NameSilo

NWX.com stolen

Labeled as alert in Warnings and Alerts started by equity78, Dec 17, 2018.

Replies:
81
Views:
9,451

  1. alcy

    alcy Top Member VIP

    Posts:
    16,183
    Likes Received:
    25,175
    well.. if you can't rememeber if you did it for sure... and you too had a bad rep on the fone, then him saying it, doesn't really confirm anything ;) I guess the only way to confrim it would be for you to remember for sure that you did it :)

    as for your question you wonder about, as I just said, pushing ALWAYS requires assistance. it doesn't matter the registrar(s)... and regardless if you have secret question or not.. this is due to the fact that the domain needs to be removed first from old owner.. before it can be added to new one. and you cannot remove domain from your account on your own. without support call/chat.

    if you own domainX on mydomain.com... and try add it to another accnt on mydomain it will say the domain already exists. it will also say same if you try to add it to a doster account etc.. regardless if you have secret questions or not. its actually not relevant here. in short, it'll keep saying domain already exists in their database, until you call support to remove it. once you do that, there are like I said two ways to do it.. one is: you tell them to remove it only. and then tell new owner to ADD it through their panel. or 2nd method is with secret question, whereby after agent removes name on phone, u give new owner email+secret question/answer.. and they complete the push themselves. the new owner does nothing.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. alcy

    alcy Top Member VIP

    Posts:
    16,183
    Likes Received:
    25,175
    you mean the thief/hacker could be pretending to be her by stealing that identity?
     
  3. SuperBrander

    SuperBrander Top Member VIP

    Posts:
    2,210
    Likes Received:
    2,491
    @alcy Pushing domains between Domain.com, MyDomain.com, Netfirms and Dotster is possible. I've done it many times in the past. You need to have the details of both accounts and it involves a regular push as well as asking them to change the RSP (RSP stands for Registered Service Provider, if I'm not mistaken) to the new registrar. When they don't do that (or say they did but didn't because... well... often they're incompetent and have no idea what they're doing)- the domain is still technically in the first registrar even after the push is done and can't be controlled from the new registrar until the RSP is changed.
     
  4. alcy

    alcy Top Member VIP

    Posts:
    16,183
    Likes Received:
    25,175
    yes it can get quite complex... especially with the followup RSP changes etc.. and as you put it, incompetent reps outnumbering the competent ones...

    however, the fact remains that it cannot be done on your own and needs support call.. or chat... whether its a mydomain to mydomain push... or mydomain to affiliated registrar.

    cheers
     
  5. SuperBrander

    SuperBrander Top Member VIP

    Posts:
    2,210
    Likes Received:
    2,491
    @alcy Yes, it can't be done alone. I thought you were saying that a push between them can't be done at all. Maybe I misunderstood.
     
  6. forge

    forge hoop dee do VIP

    Posts:
    4,230
    Likes Received:
    7,905
    I tried that once. NEVER AGAIN!!!
     
  7. maxtra

    maxtra Let's make a deal Gold Account VIP

    Posts:
    4,446
    Likes Received:
    2,591
    Just received a message from the owner of eca.net, it is confirmed stolen

    He owned the name for 20 years and his email and NS accounts was hacked

    Quite the hack job that has taken place here
     
    Last edited: Dec 19, 2018
  8. I have discovered sufficient evidence to determine that @PatyGMar is @AlejandroGarcia.

    Accounts are closed or restricted for failure to verify ownership of the domain name.

    Hope that helps,
     
  9. Paul Buonopane

    Paul Buonopane CTO, NamePros CTO VIP

    Posts:
    1,366
    Likes Received:
    2,315
    Please, please, please move away from legacy providers, especially Yahoo and anything related to them. NamePros sends hundreds of thousands of emails each month; we get a very clear picture of which providers care about their users and which don't. Yahoo has all but given up. We have more problems with them than all the other providers combined.

    Never use your ISP's email service. You're probably not going to be with that ISP forever, and most--including Comcast--have horrible email infrastructure. Hosting providers often have similar issues; for example, we've had a lot of problems delivering to SiteGround-hosted mailboxes lately.

    And don't think hosting your own email infrastructure is a good idea, either: there are a lot of nuances involved in that; even I wouldn't dream of attempting it.

    I would only recommend three email providers: Google (Gmail/G Suite), Microsoft (Outlook.com/Office 365; formerly Hotmail), and ProtonMail, in no particular order. If you're using anything else, it's worth the trouble of switching.

    This is particularly important if you're a domainer because you rely on your email address to protect your assets. If someone compromises your email address, they can most likely steal your domains. Google, Microsoft, and ProtonMail have superior security in this area--most other services are trivial to get into.
     
