alert [RESOLVED] - Scammed by hacker $3,000 btc pornography.com affiliate.org etc

[Investful]

The sale thread is in another forum.
https://bitcointalk.org/index.php?topic=1722533.msg%msg_id%
and these domain were also listed on hackforum and flippa.

I bought 2 domain from him, paid ~3k in bitcoin.

It went smoothly initially, he actually went first(I thought nothing could go wrong) transferred the domain into my account, and gave me a week to pay it off. A week later, I paid in full.

But few days later, I get a message from the domain company "namecheap/enom" telling me those 2 domain has been "Locked due to pending Transfer Dispute".

send payment to address:
1J8moCzzRg6rdoGv1aqoPJCqrkXhocwNtT
1NmBxpMrY1wqKsWD8HK6n9ZQF6WP5povFK
17An4YMbWeXhkg7nnPumdrgHSgVeut1jbY

Here's are the list of stolen or his domains(how does owner of $100k+ domain not have strong account security).
pornography.com
lurking.com
schoolteacher.com
automating.com
disturb.com
overpopulation.com
affiliate.org
affiliatemarketing.net
TMZA.com

many of these domains were listed in flippa.com a week back.

 

[Kate]

There are several red flags:

• push first before payment is secured
  
• somebody who owns quality domain names should have received inquiries and unsolicited offers, then they are aware their names have some value (if they didn't know already)
  
• knowing this, they won't post them for sale in a backyard alley but where they are going to get qualified eyeballs
• they should have no incentive to liquidate in a hurry when they can competing bids
  
• of course the seller won't post on specialized (domainer) forums precisely because the domain names would be scrutinized there, especially coming from a new member.

Even if the seller proves that he is in control of the domain, past ownership, record changes etc should always be investigated.
BTC is great for anonymous purchases but if you pay in non-repudiable currency and the seller is anonymous what recourse do you have ? Zero.
Even if the OP gets the domains back, they must belong to another party and should be considered stolen.

Lesson learned: use a payment method that leaves some sort of trail usable for law enforcement. The problem is that domain names being intangible assets they can easily be taken away from you later on.

 

[Kuffy]

Please don't keep trashing Bitcoin. Bitcoin offers one of the best and safest payment methods if it is used properly. It wasn't Bitcoin that was the problem here. In fact the payment went through a Bitcoin mixer, but I'm not sure how you can discover this before you make the payment.

PayPal is the scammers chosen method of payment, and Bitcoin offers a way to escape from this, and at a lower price. Would escrow have worked in this case, if the the payment was released after a succesful transfer that was subsequently reversed.. A time delayed multi-sig Bitcoin payment would have been safer if the seller was prepared to wait. Obviously he wouldn't in this case.

 

[OneOfTheseDays]

as a total newbie this is the first section of this forum i am going to research
best to learn the pitfalls - so many crooks about

 

[Domains - Wanted]

...Would escrow have worked in this case, if the the payment was released after a succesful transfer that was subsequently reversed...

YES, it would help a lot. There would have been a clear record (read: proof) of payment for the domain(s) in question to the very same party that pushed/transferred them.

 

[Kuffy]

There is a proof of payment with Bitcoin. In fact the whole history of payments to a wallet are available for public scrutiny on the blockchain. I assume that the party who pushed the names set up a false id, and this wouldn't have helped with escrow.

It is also possible to register your wallet address in various places, and a careful buyer can reserch those. This is why I suggest that Bitcoin when used sensibly and correctly can be the best form of payment for domain names.

 

[Domains - Wanted]

...I assume that the party who pushed the names set up a false id, and this wouldn't have helped with escrow.

I disagree. The buyer would have paid to the intermediary (escrow) company. Escrow would have forwarded funds to the same party that pushed/transferred the domain. All nicely documented by the escrow intermediary. Hence, no way for this particular scam to succeed with escrow.

 

[Kuffy]

Have I missed something here? I thought this was the sequence -

The deal was negotiated and a price agreed.
The seller transferred the names to the buyer.
The buyer verified that the names were safely in his account, and started to use them.
The buyer sent the money to the seller.
Some time later, the buyer was told that the names were stolen, and they had been removed from his account.

I thought that escrow paid out as soon as the buyer verified the safe receipt of the names. Up until this point the buyer hadn't paid anything. So the payment by the escrow company, and the payment by the buyer would have happened at the same point in the transaction. Hence my comment that escrow wouldn't have been any help. Of course, if the escrow included an element of insurance, then there could have been a claim on that, but that is a different issue.

 

[Domains - Wanted]

Have I missed something here? I thought this was the sequence -

Sorry, I was referring to a model escrow transaction, not this particular scam where there was no space for escrow.

 

[wayne wooldridge]

There doesn't seem to be much that can be done here. The names never belonged to the scammer.

Likely he gained access to the registrants account(s) and just put up the names for sell on a site where nefarious activity is allowed. All he had to do was find someone to take the bait, he transfers names, knowing he had nothing to lose.

