 |
|  | |||||||
 |
 |
| | LinkBack | Thread Tools | Display Modes |
10-07-2009, 05:54 PM
| #42 (permalink) |
| Platinum Lifetime Member   | Rockefeller Do you know how to get the IP addresse from the email that came into your inbox? Put the collection of those IPs together, just to validate that it's one guy from US and not a ring of guys from all over. Also, His privacy service is Moniker. If you guys know Monte from Moniker, ask him if he can somehow help. |
|   |
|
10-07-2009, 05:55 PM
| #43 (permalink) |
Country:        | Well looking at the other residents of Lukasz's house reveal... Mrs. Adriana Zycki View Title... Eisenhower Junior High School Darien, Illinois If she still works there as a special ed assistant it may be worth a call to the school and ask for her? Someone needs to make a friend lol Hey this guy is either the theif or a victim, it was his paypal that was used and charged back, someone needs to get a hold of him. http://www.facebook.com/profile.php?...nfo&ref=search Another family members work... Marcin Zycki at Byte Managers Inc 800 West Huron Street, Suite 4w Chicago, IL 60622 Whoever the names were stolen from need to follow up on this! Ok thats it from me for now, two people to contact that live with Lukasz Zycki, same house, same guy's paypal etc. I can even tell you where they went to school and college but at this point the victim(s) need to call and get his mother and sister on the phone. Maybe he's a victim and his paypal was stolen and he just hasnt noticed?
__________________ Gregory.com $99k obo Last edited by TheLegendaryJP; 10-07-2009 at 06:05 PM.. Reason: Automerged Doublepost |
| |
|
10-07-2009, 06:10 PM
| #45 (permalink) | |
|
Country: | Quote:
I always try the easiest step first, if he is a victim too it will all come to light, if not and mom and dad dont care, follow through but easy at first is my route. Just a fyi... Zycki is a rare name in the US any ways, both .com and .net are taken within the last 1-2 years, both private at GD! The .org remains available, goes to show how rare a name it is, no one wants the org lol Just a fyi
__________________ Gregory.com $99k obo Last edited by TheLegendaryJP; 10-07-2009 at 06:18 PM.. Reason: Automerged Doublepost | |
|
| |
|
10-07-2009, 06:31 PM
| #46 (permalink) |
 Name: Justin Godfrey Last Online: Yesterday 03:48 PM iTrader: (361) Join Date: Apr 2005
Posts: 7,447
DNF$: 3,029 Location: Sheboygan, WI
Country:   | Also, all of the yahoo accounts I have looked up ask for the same password reset question "what is your oldest child's name?", also, there is another option for a backup email on the account for which the hint is xxxxxx@ax.com, anyone know of a 2 character domain that was stolen? Could be a big lead Okay, so as I said before servers24@gmail.com was the original paypal email given to us by the first theif who didn't know we were going to take the name from him. A more in-depth search shows the Amir Mirghassemi" owns this domain name and also owns servers24.com. I have also found other posts that indicate that Amir has addresses in Ohio and Iran. I believe Amir Mirghassemi is our scammer. Amir Mirghassemi 7828 Woodglen Dr Westchester, OH 513-225-5200 Last edited by Rockefeller; 10-07-2009 at 07:12 PM.. Reason: Automerged Doublepost |
|
| |
|
10-07-2009, 10:09 PM
| #48 (permalink) |
|
Country: | Thanks for the heads up... I suppose someone has to show something now that he makes a bold claim like this. link to np thread... http://www.namepros.com/legal-issues...is-stolen.html
__________________ Gregory.com $99k obo |
|