  10. bmugford

    bmugford www.DataCube.com PRO ICA Member VIP ★★★★★★★★★★

    Posts:
    8,550
    Likes Received:
    8,239
    Weird. I have dealt with AlejandroGarcia in the past dating back several years and he has strong trade reviews. I wonder what is going on here...

    Brad
     
  11. Paul Buonopane

    Paul Buonopane CTO, NamePros CTO VIP

    Posts:
    1,366
    Likes Received:
    2,315
    Can confirm that both appear to be the same person (not just the same IP address).

    The possibility of either account being compromised shouldn't be ruled out, though there is circumstantial evidence suggesting that isn't likely to be the case.

    This is a good opportunity for a PSA: If your password here is the same as your password anywhere else, change it. You need a password manager. If you're doing business online, it's not optional. It is quite possibly the single best step you can take toward security your online assets. If you can remember your password, it's a bad password.

    Some reputable password managers, in no particular order:
    Additional security tips:
    1. SMS doesn't count as 2FA. It's nearly useless. I don't even know why websites still offer this; it's security theater and offers no significant protection. All it does is inconvenience you. Don't even add SMS as a backup option; you're completely eliminating the benefits of 2FA when you do that.
    2. OATH is your best option for 2FA. Typically this involves installing an app on your phone and taking a picture of a funky-looking QR code. Google Authenticator and Authy are both popular apps for this purpose. This is what NamePros offers and recommends.
    3. If you find 2FA codes inconvenient, consider getting a YubiKey. Not all websites support them, but the number is growing, and NamePros plans to support them in the near future. The cheap blue one is all most people need. I linked to the two-pack, as it's a good idea to have a backup.
    4. When choosing security questions and answers, don't use real answers. Generate random passwords in your password manager and use those instead. Hackers are better at figuring out the real answers than you are at remembering them.
     
    Last edited: Dec 20, 2018
  12. Embrand

    Embrand Top Member ICA Member Gold Account VIP ★★★★★★★★★★

    Posts:
    1,356
    Likes Received:
    962
    This was the person I suspected, but did not have proof enough to name.
     
  13. Embrand

    Embrand Top Member ICA Member Gold Account VIP ★★★★★★★★★★

    Posts:
    1,356
    Likes Received:
    962
    Last edited: Dec 20, 2018
  14. golan

    golan GolanMedia.com Gold Account VIP

    Posts:
    3,875
    Likes Received:
    3,559
    I can add RoboForm to this list. Using it for i think more than 15 yrs and am really happy.
     
  15. Silentptnr

    Silentptnr Top Member VIP

    Posts:
    12,642
    Likes Received:
    33,044
    I am awaiting an update (due 12/27) on my PP dispute. I have not yet returned the domain to the registrant who's account was compromised. I don't want to move too hastily until I hear from the seller or PP. The gentleman is being patient.
     
  16. Grilled

    Grilled khjasdhkfdhdskfhhukdfshkj VIP

    Posts:
    4,541
    Likes Received:
    6,056
    Since so far, at least two domains sold by this user have been reported stolen, will there be any investigatory updates into the other domains sold by this user?

    Most of their old posts have been edited. But some can still be found in caches.... (dates are not 100% confirmed)

    11/9 | Pited.com, Foffe.com, Yosly.com
    upload_2018-12-20_22-58-23.png

    11/10 | OfficeLamp.com, TorchLamps.com
    upload_2018-12-20_23-3-59.png

    11/10 | T-15.com, BoudoirLamps.com, BrassTubing.com, GoldCharts.com
    upload_2018-12-20_23-0-47.png


    11/25 | RobinNest.com +
    upload_2018-12-20_22-55-51.png

    12/1 | CaRestoration.com
    upload_2018-12-20_22-48-43.png


    12/1 | xAND.org, GotCaffeine.com, AmericanaCoffee.com, BoudoirLamps.com, BondCommodities.com, GasCommodities.com, GasolineCharts.com
    upload_2018-12-20_22-45-43.png

    12/6 | KXRD.com
    upload_2018-12-20_22-39-7.png

    12/13 | PGF.net upload_2018-12-20_22-41-45.png
    **Keeping in mind, there appear to be other domains sold; this is most likely not the full list.**

    A lot of the domains I just posted [KXRD.com, GoldCharts.com, TorchLamps.com, T-15.com etc...] have a long lasting digital footprint to a Larry Austin of California using a @ sprintmail.com email address. -- Not sure if he is aware that his domain(s) may have been compromised...
     
    Last edited: Dec 21, 2018
  17. Ritesh Chauhan

    Ritesh Chauhan Upgraded Member Gold Account VIP

    Posts:
    2,791
    Likes Received:
    501
    Foffe.com had received qurey on transfer day. but it resolved from Godaddy side, and they unlocked domain name..
     
  18. Grilled

    Grilled khjasdhkfdhdskfhhukdfshkj VIP

    Posts:
    4,541
    Likes Received:
    6,056
    Received query from who? And what was the query about?
    What was the outcome? ... did they award the domain to you, or was it returned?
     