Leaving the original owner of the domains to realize his names disappeared from his account. It's not the scammer getting the names back, but the rightful owner. The scammer is laughing his way to the bank while you are left holding the empty bag.

Sorry this happened, but it is very suspicious d someone would just transfer a name like that without payment. Live and learn...

 

[Investful]

How would someone use escrow if the scammer went first, gave me the domain without me paying a penny to him, just by showing him my real name/id/address. I know red flag from hindsight.

Another point, I had the domain secured under my account safely for more then a week~, without any dispute complain during that time, that's why there's 3 different payment in span of a week. It happen just after I paid in full.

According to whois information, the last update date was,
Updated Date: 2016-12-03T02:45:13.00Z
and sale thread date was 12/20/2017
and I bought it in 1/15/2017, and finalize payment sale in January 22, 2017.

The domain was in my hand for a week, and scammer had the domain for a month+. How does namecheap/enom and the original owner have so low of security for 100k+ domains list. 2 months? if any longer the thief would had secured the domain?

 

[MasterOfMyDomains]

I'll knock bitcoin. After reading this, i wont use bitcoin for any transactions until there is an xx,xxx sale in .men
Even if bitcoin is safe now, and it doesnt appear to be. Scammers will figure out different ways to scam with this invisible coin.
Sorry about your loss

 

[Kuffy]

I'll knock bitcoin. After reading this, i wont use bitcoin for any transactions until there is an xx,xxx sale in .men
Even if bitcoin is safe now, and it doesnt appear to be. Scammers will figure out different ways to scam with this invisible coin.
Sorry about your loss

and you would probably use PayPal - the scammers real friend.

You need to read about Bitcoin, and all the features that can be built into secure payments.

This fraud was not about Bitcoin, but about the vulnerabilities in doman name security and transfers.

 

[Kate]

Indeed the problem here is lack of due diligence. BTC makes it more difficult to trace the money to the person behind this scam.
I'm all for anonymity but it's less acceptable for large business transactions.

Where are the original owners of the domains ? Are they even aware of what's going on ?

 

[Kuffy]

Actually Bitcoin is not as anonymous as people think. because everything is recorded on the blockchain foir public inspection. It's even less anonymous if you register your address in various places, which is what I have done. It would be a simple matter for anyone to track a payment back to me.

This case was a bit different though, The scammer ran the payment through a mixer. A mixer is a site that takes a load of payments and splits them and jumbles the bits. It then pays the scammer with some of the bits that have come from various sources. It isn't possible to track the payment through the mixer.

If you are paying a large amount in circumstances such as this one, you should verify the address of the recipient, or use a multi-sig with a trusted third party.

 

[Domains - Wanted]

Actually Bitcoin is not as anonymous as people think. because everything is recorded on the blockchain foir public inspection. It's even less anonymous if you register your address in various places, which is what I have done. It would be a simple matter for anyone to track a payment back to me.

This case was a bit different though, The scammer ran the payment through a mixer. A mixer is a site that takes a load of payments and splits them and jumbles the bits. It then pays the scammer with some of the bits that have come from various sources. It isn't possible to track the payment through the mixer.

If you are paying a large amount in circumstances such as this one, you should verify the address of the recipient, or use a multi-sig with a trusted third party.

Fascinating. And utterly incomprehensible. I'm old

Seriously, thanks for your insights, shorthand that they are. Guess it's time I catch up and make friends with this Mr.Bitcoin...

 

[MasterOfMyDomains]

Actually Bitcoin is not as anonymous as people think. because everything is recorded on the blockchain foir public inspection. It's even less anonymous if you register your address in various places, which is what I have done. It would be a simple matter for anyone to track a payment back to me.

This case was a bit different though, The scammer ran the payment through a mixer. A mixer is a site that takes a load of payments and splits them and jumbles the bits. It then pays the scammer with some of the bits that have come from various sources. It isn't possible to track the payment through the mixer.

If you are paying a large amount in circumstances such as this one, you should verify the address of the recipient, or use a multi-sig with a trusted third party.

BitcoinMixers?
Nope wont use paypal either
Sedo looking better every day

 

[Kuffy]

I think if you are honest, there is no disadvantage in posting your address publicly. This means that if someone is impersonating you, they can't verify the address they use. For the record, I associate this address with my Jet Cash persona.
167YShzmzSRZcfoFjAv8JBx31v6DwGwCtt

That's the one I will be using to accept payments for domain sales.

Some people suggest that you use a different address for every receipt, but I think that overcomplicates things. I have got other addresses for savings, so there isn't much associated with that address of mine.

Maybe it would be useful for NamePros members who use Bitcoin to register their addresses in a thread here.

 

[ison]

Please reprt this to one of the global moderators there. to stop others being scammed.

I started a thread in Meta that links to this thread.

