Godaddy domain names being stolen!

[A D]

Confirmed that trace is correct, use this it's bonehead proof.

Just enter ip and hit the green arrow.

http://visualroute.visualware.com/

-=DCG=-

 

[south]

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Scott>tracert 76.73.68.156

Tracing route to 76.73.68.156 over a maximum of 30 hops


5 9 ms 7 ms * 208.67.164.21
6 9 ms 8 ms * 208.67.164.146
7 7 ms 6 ms * 208.67.164.33
8 7 ms 7 ms * border5.g1-2.fplfibernet-8.mia003.pnap.net [64.9
4.60.29]
9 7 ms 7 ms * core2.t6-2.bbnet2.mia003.pnap.net [69.25.0.66]
10 15 ms 15 ms * Tengigabitethernet2-2.ar1.MIA2.gblx.net [64.212.
16.165]
11 35 ms 35 ms 35 ms 64.209.97.14
12 56 ms 55 ms 56 ms pos-1-14-0-0-cr01.dallas.tx.ibone.comcast.net [6
8.86.85.153]
13 83 ms 82 ms 82 ms pos-1-9-0-0-cr01.denver.co.ibone.comcast.net [68
.86.85.173]
14 82 ms 82 ms 83 ms 75.149.229.10
15 * * * Request timed out.
16 83 ms 83 ms 84 ms openvz.dmehosting.com [76.73.5.250]
17 87 ms 87 ms 87 ms 76.73.68.156

Trace complete.

Hop 16 is the one right before the final ip address. (openvz.dmehosting.com )

Might be the place to start. Or maybe it's an owned(as in hacked) hosting account / VPS someone is bouncing off, if they have a clue.

 

[MAllie]

I actually do not blame the people that stole those domains. The problem lies with the registrars.

But that's like saying you wouldn't blame someone for stealing a wallet because it has been left unattended for a moment. We should all mind our wallets and our domain names, but just because you can steal something doesn't make it right. If you do steal, you are to blame, no matter how hard or easy someone has made it for you.

 

[ydnaemsti]

@Mallie

I disagree. I'm in the domaining business, not in a domain/security/prevention/storage business. The registrars should guarantee domain safety. This thing is a joke.

Wallet is a different story. I'm responsible for storage.

 

[MAllie]

@Mallie

I disagree. I'm in the domaining business, not in a domain/security/prevention/storage business. The registrars should guarantee domain safety. This thing is a joke.

Wallet is a different story. I'm responsible for storage.

I'm not saying that registrars shouldn't have systems to take care of the safety of domains. I'm saying that it's wrong to steal them, even if these systems aren't in place.

 

[fenomeno]

I got scammed by the same guy! I will post all infos about he in a few minutes, but i can see the same style. Some of his other infos are copy/pasted here as that is one thread on NP forum:

Dear NP Community, several months ago a scammer tried to sell 449.com 447.us Fzj.Com

Today at another forum, the thread was bumped back to the top of the list. We just got the notice the scammer had 4 Accounts and is now banned.

Here are the infos, his current username is -MASTER-

DNF:
-master-
alexandra_boss
atta
imit20

NP
7 accounts - all closed now.

Member names used in different forums:
al_boxx
alexandra_boss
big dealer
dealer_t

[email protected] is associated with [email protected]
Two of the domains are:

gungwar.com and usaago.com

Guess who listed usaago.com for sale on DNF...

Whois info of Gungwar from 11/17/2008:

Quote:
Domain Name: gungwar.com
Registrar: Name.com LLC

Expiration Date: 2009-09-13 11:09:51
Creation Date: 2008-09-13 11:09:51

Name Servers:
ns1.alborzhosting.com
ns2.alborzhosting.com

REGISTRANT CONTACT INFO
ANADOLU MAH
ANADOLU MAH
OZSiRiN EVLER. B-BLOCK. NR:5
ISPARTA
ISPARTA
32200
TR
Phone: +90.903122312165
Email Address: [email protected]

Same date for usaago.com

Quote:
Domain Name: usaago.com
Registrar: Name.com LLC

Expiration Date: 2009-09-13 11:09:52
Creation Date: 2008-09-13 11:09:52

Name Servers:
ns1.alborzhosting.com
ns2.alborzhosting.com

REGISTRANT CONTACT INFO
ANADOLU MAH
ANADOLU MAH
OZSiRiN EVLER. B-BLOCK. NR:5
ISPARTA
ISPARTA
32200
TR
Phone: +90.903122312165
Email Address: [email protected]
Usaago.com from 9/14/2008:

Quote:
Domain Name: usaago.com
Registrar: Name.com LLC

Expiration Date: 2009-09-13 11:09:52
Creation Date: 2008-09-13 11:09:52

Name Servers:
ns1.alborzhosting.com
ns2.alborzhosting.com

REGISTRANT CONTACT INFO
ANADOLU MAH
ANADOLU MAH
OZSiRiN EVLER. B-BLOCK. NR:5
ISPARTA
ISPARTA
32200
TR
Phone: +90.903122312165
Email Address: [email protected]
All results for "[email protected]" in Google point to web sites in Arabic/Iranian.

Results for "[email protected]" point to all sorts of scams.