    Last edited: Dec 21, 2018
  19. Ritesh Chauhan

    Ritesh Chauhan Upgraded Member Gold Account VIP

    Posts:
    2,791
    Likes Received:
    501

    they had locked domain for 2 days,
    and after investigation they awarded domain to me. and unlocked them as well.


    I had to send mail to godaddy support..

    Very first time, i had doubt that there might be stolen domain, but when dispute came, i contacted seller, and she told me to return money, if domain are not removed from dispute.

    but when it got resolved from Godaddy, i denied for refund, and i found that domains are not stolen...

    "There might be a possibility that seller wanted to get trust by selling some domains, and preparing for bigger scam..."

    "Unless old owner file dispute, we can not tag every domain as stolen one.., but better to file paypal claim for disputed domain...."
     
  20. Grilled

    Grilled khjasdhkfdhdskfhhukdfshkj VIP

    Posts:
    4,541
    Likes Received:
    6,056
    Thanks for the clarification.

    I've never encountered this before. Just so I understand, GoDaddy sent you an email notifying you the domains had been locked and were under investigation?

    Then they finished their investigation, and awarded you the domains?

    For educational purposes, would you mind sharing those emails?

    This is possible. But at the same time, should the seller have sold domains they legitimately registered, there may be a footprint leading back to their identity. As such, a scammer could have motive to only deal in stolen domains.

    All three domains being sold in the below screenshot have a longstanding digital footprint attached to a John Makowski of Maryland using a @comcast.net email.

    [​IMG]

    Mr. Makowski could have legitimately sold them, and Paty could have legitimately acquired, and sold them in effort to build trust. But given the current shenanigans, there could be more to this. Might be best to contact Mr. Makowski and see what (if anything) can be confirmed.
     
    Last edited: Dec 21, 2018
  21. Ritesh Chauhan

    Ritesh Chauhan Upgraded Member Gold Account VIP

    Posts:
    2,791
    Likes Received:
    501

    @PatyGMar told me that she purchased from person having paypal id *****@comcast.net

    Another possibility is the systematically planned scam, where she made some evidance by making fake deals on her own paypal, and domain transferred accounts more than one time...

    So that she can easily misguide latest registrar, and paypal also. by providing proof that she has purchased domain from xyz person. (she might be trying to prove herself as victim..)

    if registrars are changed more than one time, then there might be a possibility that they will not easily respond ownership disputes, unless UDRP case filed...
     
  22. Grilled

    Grilled khjasdhkfdhdskfhhukdfshkj VIP

    Posts:
    4,541
    Likes Received:
    6,056
    Did she happen to message you a screenshot of that?

    I wonder, if GoDaddy had opened a investigation, if they would have received such correspondece from her (or John -- maybe even correspondence from the @comcast.net email 'not knowing if it was hacked or not'), in order for GoDaddy to have came to the conclusion they had in awarding you the domain.
     
    Last edited: Dec 21, 2018
  23. Ritesh Chauhan

    Ritesh Chauhan Upgraded Member Gold Account VIP

    Posts:
    2,791
    Likes Received:
    501
    if email ids of original owners are hacked, then it will be hard to prove @PatyGMar as scammer in Paypal and Godaddy...
     
  24. equity78

    equity78 Top Member TLDInvestors.com TheDomains Staff PRO Gold Account VIP ★★★★★★★★★★

    Posts:
    13,117
    Likes Received:
    11,787
    Thanks for the post, why does SMS not count for 2FA?

    Secondly I never use a password manager because I always thought that was the hacker goldmine if one of them get hacked, your thoughts on that Paul.

    Thank you.
     
  25. Kate

    Kate Domainosaurus Rex VIP ★★★★★★★★★★

    Posts:
    21,117
    Likes Received:
    22,424
    SMS can be intercepted by rogue operators with access to the SS7 network. BTC have already been stolen that way.
    But the most common approach is SIM swapping. Simply posing as the legitimate line holder, you tell your operator your phone got stolen, you get a new SIM card and take over the phone number.

    I use a password manager, so I can have super-complicated passwords and they are different for each service. The password manager database itself is protected by a master password.
    Of course you still need good computer security hygiene.

    Domain names are usually stolen through one of these methods:
    • taking over the E-mail address, especially a legacy address like Yahoo/Comcast, with a weak password that has a good chance of being found in pwnlists, or an address based on a domain name that dropped and is free to register.
    • phishing in order to grab registrar credentials from the account holder, for example by spoofing the Icann yearly reminder to verify whois accuracy.
    But it's almost always E-mail that is the gateway to domain theft.

    My advice, especially to domainers, is not to use free E-mail, but instead use a domain name that you control. For your registrar account, use an address that is different than the one listed in whois.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...