alert [RESOLVED] - Scammed by hacker $3,000 btc pornography.com affiliate.org etc

[Investful]

The sale thread is in another forum.
https://bitcointalk.org/index.php?topic=1722533.msg%msg_id%
and these domain were also listed on hackforum and flippa.

I bought 2 domain from him, paid ~3k in bitcoin.

It went smoothly initially, he actually went first(I thought nothing could go wrong) transferred the domain into my account, and gave me a week to pay it off. A week later, I paid in full.

But few days later, I get a message from the domain company "namecheap/enom" telling me those 2 domain has been "Locked due to pending Transfer Dispute".

send payment to address:
1J8moCzzRg6rdoGv1aqoPJCqrkXhocwNtT
1NmBxpMrY1wqKsWD8HK6n9ZQF6WP5povFK
17An4YMbWeXhkg7nnPumdrgHSgVeut1jbY

Here's are the list of stolen or his domains(how does owner of $100k+ domain not have strong account security).
pornography.com
lurking.com
schoolteacher.com
automating.com
disturb.com
overpopulation.com
affiliate.org
affiliatemarketing.net
TMZA.com

many of these domains were listed in flippa.com a week back.

 

[Ali]

Looks like @Zandibot used to own disturb.com. Maybe he can help you somehow.

Yup, I owned 3 of those names a while back. Been helping OP via PM.

 

[Alan Glennon]

Thank you @Investful for posting about this scam. It may be embarrassing, but posting details like you have helps others avoid similar situations.

 

[zurc.net]

Not to pour more salt into the wounds, but those names are easily high six figures... you really thought you were getting them for $3k worth of Bitcoins? Red flags every where...

 

[Chris Hydrick]

I did some digging.

FLIPPA

AffiliateMarketing.net - ended unsold 1/14/17 on Flippa with one bid @ $2,250 by now suspended seller Brennvn < link to flippa seller account

Lurking.com - cached flippa listing from 1/15/17 HERE. Domain was brokered by Flippa Broker Daniel Errecart

SchoolTeacher.com - cached flippa listing from 1/14/17 HERE. Same Flippa broker. DE

Automating.com - cached Flippa listing from 1/17/17 HERE. Same Flippa broker. DE

Disturb.com - cached Flippa listing from 1/16/17 HERE. Same Flippa broker. DE

OverPopulation.com - cached Flippa listing from 1/16/17 HERE. Same Flippa broker. DE

WHOIS Updates

On 12/3 and 12/7, there are individual updates clustered to within one hour. Anything here?

12/7/2016 8:13:17 - OverPopulation.com - WHOIS updated: eNom registrar. Email changed to [email protected]

5/30/16 OverPopulation.com, The email changed to

. Still registered at DNC Holdings

3/21/16, OverPopulation.com, belonged to registrant name JP Suave -

. Registered at DNC Holdings

Related domains once registered to

Automating.com
Lurking.com
OverPopulation.com
Disturb.com

Related domains once registered to

TMZA.com
Lurking.com
OverPopulation.com
AffiliateMarketing.net
Affiliate.org
SchoolTeacher.com

Other recently updated domains belonging to JP email addresses registered at DNC Holdings. Depending if / when account was hacked, these domains might be affected.

Below three domains are now under Privacy (once belonged to JP email) . Unlike the private domains listed by OP, below domains are still with DNC Holdings.

Looks like @Zandibot used to own disturb.com.

@Zandibot used to own SchoolTeacher.com as well.

Hypothesis
Currently inconclusive to me. Assuming an email hack.

@Investful - Did you email the WHOIS email of the domains you buying the domains? Was the WHOIS email you corresponded with either the privacy proxy email or [email protected]?

If you haven't unconvered any of this already with Ali, I'd shoot an email, or telephone call to the prior owner of the domains you "bought." See if they sold the domains to your seller, or if they say they were stolen. Not real sure how to get your money back given it was BTC, if anything you might be able to track IP address or real identity by working with connected companies. ie Flippa and the affiliated registrars. Not sure if you'd have to file a theft report for them to release the info or what not.

Does pending transfer dispute mean, the last owner filed a theft dispute?

Hope this helps, and sorry if I went overboard; I like puzzles.

 

[wwwweb]

You knew you were getting a steal, and that is exactly what you got.

They could place those on any auction with no reserve, and a single name would sell for more than you paid for the lot.

 

[Investful]

Updates:

eNom/NameCheap closed the transfer-dispute and allowed me to keep the domains.

Domain is no longer registry locked.

 

[Nick]

Start here:

Looks like @Zandibot used to own disturb.com. Maybe he can help you somehow.

I'd avoid using BTC to pay for domains, or anything of value, in the future.

 

[eurorealtor]

Without me paying a penny, he pushed the domain into my account and gave me a week to gather the bitcoin and to pay it off. I thought it was secured under my account since it's been there for a week, so I paid him in full.

Another red flag, no one push domains first without securing payment.

 

[Investful]

Here's some more additional information,

Current resting place of Bitcoin stolen. showing 45k(I lost 3k, I know at least another person lost 2k), 1 transaction, dated 1/28/2017.
https://blockchain.info/address/1AN4MKDNoLDzBnzskDvjqbGbEo2Jf4e8fr

Whois
The original owner might be "jp sauve", he is the CEO of MaxBounty, maybe someone tipped him off when it was listed on flippa.

Flippa
I initially ignore him, because the red flag was all there. But once I saw it was listed on flippa, by a reputable broker. It definitely did it for me, and take him seriously.

@Investful - Did you email the WHOIS email of the domains you buying the domains? Was the WHOIS email you corresponded with either the privacy proxy email or [email protected]?

