alert NWX.com stolen

[equity78]

@Sedo @namesilo nwx.com listed for sale at $15,750 it's been stolen, NameSilo you are the new registrant I spoke to the owner it was stolen from his mydomain account and transferred to you, this name is stolen.

 

[maxtra]

We need proves before jumping to conclusions.

@PatyGMar was caught trying to sell nwx.com

@PatyGMar other names are under dispute

@PatyGMar resides in Mexico

@PatyGMar NamePros account is banned

We have the right person

 

[EmpireNames.com]

I want to clarify this post with a disclaimer saying not every name she/he sold is proven to be stolen

According to @Riz M. @PatyGMar was trying to sell the name in question, nwx.com, which has been proven to be a stolen domain

eca.net is currently under GoDaddy dispute so I assume that one was stolen as well

I hope the others will speak out about their experience as well

Thanks

From day one i was not comfortable with this guy as he was selling very silently ... but then after seeing feedbacks i gained confidence but then i decided to make deal with him of just 100 usd for name qauf.com i transferred him funds and then he gave me authcode when i submitted authcode i got reply from registrar this domain is in court action or something like that i replied him refund my money now and he refunded me...then i stopped dealing with him now 3 days or 2 days ago he offered me 3L.com in 15k i could pay that amount but problem i said i cant trust you and he went quite and today this news came here...

 

[LaunchUp.com]

Sometimes when we see a very high value domain being sold for peanuts, we need to take that as a possible red flag and do our due diligence. Some deals may be too good to be true.

 

[bmugford]

This is not the only domain @PatyGMar has stolen and attempted to sell

I bought eca.net from she/he not knowing it was stolen as well as several other members here on NP

@Ritesh Chauhan @chetan9693 @Domains - Wanted @Dot Superstore @Hireinternet @nicedomains @rathish @Rxshow @Silentptnr @wwwweb

Hope she/he faces jail time

Thanks

I bought a two word .COM from this user for $69 which was at Netsol.
It is nothing amazing; certainly not the quality of a (3) letter domain, but now I have reservations.

Brad

 

[rh2000]

I purchased an LLL.net from this person. I did do my due diligence on the name as best I could. I required the auth code and transfer prior to paying. It went smooth.

A day later, I received a contact via whois privacy from a gentleman in North Carolina. He noticed his email stopped working. Long story short, he has owned the domain for over 20 years. His domain account was apparently hacked and both his password and secret questions were changed. He is still trying to access his domain account.

I have initiated a paypal dispute. Obviously I can't keep the mans domain. It's stolen property.

I alerted NP mgmt, and they apparently have closed the user's account.

What a shame.

Wow. I wonder how all these domains are being stolen.

 

[maxtra]

Sometimes when we see a very high value domain being sold for peanuts, we need to take that as a possible red flag and do our due diligence. Some deals may be too good to be true.

The offer to me was priced high enough that I thought it was a legitimate reseller offer

The account had 10+ positive feedback on their NP account which I used as a benchmark

Everything about the transaction seemed legitimate

Thanks

 

[BestDomains2828]

How can he stolen all this names maybe this guy got a virus that is working for him.

 

[DaveX]

I put the persons name (from paypal) in Google and it might be coincidence, but the persons name is the same as a person that was just convicted of drug trafficking in Texas.

 

[Grilled]

NWX.com was stolen from mydomain.com and I am looking for who is now hosting it. Thanks Ron

Hi Ron -- Welcome to namePros! (and +1 for having the coolest last name I've seen all year!)

Not sure how much details you have behind the alleged theft, but as the process goes on, the more you can uncover, the better your chances of recovering the domain. A good place to start, as indicated in a previous post above, is to review your email...

When did you lose access to the domain? Keeping in mind, the date the domain was transferred out might not be the date you lost access to the domain. e.g. The alleged thief most likely had entry to your email and/or registrar prior to the transfer out date.

DomainIQ WHOIS records show the domain at Domain.com on a December 7th entry, but a December 10th DomainIQ WHOIS shows the domain under privacy at Namesilo with a December 7th update date.

**Note the Updated Dates for possible specific time stamps**

The December 7th entry:

VS

December 10th entry:

The December 10th WHOIS Updated Date [2018-12-07T21:34:20Z] is a likely indication of when it may have been transferred out.

Also note the expiration difference between WHOIS entries, the December 10th entry shows a new 2020 expiration -- which combined with a registrar change indicates a transfer occurred.

Why did the alleged thief use Namesilo? One has to wonder if the transfer was paid for in Bitcoin.

Another thing to note, the nameserver changes:

From:
NS1.MYDOMAINWEBHOST.COM

To:
NS-1476.AWSDNS-56.ORG
NS-2037.AWSDNS-62.CO.UK
NS-546.AWSDNS-04.NET
NS-60.AWSDNS-07.COM

Before (August 5th, 2018)

Current:

 

[bsdomains]

Thanks @equity78

There was a NS update between 06-12-2018 to 08-12-2018

 

[DaveX]

The stolen domain I purchased was "The Endurance International Group, Inc." also.

 

[Grilled]

The stolen domain I purchased was "The Endurance International Group, Inc." also.

The first, last, and only (until now) time I heard of Endurance Group was during the CQD fiasco.

because of the email security breach with [email protected] on Startlogic AND because, unbeknownst to me, startlogic, a US company who has housed my CQD.com web site files (and my other websites) since 1996 when i created CQD.com, was sold to Endurance Group International.

 

[namesilo]

Thanks for tagging us. We have locked down this domain while we investigate. The rightful domain owner needs to contact us at [email protected] so we can validate that it was stolen.

 

[Acroplex]

Both NWX and ECA were managed by email addresses of legacy providers, AOL and Comcast; both email addresses are in the compromised list. https://domaingang.com/domain-crime...way-from-aol-yahoo-and-hotmail-accounts-fast/

Move your domains away from such providers.

 

[DN Universal]

Wow. I wonder how all these domains are being stolen.

They are being stolen through some form of hacking. A person doing the hack can be in any country in the world. As we can see here they posed as a member to gain our confidence, support and comfort and to also use us as a customer base. Most of our members here always do their due diligence when transacting a sale, however we see in this incident that hackers do find ways to slip through the cracks.

 

[Lord Antares]

They are being stolen through some form of hacking. A person doing the hack can be in any country in the world. As we can see here they posed as a member to gain our confidence, support and comfort and to also use us as a customer base. Most of our members here always do their due diligence when transacting a sale, however we see in this incident that hackers do find ways to slip through the cracks.

Hacking can be impeccably easy, at least some forms of it. Always have long and mixed passwords, always.

 

[Acroplex]

It looks like VAP.com was stolen in 2013 by the same person; the legit owner - Venture Asset Partners, LLC - used a Yahoo email address. The domain has been resold several times since.

 

[Acroplex]

Add the following to the list:

BCI.ORG
LGM.ORG
PVN.ORG

 

[DN Universal]

Add the following to the list:

BCI.ORG
LGM.ORG
PVN.ORG

WOW!! That hacker has been a very busy Domain Name Thief....

 

[Acroplex]

There's about 125 more linked to that account; I only shared the LLL kind after verifying odd changes in ownership. They all have in common previous yahoo/AOL/Comcast etc. accounts. Others are linked to domains that dropped, and re-registered - a common domain hijacking technique.