

Another thing to note, the nameserver changes:

From:
NS1.MYDOMAINWEBHOST.COM

To:
NS-1476.AWSDNS-56.ORG
NS-2037.AWSDNS-62.CO.UK
NS-546.AWSDNS-04.NET
NS-60.AWSDNS-07.COM

Before (August 5th, 2018)

Current:

 

[Kate]

I doubt 'it' is a female. More likely, posing as female is part of the social engineering process.

 

[Acroplex]

Both NWX and ECA were managed by email addresses of legacy providers, AOL and Comcast; both email addresses are in the compromised list. https://domaingang.com/domain-crime...way-from-aol-yahoo-and-hotmail-accounts-fast/

Move your domains away from such providers.

 

[Silentptnr]

I purchased an LLL.net from this person. I did do my due diligence on the name as best I could. I required the auth code and transfer prior to paying. It went smooth.

A day later, I received a contact via whois privacy from a gentleman in North Carolina. He noticed his email stopped working. Long story short, he has owned the domain for over 20 years. His domain account was apparently hacked and both his password and secret questions were changed. He is still trying to access his domain account.

I have initiated a paypal dispute. Obviously I can't keep the mans domain. It's stolen property.

I alerted NP mgmt, and they apparently have closed the user's account.

What a shame.

Update
I am happy to report that Paypal has finalized my claim and I have received a full refund.

I have also reached out to the real domain owner with the good news. I look forward to returning his domain immediately.

 

[MapleDots]

The thing about namepros (based on previous history) the members eventually come to the bottom of things. There have been some very detailed topics where the members banded together to expose the perpetrator.

I always look forward to these topics because they usually expose how the crime occurred and we can all learn from that to better protect our portfolio.

 

[Paul]

Both NWX and ECA were managed by email addresses of legacy providers, AOL and Comcast; both email addresses are in the compromised list.

Move your domains away from such providers.

Please, please, please move away from legacy providers, especially Yahoo and anything related to them. NamePros sends hundreds of thousands of emails each month; we get a very clear picture of which providers care about their users and which don't. Yahoo has all but given up. We have more problems with them than all the other providers combined.

Never use your ISP's email service. You're probably not going to be with that ISP forever, and most--including Comcast--have horrible email infrastructure. Hosting providers often have similar issues; for example, we've had a lot of problems delivering to SiteGround-hosted mailboxes lately.

And don't think hosting your own email infrastructure is a good idea, either: there are a lot of nuances involved in that; even I wouldn't dream of attempting it.

I would only recommend three email providers: Google (Gmail/G Suite), Microsoft (Outlook.com/Office 365; formerly Hotmail), and ProtonMail, in no particular order. If you're using anything else, it's worth the trouble of switching.

This is particularly important if you're a domainer because you rely on your email address to protect your assets. If someone compromises your email address, they can most likely steal your domains. Google, Microsoft, and ProtonMail have superior security in this area--most other services are trivial to get into.

 

[Paul]

Can confirm that both appear to be the same person (not just the same IP address).

The possibility of either account being compromised shouldn't be ruled out, though there is circumstantial evidence suggesting that isn't likely to be the case.

This is a good opportunity for a PSA: If your password here is the same as your password anywhere else, change it. You need a password manager. If you're doing business online, it's not optional. It is quite possibly the single best step you can take toward security your online assets. If you can remember your password, it's a bad password.

Some reputable password managers, in no particular order:

• LastPass
• BitWarden
• 1Password
• Dashlane
• RoboForm

Additional security tips:

1. SMS doesn't count as 2FA. It's nearly useless. I don't even know why websites still offer this; it's security theater and offers no significant protection. All it does is inconvenience you. Don't even add SMS as a backup option; you're completely eliminating the benefits of 2FA when you do that.
2. OATH is your best option for 2FA. Typically this involves installing an app on your phone and taking a picture of a funky-looking QR code. Google Authenticator and Authy are both popular apps for this purpose. This is what NamePros offers and recommends.
3. If you find 2FA codes inconvenient, consider getting a YubiKey. Not all websites support them, but the number is growing, and NamePros plans to support them in the near future. The cheap blue one is all most people need. I linked to the two-pack, as it's a good idea to have a backup.
4. When choosing security questions and answers, don't use real answers. Generate random passwords in your password manager and use those instead. Hackers are better at figuring out the real answers than you are at remembering them.

 

[Kate]

SMS can be intercepted by rogue operators with access to the SS7 network. BTC have already been stolen that way.
But the most common approach is SIM swapping. Simply posing as the legitimate line holder, you tell your operator your phone got stolen, you get a new SIM card and take over the phone number.