Just recently, a staff and a global moderator there tried to extort a member (he would later claim it was a sting operation to expose a criminal - irony at its best). Anyway, after being exposed, it took days before she/he was stripped of his/her positions - and even then, only after people started asking why Theymos wasn't doing anything. The person's account remains pristine though. In fact, the only sure way to get banned there is to dox Theymos.

 

[creataweb]

Simple, don't use scammy sites like the one mentioned above. Always think hard and be careful with what you're doing online.

 

[Kuffy]

Bitcoin talk is great for tech discussions, and opinions about Bitcoin and its prospects. Unfortunately there are a lot of sig spammers and promoters of ponzis and gambling sites. Use it for the tech discussions, and ignore the rest.

 

[4better]

What I don't understand here is that where's the real owner of those domains. When those domains have been "handled" by that anonymous scammer for quite some time, the owner was sleeping all along? Didn't the owner ever receive any message or notification from Namecheap about the domain transactions? Could it be that there's some sort of "relationship" between the scammer and the real owner which allow the scammer to access the domains worth hundreds of thousands of dollars. There are just a lot of possibilities here. It's just shady!

 

[wayne wooldridge]

What I don't understand here is that where's the real owner of those domains. When those domains have been "handled" by that anonymous scammer for quite some time, the owner was sleeping all along? Didn't the owner ever receive any message or notification from Namecheap about the domain transactions? Could it be that there's some sort of "relationship" between the scammer and the real owner which allow the scammer to access the domains worth hundreds of thousands of dollars. There are just a lot of possibilities here. It's just shady!

It's also plausible that if the scammer had the original owners account credentials, he could mark any account alerts as "read", as well as control messages in his email account if he also had access to that.. It would then probably take awhile for the owner to notice any changes, especially if he has a large portfolio.

 

[hostnesta]

I only purchased 2 domains from that list.

The signs were all there, I got caught off guard when the scammer went first.

Without me paying a penny, he pushed the domain into my account and gave me a week to gather the bitcoin and to pay it off. I thought it was secured under my account since it's been there for a week, so I paid him in full.

But few days later, I get a message from enom/namecheap about this 2 domain under "transfer dispute lock" and under investigation by risk department.

The new domain transfer policy by ICANN now creates this lapses as it has to be confirmed by both parties.
I am sure that was still within the window period up for any changes or challenge.

 

[Chris Hydrick]

I did some digging.

FLIPPA

AffiliateMarketing.net - ended unsold 1/14/17 on Flippa with one bid @ $2,250 by now suspended seller Brennvn < link to flippa seller account

Lurking.com - cached flippa listing from 1/15/17 HERE. Domain was brokered by Flippa Broker Daniel Errecart

SchoolTeacher.com - cached flippa listing from 1/14/17 HERE. Same Flippa broker. DE

Automating.com - cached Flippa listing from 1/17/17 HERE. Same Flippa broker. DE

Disturb.com - cached Flippa listing from 1/16/17 HERE. Same Flippa broker. DE

OverPopulation.com - cached Flippa listing from 1/16/17 HERE. Same Flippa broker. DE

WHOIS Updates

On 12/3 and 12/7, there are individual updates clustered to within one hour. Anything here?

12/7/2016 8:13:17 - OverPopulation.com - WHOIS updated: eNom registrar. Email changed to [email protected]

5/30/16 OverPopulation.com, The email changed to

. Still registered at DNC Holdings

3/21/16, OverPopulation.com, belonged to registrant name JP Suave -

. Registered at DNC Holdings

Related domains once registered to

Automating.com
Lurking.com
OverPopulation.com
Disturb.com

Related domains once registered to

TMZA.com
Lurking.com
OverPopulation.com
AffiliateMarketing.net
Affiliate.org
SchoolTeacher.com

Other recently updated domains belonging to JP email addresses registered at DNC Holdings. Depending if / when account was hacked, these domains might be affected.

Below three domains are now under Privacy (once belonged to JP email) . Unlike the private domains listed by OP, below domains are still with DNC Holdings.

Looks like @Zandibot used to own disturb.com.

@Zandibot used to own SchoolTeacher.com as well.

Hypothesis
Currently inconclusive to me. Assuming an email hack.

@Investful - Did you email the WHOIS email of the domains you buying the domains? Was the WHOIS email you corresponded with either the privacy proxy email or [email protected]?

If you haven't unconvered any of this already with Ali, I'd shoot an email, or telephone call to the prior owner of the domains you "bought." See if they sold the domains to your seller, or if they say they were stolen. Not real sure how to get your money back given it was BTC, if anything you might be able to track IP address or real identity by working with connected companies. ie Flippa and the affiliated registrars. Not sure if you'd have to file a theft report for them to release the info or what not.

Does pending transfer dispute mean, the last owner filed a theft dispute?

Hope this helps, and sorry if I went overboard; I like puzzles.

 

[Kenny]

Hope this helps, and sorry if I went overboard; I like puzzles.

Dude, nice work. You got skillz. Have you met @TheLegendaryJP ?

Peace,
Cyberian