| |
|
10-08-2009, 09:51 AM
| #49 (permalink) |
| Name: Justin Godfrey Last Online: Yesterday 03:48 PM iTrader: (361) Join Date: Apr 2005
Posts: 7,447
DNF$: 3,029 Location: Sheboygan, WI
Country: | DO NOT do business with the member i.domain at NP, this IS the domain thieve that has stolen all of the Godaddy domain names. http://www.namepros.com/members/159787.html I managed to get the IP address of the person logging into NP, which IS the domain thieve. The address where his IP comes back to is Woodstock, IL, the ISP that hosts that IP is in Chicago, IL. The two addresses that we have on Lukasz Zycki are in Bensenville, IL and Bannockburn, IL. All of these cities only have a max of 34 miles in between them. Last edited by Rockefeller; 10-08-2009 at 11:11 AM.. Reason: Automerged Doublepost |
|
| |
|
10-09-2009, 07:49 PM
| #50 (permalink) |
| Name: Justin Godfrey Last Online: Yesterday 03:48 PM iTrader: (361) Join Date: Apr 2005
Posts: 7,447
DNF$: 3,029 Location: Sheboygan, WI
Country: | We have successfully got 4n.net back to the true owner. Everyone that has had a domain name stolen by this thieve especially vpr.com and iwy.com need to email undo@godaddy.com and reference the 4n.net thieve. Header from email that SPOOFED escrowdns email: Sunday, October 4, 2009 4:56 AM From support@escrowdns.com Sun Oct 4 11:56:29 2009 X-Apparently-To: jumptime@yahoo.com via 66.196.100.97; Sun, 04 Oct 2009 04:56:31 -0700 Return-Path: <nobody@srv1.hostedfx.com> X-YahooFilteredBulk: 66.116.153.91 X-YMailISG: Ls7AglMWLDuwWxQCYZGVpq4dwM0i56WoEHMKMPN4gdlk1aNp5f Bk9ESE5NXvva7pjtAEg2OXpBTnX707CteuI_tvCh6u14oEcVwT R26T8lBeoI.2X5vU5KqDxwsgooxbHYw9Pj5RRSLoy3uY0dlf5s 0ULCIaIz9wYn5o1c2Y1Gk9abdc_OR6V5ATn7yWpDuw1zNeFwno s4hECuHgvbjetr_D_z5y17aVEDFUtj_13subaJ67_EIVcFPEzB FUtgj9QuUD4AwKTZcRyA3LbwT.FOdPiDrp77xyiawfJ7jSFfsn h2Ei5wEpLTRGmO_gS8wAiZcY2t0ClGZyUXOdq32yjtU- X-Originating-IP: [66.116.153.91] Authentication-Results: mta297.mail.mud.yahoo.com from=srv1.hostedfx.com; domainkeys=neutral (no sig); from=srv1.hostedfx.com; dkim=neutral (no sig) Received: from 66.116.153.91 (EHLO srv1.hostedfx.com) (66.116.153.91) by mta297.mail.mud.yahoo.com with SMTP; Sun, 04 Oct 2009 04:56:31 -0700 Received: from nobody by srv1.hostedfx.com with local (Exim 4.69) (envelope-from <nobody@srv1.hostedfx.com>) id 1MuPhV-0007Ov-5N; Sun, 04 Oct 2009 07:56:29 -0400 To: jumptime@yahoo.com Subject: Domain escrow - 4n.net Transaction From: "support@escrowdns.com" <support@escrowdns.com> Add sender to Contacts Reply-To: "support@escrowdns.com" <support@escrowdns.com> To: <jumptime@yahoo.com> Mime-Version: 1.0 Content-type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit Message-Id: <E1MuPhV-0007Ov-5N@srv1.hostedfx.com> Sender: Nobody <nobody@srv1.hostedfx.com> Date: Sun, 04 Oct 2009 07:56:29 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - srv1.hostedfx.com X-AntiAbuse: Original Domain - yahoo.com X-AntiAbuse: Originator/Caller UID/GID - [99 32003] / [47 12] X-AntiAbuse: Sender Address Domain - srv1.hostedfx.com X-Source: X-Source-Args: /usr/local/apache/bin/httpd -k start -DSSL X-Source-Dir: khaye.com:/public_html/z Content-Length: 351 |
|
| |
|
10-09-2009, 08:13 PM
| #51 (permalink) |
|
Country: | Glad to hear... Ironically the one email jumptime@yahoo.co I saw was for a group called 3 guys jump or something, the pic I found for the person involved throwing up gang signs where the site was too dangerous to link.. three guys in the pic! Coincidence? I also think the fact the addresses are so close is a great confrimation as well, put pieces together nicely. |