I didn't need to email the Whois. The transaction took place Skype screen share and voice chat, I watched him log into that exact email and log into namecheap with username "adomainholder".

He did that to "prove" he own those domains, and I saw all those listed, including pornography. That's what caught me off guard. He had email, namecheap, listed on flippa, had possession from 12/3 to my purchase date 1/15 and this pornography.com alone is worth 500k(to right end user).

When I agreed to pay bitcoin, I was fully aware that's no chargeback. I only posted here to alert the domain community of the stolen domains and to make aware of the vulnerabilities and domain transfer security.

 

[Ali]

@Zandibot used to own SchoolTeacher.com as well.

If you haven't unconvered any of this already with Ali,

Definitely used to own 3 of those names. Been helping OP behind the scenes. Hoping he gets this resolved.

 

[ustradebitcoin]

Bitcointalk is not a place to buy domain names, it infected with scammers..
try to send Theymos a PM with proof..he can help you

 

[4better]

What I don't understand here is that where's the real owner of those domains. When those domains have been "handled" by that anonymous scammer for quite some time, the owner was sleeping all along? Didn't the owner ever receive any message or notification from Namecheap about the domain transactions? Could it be that there's some sort of "relationship" between the scammer and the real owner which allow the scammer to access the domains worth hundreds of thousands of dollars. There are just a lot of possibilities here. It's just shady!

 

[Lite]

send address: (anyone know how to trace these btc)?
1J8moCzzRg6rdoGv1aqoPJCqrkXhocwNtT
1NmBxpMrY1wqKsWD8HK6n9ZQF6WP5povFK
17An4YMbWeXhkg7nnPumdrgHSgVeut1jbY
.

https://blockchain.info/ << Use this to trace BTC transactions.

You can try contacting Coinbase support team with proof and let them know what happened. If the recipient was using Coinbase, they might freeze his account.

 

[Kuffy]

I'd avoid using BTC to pay for domains, or anything of value, in the future.

Why on earth would you say that. With multi-sig, and deferred confirmations, I believe Bitcoin is the best payment option for domains that is currently available. It is non-reversible, and has low fees. A time lock on the spending of the Bitcoin could have allowed you to recover the money.

The problem was not with the payment method, but lies with the domain transfer procedures, and the lack of protection for domain names.

 

[Kate]

There are several red flags:

• push first before payment is secured
  
• somebody who owns quality domain names should have received inquiries and unsolicited offers, then they are aware their names have some value (if they didn't know already)
  
• knowing this, they won't post them for sale in a backyard alley but where they are going to get qualified eyeballs
• they should have no incentive to liquidate in a hurry when they can competing bids
  
• of course the seller won't post on specialized (domainer) forums precisely because the domain names would be scrutinized there, especially coming from a new member.

Even if the seller proves that he is in control of the domain, past ownership, record changes etc should always be investigated.
BTC is great for anonymous purchases but if you pay in non-repudiable currency and the seller is anonymous what recourse do you have ? Zero.
Even if the OP gets the domains back, they must belong to another party and should be considered stolen.

Lesson learned: use a payment method that leaves some sort of trail usable for law enforcement. The problem is that domain names being intangible assets they can easily be taken away from you later on.

 

[Kuffy]

Actually Bitcoin is not as anonymous as people think. because everything is recorded on the blockchain foir public inspection. It's even less anonymous if you register your address in various places, which is what I have done. It would be a simple matter for anyone to track a payment back to me.

This case was a bit different though, The scammer ran the payment through a mixer. A mixer is a site that takes a load of payments and splits them and jumbles the bits. It then pays the scammer with some of the bits that have come from various sources. It isn't possible to track the payment through the mixer.

If you are paying a large amount in circumstances such as this one, you should verify the address of the recipient, or use a multi-sig with a trusted third party.

 

[alcy]

what the hell is going on with this bs namecheap enom transfer lock

I just read another thread on np a week ago abotu someone else getting domain locked due to dispute. same company.

I don't remeber the thread or the name, but I doubt it was the same as op.

but its like people here tell you.. if its too good to be true.. well.. it ain't true.

 

[zurc.net]

That's even more suspicious to me, lmao.

 

[wwwweb]

Well thats the great thing about bitcoin, no recourse.

 

[zurc.net]

Should always check whois history

 

[wwwweb]

Should always check whois history

This was the thing, he dangled the diamonds in front of this person, their eyes lit up, and they thought they were getting a steal, all these deals have the same characteristics.

 

[Investful]

I agree, Escrow definitely more safer, but according to this article
http://www.domaininvesting.com/escrow-and-aftermarket-platforms-dont-do-your-due-diligence/

" An escrow service is there to secure the funds and ensure a domain name transfer to the buyer, not to verify that the sale is legitimate."

The scammer went first, domain was transferred to me, and I had it secured under my account for a week to gather enough bitcoin to pay.

Escrow would only delay the transaction and give time for inspection. I don't think escrow do due diligence on domain to check if it's stolen.

 

[Kuffy]

Please don't keep trashing Bitcoin. Bitcoin offers one of the best and safest payment methods if it is used properly. It wasn't Bitcoin that was the problem here. In fact the payment went through a Bitcoin mixer, but I'm not sure how you can discover this before you make the payment.

PayPal is the scammers chosen method of payment, and Bitcoin offers a way to escape from this, and at a lower price. Would escrow have worked in this case, if the the payment was released after a succesful transfer that was subsequently reversed.. A time delayed multi-sig Bitcoin payment would have been safer if the seller was prepared to wait. Obviously he wouldn't in this case.

 

[OneOfTheseDays]

as a total newbie this is the first section of this forum i am going to research
best to learn the pitfalls - so many crooks about