Domain Hijacker On The Prowl

[Deleted member 70843]

Here is what info I have gathered so far:

Name used: ismaili, rashid / Rashid ismaili

domains owned: FunyTube.com

emails used: [email protected] and [email protected]

Digitalpoint! member name: rachidis

profile on DP - http://forums.digitalpoint.com/member.php?u=96064

AKA: internet handle: noobcash

Sites he/she (noobcash, funytube, rachidis) visited and left ip trail:

http://gptreasure.com/userinfo.php?uid=130118
www.funytube.com
http://boardreader.com/t/qsm_yrud_umshariy_alayday_541764/5snt_lltsgil_417260.html

possible hit with egold account number (member post rachidis):
http://www.goldage.net/im-offering/30007-fast-10cents-up-grab.html



Doing More research now on international domains and forums...

One thing i can think of which helps to gather info on scammers is this:

1.) check the profiles you have found conneted to him/she for domains there selling

2.) go to google.com and type in each domain they were selling, which in
turn should take you to other forums which they tried to sell that domain on
under a different alias and then check there profile for other domain names
which they tryed to sell.

3.) check all domains you keep finding in each profile which they tried to sell
and check the the who is for all of them.

normally they have made a slip up and left some of their real details
somewhere or you can try some who is history to find who owned them
before hand.


p.s if post any details here which you manage to find out about the
scammer and then check back where you found those details and it
seems it has been edited/deleted then you will know that the scammer
maybe posting or reading this topic.

This is a good way to find out more info on the scammer.
one person who posted here i tracked down and helped
to contribute some info to another member so he could get
hes domains back.

Hence the reason of me posting and removing the first and second post.

 

[sashas]

also..i gotta ask....29yrs old...with 6 kids??...damn man.....how u do it??..

Thats what I was wondering too..

From what I've heard, things in such cases usually do work out. GoDaddy might be a big company but I've personally liked their support quite a bit. If they recognize the value of your names, I think they would speed up the recovery efforts. No company would want to lose a good client (but I figure they'll lose you anyway...GoDaddy's loss is often Moniker's gain)

 

[Siteoffers.com]

Moniker sounds good to me at this point.

Today I was on the phone with a rep at godaddy who said they are working on getting the domains back etc.. But they needed me to email them a list of each domain that was in that account. There were like 150-200 in that account (I have 3 godaddy accounts).

I came up with a list of liek 120 so I think I am missing a few. They will come back to me I hope. Seems like they can just look at the transfer request from that account and snag all the names back. I cant even get in to my account at this point as the hack changes all the log-ins and godaddy isnt fixing that for me??? I am still pissed and worried a bit. I will feel a lot better when the names come home so I can pack them up and move to moniker....

Also:

Got some good leads on tracking this person down from the guy who hosts his website funytube.com - The host guy said that Rashid ismaili is the name he uses and [email protected] is his PAYPAL ID (unverified) but I can send paypals legal dept a request for info on this jerk via my attorney.... So he has a paypal account but the host said the guy uses a wied fake ny address with him..

I wish godaddy would keep me in the loop I cant get an email reply or phone call from them on the issue. I want to speak with the undo dept - been trying for 30 hours+

 

[Seraphim]

I personally dont make 5k a day usually. I am lucky to pocket $5-7k per week sometimes.

I would be very cautious about stating income figures here, or anywhere in public. By doing so you could be opening up yourself, your family, and your domain portfolio to further security threats.

Best of luck to you, I'm sure you'll get your domains back.

 

[Siteoffers.com]

Thats what I was wondering too..

I started early on the kid thing.. Lets just say I like girls too much :yes:

I would be very cautious about stating income figures here, or any where in public. By doing so you could be opening up yourself, your family, and your domain portfolio to further security threats.

Best of luck to you, I'm sure you'll get your domains back.

Thanks for the heads up - sometimes I forget that this forum is open ..

Maybe a mod can pull that info down for me and edit out income facts???

 

[Poohnix]

Maybe a mod can pull that info down for me and edit out income facts???

