If you are new to domains and looking to buy, sell and learn about domains then you have come to the right place. DNForum is the largest domain name community on the internet and continues to grow every day. There are over 105,000 domainers on DNForum doing everything from buying domains, selling domains, learning about domains and discussing domains. Take a minute and Register.
Register Today on DNForum IT'S FREE!When was 4n.net stolen?
Rockefeller
Do you know how to get the IP addresse from the email that came into your inbox?
Put the collection of those IPs together, just to validate that it's one guy from US and not a ring of guys from all over.
Also, His privacy service is Moniker. If you guys know Monte from Moniker, ask him if he can somehow help.
Well looking at the other residents of Lukasz's house reveal...
Mrs. Adriana Zycki
View Title...
Eisenhower Junior High School
Darien, Illinois
If she still works there as a special ed assistant it may be worth a call to the school and ask for her?
Someone needs to make a friend lol
Hey this guy is either the theif or a victim, it was his paypal that was used and charged back, someone needs to get a hold of him.
http://www.facebook.com/profile.php?...nfo&ref=search
Another family members work...
Marcin Zycki
at Byte Managers Inc
800 West Huron Street, Suite 4w
Chicago, IL 60622
Whoever the names were stolen from need to follow up on this!
Ok thats it from me for now, two people to contact that live with Lukasz Zycki, same house, same guy's paypal etc. I can even tell you where they went to school and college but at this point the victim(s) need to call and get his mother and sister on the phone. Maybe he's a victim and his paypal was stolen and he just hasnt noticed?
Last edited by TheLegendaryJP; 10-07-2009 at 06:05 PM. Reason: Automerged Doublepost
I would not contact anyone. I would make sure he is not here and reading this first. If he is not here, than I would simple verify his info and file a case. No warnings.
Hey we all have our own ways but from past experience I find moms and dads dont feel good about people calling and going over what their son is up to, names get returned pretty quick, no lawyers, police etc.Originally Posted by ydnaemsti
I always try the easiest step first, if he is a victim too it will all come to light, if not and mom and dad dont care, follow through but easy at first is my route.
Just a fyi...
Zycki is a rare name in the US any ways, both .com and .net are taken within the last 1-2 years, both private at GD! The .org remains available, goes to show how rare a name it is, no one wants the org lol
Just a fyi
Last edited by TheLegendaryJP; 10-07-2009 at 06:18 PM. Reason: Automerged Doublepost
Also, all of the yahoo accounts I have looked up ask for the same password reset question "what is your oldest child's name?", also, there is another option for a backup email on the account for which the hint is xxxxxx@ax.com, anyone know of a 2 character domain that was stolen? Could be a big lead
Okay, so as I said before servers24@gmail.com was the original paypal email given to us by the first theif who didn't know we were going to take the name from him. A more in-depth search shows the Amir Mirghassemi" owns this domain name and also owns servers24.com. I have also found other posts that indicate that Amir has addresses in Ohio and Iran. I believe Amir Mirghassemi is our scammer.
Amir Mirghassemi
7828 Woodglen Dr
Westchester, OH
513-225-5200
Last edited by Rockefeller; 10-07-2009 at 07:12 PM. Reason: Automerged Doublepost
FYI - Over at NP, the user i.domain has responded to the claims regarding VPR in the legal section.
Thanks for the heads up... I suppose someone has to show something now that he makes a bold claim like this.
link to np thread...
http://www.namepros.com/legal-issues...is-stolen.html
DO NOT do business with the member i.domain at NP, this IS the domain thieve that has stolen all of the GoDaddy domain names.
http://www.namepros.com/members/159787.html
I managed to get the IP address of the person logging into NP, which IS the domain thieve. The address where his IP comes back to is Woodstock, IL, the ISP that hosts that IP is in Chicago, IL. The two addresses that we have on Lukasz Zycki are in Bensenville, IL and Bannockburn, IL. All of these cities only have a max of 34 miles in between them.
Last edited by Rockefeller; 10-08-2009 at 11:11 AM. Reason: Automerged Doublepost
We have successfully got 4n.net back to the true owner. Everyone that has had a domain name stolen by this thieve especially vpr.com and iwy.com need to email undo@godaddy.com and reference the 4n.net thieve.