I will keep everyone updated on this scammer

Some more of this guy's stuff:

Dynadot Forums - selling "zakumisymbol.com"
Dynadot Forums - selling (sold) j8l.com

WHOIS info for j8l.com as of 11/16/2008:

Quote:
Domain Name: j8l.com
Registrar: Name.com LLC

Expiration Date: 2009-08-07 18:24:14
Creation Date: 2003-08-07 18:24:14

Name Servers:
ns1.dreamhost.com
ns2.dreamhost.com
ns3.dreamhost.com

Note that [email protected] is the email used by banned scammer 9MM, as seen here.

Dynadot Forums - selling nq6.net

WHOIS of nq6.net recently changed to:

Quote:
Registrant:
dariush omid
no32-east 45 st.
bolton, 56345
Ukraine

Domain Name: NQ6.NET
Created on: 06-Feb-06
Expires on: 06-Feb-09
Last Updated on: 01-Dec-08

Administrative Contact:
omid, dariush [email protected]
no32-east 45 st.
bolton, 56345
Ukraine
4564034 Fax --
paridokht.com is a web site with ...you guessed it...Iranian WHOIS info. Nothing to do with Ukraine.

I cant guarantee that is the same guy, but i have reason to belive as someone mentioned in this thread one of his email as LdariushL@ something..........i just listed one other email with the same style of "L" as first and last letter"...........also, some dariush tried to sell my domain name at some arabic forum. He stole DVD.fm from me.

Also, many tracks leads to Iran, and i get info about his IP which should be from Teheran.........

And for one who have NP account.....here it it that thread:
http://www.namepros.com/warnings-and-alerts/543991-warning-scammer-detected-and-exposed.html

And another thread:

http://www.namepros.com/warnings-and-alerts/598697-scam-alert-np-member-vacumer.html

And IP addresses of NP member Vacumer, who stole my DVD.fm.....i belive that is the same guy as the one about who is this thread:

IP Address Geo Trace First Used
85.185.163.112 Tehran, Tehran, Iran 2009-07-21 04:46:04
173.45.101.100 , , Unknown 2009-07-21 21:37:19
173.45.98.66 , , Unknown 2009-07-23 14:53:08
212.33.209.69 , , Unknown 2009-07-24 02:47:48
212.33.209.190 , , Unknown 2009-07-24 03:01:30
173.45.103.205 , , Unknown 2009-07-24 10:44:09

And Darisuh on some arabic forum, selling my dvd.fm:
http://www.forum.persiantools.com/t133153.html

 

[Dave Zan]

The registrars should guarantee domain safety.

If cops can't guarantee one's safety 24/7, then I don't know why one expects a
private party like a registrar to "guarantee domain safety" other than whatever
security measures they've got in place. Besides, registrars don't control all things
that can make a hijacking occur like one's computer or email access.

Unless maybe one's willing to let the registrar control those too? Or perhaps one
should forward those escrow emails to the registrar first?

You tell me.

 

[ydnaemsti]

@Dave
You sound very naive. Cops are there to control and make money, they're not there to guarantee anyone's safety except the ruling entity at a given time (their employer).

Now going back to domains. The fact that there is so many domains stolen every day tells me few things:

1. The entire registrar/domain storage architecture is bogus and creates asylum for those like the hero in this thread.
2. The is room for improvement, which means there is room for a new company to come in and dominate the market.
3. Registrars should create an option to roll back all stolen transactions.

 

[Cartoonz]

@Dave
You sound very naive. Cops are there to control and make money, they're not there to guarantee anyone's safety except the ruling entity at a given time (their employer).

Now going back to domains. The fact that there is so many domains stolen every day tells me few things:

1. The entire registrar/domain storage architecture is bogus and creates asylum for those like the hero in this thread.
2. The is room for improvement, which means there is room for a new company to come in and dominate the market.
3. Registrars should create an option to roll back all stolen transactions.

Dave's not the one that sounds naive.

 

[Dave Zan]

Registrars should create an option to roll back all stolen transactions.

Most if not all do as Mallie previously posted. It's verifying claims that poses a
big challenge, especially those who do reply with rebuttals of their own.

I've dealt with various cases of this in my previous registrar. Sure was one big
headache sometimes.

 

[Gerry]

I think I just got one from escrow.com.

I have never had any contact with the buyer. And no contact from Escrow.com until this email came:

It has been 2 days and the seller has not agreed to the transaction terms for:

---

If you are the seller, please sign in to your account at Escrow.com, click on your transaction number, and then agree to the terms and the escrow instructions.

If no action is taken, this transaction will be canceled in 3 days.

--------------------
Escrow.com
[email protected]
888-511-8600

 

[gilesdawe]

I've been effected a couple of days ago by this hacker and found this thread whilst searching for meebooo1.

Ok, lets all work together on this as his meebooo account is still active and he's still doing the same thing as a couple of years ago!

As for finding his details using the above methods, I think it won't help. He's obviously hacking other people's GoDaddy accounts and then using forums like Digitalpoint (by hacking into users accounts) to sell the domains. So the details you're finding are the hacked users/sellers who have bought the domain.

What is clear is that he is using Paypal, GoDaddy, Yahoo and Gmail accounts.

His MSN: [email protected]
His (Latest) PayPal: [email protected]

Report his Gmail account to:
- http://www.google.com/support/a/bin/answer.py?hlrm=en&answer=134413

Report his Yahoo account to:
- http://help.yahoo.com/l/us/yahoo/abuse/abuse.html

Report his Paypal
- Create a dispute with his paypal address above.


You need to also follow the steps:
- Report the incident on Paypal, to get a refund

- File a report on http://www.ic3.gov/complaint/default.aspx

We all need to work together on this, let's stop this guy!