You can edit your own posts.

 

[Siteoffers.com]

oh yeah - duh! I am so out of it today... I edit my posts all the time. Thanks. I feel like an idiot!

 

[Downloads]

Not trying to teach anyone to suck eggs or anything, but never use instant messengers either to communicate, always use emails. IPs can be obtained using instant messengers and thus can be used to scan your PC for viruses once they have that or use numerous other exploits in Windows.

Just a thought.

 

[Poohnix]

Not trying to teach anyone to suck eggs or anything, but never use instant messengers either to communicate, always use emails. IPs can be obtained using instant messengers and thus can be used to scan your PC for viruses once they have that or use numerous other exploits in Windows.

Just a thought.

Emails also shows you IP, in most cases. Gmail doesn't, but for example Hotmail does, and all normal email via your ISP .

 

[Downloads]

Even better reason to stick with the DNForum PMs then. Didn't realise Hotmail gave out your IP though.

 

[Giode]

Siteoffers: There was an attempt to hijack my domains also this weekend. I saw it happen right before my eyes. I use the Firefox extension Mail Notifier, and late Saturday night saw a popup saying I had just recieved two messages. I checked them and they were both from Snapnames saying I had requested my password from them. I didn't of course, and when I pressed the "back" button both emails had mysteriously disappeared from my inbox. I checked the trash, and everything was freshly emptied. Obviously someone was sharing my email account with me at that very moment. Why Snapnames? No idea, but can tell you where it would eventually lead.

I then hustled to change all my passwords. Felt like I was in a race with the thief.

Bottom line: you can never safeguard your domain enough! It may also be noted that I had a 28 char password on my Yahoo account. Anyone with valuable domains is at risk.

Good luck and hope for a good outcome.

Godaddy is working with their fraud dept., My Lawyer, The FBI, and other organizations to correct the situation and to prosecute the party involved.

Unless your lawyer is willing to enter Iran to sue these guys, your only hope is to get the names back - which it sounds like you will! I'm willing to bet it's the old Iranian connection.

 

[Siteoffers.com]

I have been on the phone for hours, emailing frequently, doing everything I can to work with godaddy... They are being as helpful as some would expect but I have been using them for years (like 7 I think or more) - I was really expecting them to keep records better so they could assist in matters such as these.

I have so many loops top jump thru. It will take 10-20 days before I get my names back if I get them back at all.

They are being very rude to me I think. Last communication from them is I need to fwd them (via fax) a copy of my id and anyones id listed as owner on my domains (not a problem) but they also asked for a DBA form for any domains listed as a business. The thing is I list a couple domains as being registered to the domain business name like if it were doolalaboo.com the reg info is all my contact info with the name as doolalaboo.com .. I had always thought that this would be ok as I am a sole proprieter and just wanted some anonymity on some domains. I also have domains dating back 7 years or more maybe and cant remember if they are in my name, my girlfriends name, my partners name etc.. They are all in my account but now sure.. SO I guess I will fax them copies of everyones id....
I hope godaddy really sees what is going on here and gets these names back fast.

10-20 days is too long. The way my business works is we use this weeks money to run next week and take a slice of the pie each week. Now I am domainless with 0 income because of all this, to top it all off I have 6 Kids to feed and a mortgage to pay plus all my toys .... I really am praying to ALL GODS this works out ok.

In the mean time: looking for hig traffic domains, LLL.com's LL.com's and NN.com and any genaric domains to rebuild...

 

[DNQuest.com]

Siteoffers: There was an attempt to hijack my domains also this weekend. I saw it happen right before my eyes. I use the Firefox extension Mail Notifier, and late Saturday night saw a popup saying I had just recieved two messages. I checked them and they were both from Snapnames saying I had requested my password from them. I didn't of course, and when I pressed the "back" button both emails had mysteriously disappeared from my inbox. I checked the trash, and everything was freshly emptied. Obviously someone was sharing my email account with me at that very moment. Why Snapnames? No idea, but can tell you where it would eventually lead.