Header from email that SPOOFED escrowdns email:
Sunday, October 4, 2009 4:56 AM
From support@escrowdns.com Sun Oct 4 11:56:29 2009
X-Apparently-To: jumptime@yahoo.com via 66.196.100.97; Sun, 04 Oct 2009 04:56:31 -0700
Return-Path: <nobody@srv1.hostedfx.com>
X-YahooFilteredBulk: 66.116.153.91
X-YMailISG: Ls7AglMWLDuwWxQCYZGVpq4dwM0i56WoEHMKMPN4gdlk1aNp5f Bk9ESE5NXvva7pjtAEg2OXpBTnX707CteuI_tvCh6u14oEcVwT R26T8lBeoI.2X5vU5KqDxwsgooxbHYw9Pj5RRSLoy3uY0dlf5s 0ULCIaIz9wYn5o1c2Y1Gk9abdc_OR6V5ATn7yWpDuw1zNeFwno s4hECuHgvbjetr_D_z5y17aVEDFUtj_13subaJ67_EIVcFPEzB FUtgj9QuUD4AwKTZcRyA3LbwT.FOdPiDrp77xyiawfJ7jSFfsn h2Ei5wEpLTRGmO_gS8wAiZcY2t0ClGZyUXOdq32yjtU-
X-Originating-IP: [66.116.153.91]
Authentication-Results: mta297.mail.mud.yahoo.com from=srv1.hostedfx.com; domainkeys=neutral (no sig); from=srv1.hostedfx.com; dkim=neutral (no sig)
Received: from 66.116.153.91 (EHLO srv1.hostedfx.com) (66.116.153.91) by mta297.mail.mud.yahoo.com with SMTP; Sun, 04 Oct 2009 04:56:31 -0700
Received: from nobody by srv1.hostedfx.com with local (Exim 4.69) (envelope-from <nobody@srv1.hostedfx.com>) id 1MuPhV-0007Ov-5N; Sun, 04 Oct 2009 07:56:29 -0400
To: jumptime@yahoo.com
Subject: Domain escrow - 4n.net Transaction
From:
"support@escrowdns.com" <support@escrowdns.com>
Add sender to Contacts
Reply-To: "support@escrowdns.com" <support@escrowdns.com>
To: <jumptime@yahoo.com>
Mime-Version: 1.0
Content-type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
Message-Id: <E1MuPhV-0007Ov-5N@srv1.hostedfx.com>
Sender: Nobody <nobody@srv1.hostedfx.com>
Date: Sun, 04 Oct 2009 07:56:29 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - srv1.hostedfx.com
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - srv1.hostedfx.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -k start -DSSL
X-Source-Dir: khaye.com:/public_html/z
Content-Length: 351
Glad to hear...
Ironically the one email jumptime@yahoo.co I saw was for a group called 3 guys jump or something, the pic I found for the person involved throwing up gang signs where the site was too dangerous to link.. three guys in the pic!
Coincidence?
I also think the fact the addresses are so close is a great confrimation as well, put pieces together nicely.
the jumptime email is the true owner, I've confirmed that and 4n.net is now in the true owner's hands, we worked hand in hand with GoDaddy and they did the right thing. There are still 2 names that we have to get back to the owners, one that was stolen from the escrowdns spoof and another that was just outright stolen.
Would the "originator IP" be the sender's (scammers) IP? looks like it went through Hostedfx.com out of Ohio, the Amir Mirghassemi also has an address out of Ohio.
Hey Sherlock aka Justin,great work........you the man
VPR.com has been returned to me successfully!
Thank you GoDaddy.com, Adam Dicker, and Justin Godfrey (EscrowDns.com)
Everyone, please be VERY careful about these scams in the future. Always make sure to login to the website to confirm escrow statuses, and if anything looks fishy, call or send an email to the escrow companies!
Been watching and I am very impressed by the team work involved here and the relatively quick resolution. Good work everyone involved and I happy to see domains have been returned to rightful owners.
Two high CPC sites for sale...BankruptcyTrustees.org and BClawyers.org
Much kudos to all involved in the safe recovery of these names.
Ok good to hear, poor jump guy was about to my wrath lol
Glad its working out, good work Justin.
Anyone know how to track an IP, like actually track it? Would be willing to pay for legit info as I will be suing this guy if he is in the US and hopefully bankrupting his operation.
The IP from NamePros (that he used to login with) is:
76.73.68.156
From Arin.net
OrgName: FDCservers.net
OrgID: FDCSE
Address: 141 w jackson blvd.
Address: suite #1135
City: Chicago
StateProv: IL
PostalCode: 60098
Country: US
ReferralServer: rwhois://rwhois.fdcservers.net:4321
NetRange: 76.73.0.0 - 76.73.127.255
CIDR: 76.73.0.0/17
OriginAS: AS30058
NetName: FDCSERVERS
NetHandle: NET-76-73-0-0-1
Parent: NET-76-0-0-0-0
NetType: Direct Allocation
NameServer: NS3.FDCSERVERS.NET
NameServer: NS4.FDCSERVERS.NET
Comment:
RegDate: 2009-02-02
Updated: 2009-04-08
RAbuseHandle: ABUSE438-ARIN
RAbuseName: ABUSE department
RAbusePhone: +1-630-729-0228
RAbuseEmail: abuse@fdcservers.net
RNOCHandle: NOC1402-ARIN
RNOCName: Network Operations Center
RNOCPhone: +1-630-729-0228
RNOCEmail: NOC@fdcservers.net
RTechHandle: NOC1402-ARIN
RTechName: Network Operations Center
RTechPhone: +1-630-729-0228
RTechEmail: NOC@fdcservers.net
OrgAbuseHandle: ABUSE438-ARIN
OrgAbuseName: ABUSE department
OrgAbusePhone: +1-630-729-0228
OrgAbuseEmail: abuse@fdcservers.net
OrgNOCHandle: NOC1402-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-630-729-0228
OrgNOCEmail: NOC@fdcservers.net
OrgTechHandle: TECHS72-ARIN
OrgTechName: Tech Support
OrgTechPhone: +1-630-729-0228
OrgTechEmail: support@fdcservers.net
You would have to contact the block owners, and hopefully they will have login records if it's a pppoe or dial up connection. It doesn't appear to have a fqdn on that address (76.73.68.156)
You may have to subpoena the records from the owner of the ip range, or they may cooperate.
Last edited by south; 10-09-2009 at 11:11 PM. Reason: Automerged Doublepost
All offers good for 72 hours except running auctions
Progeria Research | Pulmonary Fibrosis | Dammit!
A local detective service will locate him in 3 days. It will cost no more than 250. You know his name. It's an easy job.
Posting Permissions
View Profile
View Forum Posts
View Forum Threads
View Friends
View Blog Entries
Reply With Quote
Bookmarks