I use a password manager, so I can have super-complicated passwords and they are different for each service. The password manager database itself is protected by a master password.
Of course you still need good computer security hygiene.

Domain names are usually stolen through one of these methods:

• taking over the E-mail address, especially a legacy address like Yahoo/Comcast, with a weak password that has a good chance of being found in pwnlists, or an address based on a domain name that dropped and is free to register.
  
• phishing in order to grab registrar credentials from the account holder, for example by spoofing the Icann yearly reminder to verify whois accuracy.

But it's almost always E-mail that is the gateway to domain theft.

My advice, especially to domainers, is not to use free E-mail, but instead use a domain name that you control. For your registrar account, use an address that is different than the one listed in whois.

 

[EmpireNames.com]

I want to clarify this post with a disclaimer saying not every name she/he sold is proven to be stolen

According to @Riz M. @PatyGMar was trying to sell the name in question, nwx.com, which has been proven to be a stolen domain

eca.net is currently under GoDaddy dispute so I assume that one was stolen as well

I hope the others will speak out about their experience as well

Thanks

From day one i was not comfortable with this guy as he was selling very silently ... but then after seeing feedbacks i gained confidence but then i decided to make deal with him of just 100 usd for name qauf.com i transferred him funds and then he gave me authcode when i submitted authcode i got reply from registrar this domain is in court action or something like that i replied him refund my money now and he refunded me...then i stopped dealing with him now 3 days or 2 days ago he offered me 3L.com in 15k i could pay that amount but problem i said i cant trust you and he went quite and today this news came here...

 

[golan]

@Sedo @namesilo nwx.com listed for sale at $15,750 it's been stolen, NameSilo you are the new registrant I spoke to the owner it was stolen from his mydomain account and transferred to you, this name is stolen.

I'm afraid html code in your post got broken, so the user tags don't actually work. Here i tag them so that they could get a notice: @Sedo @namesilo

 

[Acroplex]

Add the following to the list:

BCI.ORG
LGM.ORG
PVN.ORG

 

[equity78]

Ron texted me to let me know he has his name back.

 

[maxtra]

This is not the only domain @PatyGMar has stolen and attempted to sell

I bought eca.net from she/he not knowing it was stolen as well as several other members here on NP

@Ritesh Chauhan @chetan9693 @Domains - Wanted @Dot Superstore @Hireinternet @nicedomains @rathish @Rxshow @Silentptnr @wwwweb

Hope she/he faces jail time

Thanks

 

[Acroplex]

It looks like VAP.com was stolen in 2013 by the same person; the legit owner - Venture Asset Partners, LLC - used a Yahoo email address. The domain has been resold several times since.

 

[maxtra]

Just received a message from the owner of eca.net, it is confirmed stolen

He owned the name for 20 years and his email and NS accounts was hacked

Quite the hack job that has taken place here

 

[Eric Lyon]

Show attachment 104955

May be time to get mods involved if this happened on NP

I have discovered sufficient evidence to determine that @PatyGMar is @AlejandroGarcia.

Accounts are closed or restricted for failure to verify ownership of the domain name.

Hope that helps,

 

[creataweb]

May be time to get mods involved if this happened on NP

@Support Team

 

[Ron Bearden]

NWX.com was stolen from mydomain.com and I am looking for who is now hosting it. Thanks Ron

 

[equity78]

NWX.com was stolen from mydomain.com and I am looking for who is now hosting it. Thanks Ron

Thanks for joining Ron.

I told Ron to join as I alerted him to the fact I posted this here, this is the best community on the net to help with stolen domain names. The registrar where your name now is @namesilo and Sedo tweeted me today the name is no longer listed for sale there, not sure if someone hit the buy it now or it was removed by the person who listed it on Sedo.

 

[bmugford]

This is not the only domain @PatyGMar has stolen and attempted to sell

I bought eca.net from she/he not knowing it was stolen as well as several other members here on NP

@Ritesh Chauhan @chetan9693 @Domains - Wanted @Dot Superstore @Hireinternet @nicedomains @rathish @Rxshow @Silentptnr @wwwweb

Hope she/he faces jail time

Thanks

I bought a two word .COM from this user for $69 which was at Netsol.
It is nothing amazing; certainly not the quality of a (3) letter domain, but now I have reservations.

Brad

 

[maxtra]

Sometimes when we see a very high value domain being sold for peanuts, we need to take that as a possible red flag and do our due diligence. Some deals may be too good to be true.

The offer to me was priced high enough that I thought it was a legitimate reseller offer

The account had 10+ positive feedback on their NP account which I used as a benchmark

Everything about the transaction seemed legitimate

Thanks