QUOTE]

There are ways to have an email self-destruct after it is opened.

 

[VirtualT]

Let me guess, you all run windoes right?

Guys, if you can't run linux full time, splash out a bit of cash and upgrade your desktops with a couple of gigs of ram. Install a virtual machine such as vmware running linux.

Use the VM for everything to do with managing your domains, including separate email accounts that you access from only within the VM.
Connect the VM to the net, but keep it isolated from your Winders Host so there can't be any contamination from any windows nasties.

 

[Giode]

Siteoffers:

QUOTE]

There are ways to have an email self-destruct after it is opened.

I only read ONE of the two emails sent by Snapnames. Can they "self destruct" before you even read them?

 

[Domagon]

There is NO way to have an email self-destruct unless it wasn't completely sent ... or is later deleted via some mechanism (often leveraging various security vulnerabilities, such as html/scripting) in the receiver's email program/service and/or their computer.

Some email products claim to offer "self-destructing" email ... what those products often do is attempt to run an executable (active-x control, java, etc) on the receiver's machine and/or often merely link transparently (for people with HTML / scripting enabled) to the actual text of the email stored elsewhere.

Ron

 

[Giode]

Exactly Ron. Look, if you receive an email saying you requested a password and it just deletes itself, someone else has access to your email account. If your trash is freshly deleted, like mine was, what more evidence would you need?

 

[Siteoffers.com]

Update on domains hijacked..

After many days of stress, anger and worry - all because of the hijacking and a lot of the stressed caue by godaddy as well. (I will get in to that later in depth).

The only way I got my domains back was dealing directly with teh hijacker, who actually turned out to be more helpful then godaddy. Godaddy was very rude to me and they were not helpful at all.

I did eveything godaddy asked, I sent them copies of all my credit card (8 of them) that I have used when paying for the domains, send paypal transaction ids, sent copies of other peoples ids, like my partner and wife, who some of the domains were listed under. I even had to go out and get a business licence for some of my domains that had my name listed in the organization section. I had to get a business licence me doing buisness as me. After I send them all of this information they were still stalling and asking for more info and more and more. I mean I contacted the undo dept withing minutes of seeig changes and here we are days and days, week later and no help from godaddy.

They responded last with per thier universal terms of service we, me, you, are responsible for keeping our domains secure and per their terms they dont have to do anything and I could just be out of 200+ names that have taken me years to build up.

So - The domain hijacker gets an email plead from me, that tells him who I am and what I do and hw I make a living, I told him what he did is affecting my family and life. I told him if he is smart enough to hack, or social engineer to steal domains then he could find legitimate ways to make money. I told him I could give him som ideas and jobs to do that could get him out of this domain hijacking busineess.

I figured what the hell... If he needs help I will help him to get my names back and I would also be taking a domain hijacker out of the business and putting him in to something legit.

SO he released the accounts to me that contained my domains.. I am not leaving godaddy to go to another BETTER and HELPFUL reg.

One many of us use. The big M

Anyway after ny experience and talking with this hacker. I decided to write an ebook on how to prevent domain hijacking and how they hijack domains the most and what you can do to prevent and recover from domain hijacking.

I will be selling the ebook at a low fee to recover some loast funds fom hijacking.

It will be helpful to all domainers.. The ex-hacker who I think I saved from the life will be giving input on this ebook also....

I say NoDaddy!

 

[Keyboard Cowboy]

Good to hear things worked out in the end... Who would'a thought the hijacker would be of assistance :?:

I am not leaving godaddy to go to another BETTER and HELPFUL reg.

You're not leaving?

Regarding the ebook; I'd focus more on the recovery part and not so much on how the hijacking is done. I know it'll be hard to explain how to restore it all without getting into how you got into the situation in the first place, but the thing is you could in turn be writing a tutorial on how to hijack domains.

 

[Theo]

Let's hope this whole incident was not an invention in order to sell an e-book.

Negotiating with the hacker is like dealing with Osama.