|
| |
|
10-09-2009, 08:21 PM
| #52 (permalink) |
| Name: Justin Godfrey Last Online: Yesterday 03:48 PM iTrader: (361) Join Date: Apr 2005
Posts: 7,447
DNF$: 3,029 Location: Sheboygan, WI
Country: | the jumptime email is the true owner, I've confirmed that and 4n.net is now in the true owner's hands, we worked hand in hand with Godaddy and they did the right thing. There are still 2 names that we have to get back to the owners, one that was stolen from the escrowdns spoof and another that was just outright stolen. Would the "originator IP" be the sender's (scammers) IP? looks like it went through Hostedfx.com out of Ohio, the Amir Mirghassemi also has an address out of Ohio. |
|
| |
|
10-09-2009, 08:38 PM
| #53 (permalink) | |
| DNF Addict 
Country:  |  Quote:
Hey Sherlock aka Justin,great work........you the man  | |
|
| |
|
10-09-2009, 08:47 PM
| #54 (permalink) |
| DNF Addict  Name: Robert Last Online: Today 12:08 AM iTrader: (58) Join Date: Nov 2003
Posts: 1,736
DNF$: 1,283 Location: Montreal
Country:     | VPR.com has been returned to me successfully! Thank you GoDaddy.com, Adam Dicker, and Justin Godfrey (EscrowDns.com) Everyone, please be VERY careful about these scams in the future. Always make sure to login to the website to confirm escrow statuses, and if anything looks fishy, call or send an email to the escrow companies! |
|
| |
|
10-09-2009, 08:57 PM
| #55 (permalink) |
| Namefox  Last Online: Today 06:27 PM iTrader: (96) Join Date: Feb 2005
Posts: 3,908
DNF$: 998 Location: US/Canada | Been watching and I am very impressed by the team work involved here and the relatively quick resolution. Good work everyone involved and I happy to see domains have been returned to rightful owners.
__________________ Buyers always responsible for associated transfer costs. 3Dvideos.ca | 3Ds.ca | 3Dtelevisions.ca | 3Dcomputers.ca | 3Dphones.ca | 3Dhometheatre.ca | 3DHD.ca |
|
| |
|
10-09-2009, 09:48 PM
| #58 (permalink) |
| Name: Justin Godfrey Last Online: Yesterday 03:48 PM iTrader: (361) Join Date: Apr 2005
Posts: 7,447
DNF$: 3,029 Location: Sheboygan, WI
Country: | Anyone know how to track an IP, like actually track it? Would be willing to pay for legit info as I will be suing this guy if he is in the US and hopefully bankrupting his operation. The IP from NamePros (that he used to login with) is: 76.73.68.156 |
|
| |
|
10-09-2009, 11:05 PM
| #59 (permalink) | |
| DNF Addict  Name: Scott Last Online: Today 07:37 PM iTrader: (138) Join Date: Dec 2006
Posts: 3,145
DNF$: 2,707 Location: 33143/04930
Country:  | Quote:
OrgName: FDCservers.net OrgID: FDCSE Address: 141 w jackson blvd. Address: suite #1135 City: Chicago StateProv: IL PostalCode: 60098 Country: US ReferralServer: rwhois://rwhois.fdcservers.net:4321 NetRange: 76.73.0.0 - 76.73.127.255 CIDR: 76.73.0.0/17 OriginAS: AS30058 NetName: FDCSERVERS NetHandle: NET-76-73-0-0-1 Parent: NET-76-0-0-0-0 NetType: Direct Allocation NameServer: NS3.FDCSERVERS.NET NameServer: NS4.FDCSERVERS.NET Comment: RegDate: 2009-02-02 Updated: 2009-04-08 RAbuseHandle: ABUSE438-ARIN RAbuseName: ABUSE department RAbusePhone: +1-630-729-0228 RAbuseEmail: abuse@fdcservers.net RNOCHandle: NOC1402-ARIN RNOCName: Network Operations Center RNOCPhone: +1-630-729-0228 RNOCEmail: NOC@fdcservers.net RTechHandle: NOC1402-ARIN RTechName: Network Operations Center RTechPhone: +1-630-729-0228 RTechEmail: NOC@fdcservers.net OrgAbuseHandle: ABUSE438-ARIN OrgAbuseName: ABUSE department OrgAbusePhone: +1-630-729-0228 OrgAbuseEmail: abuse@fdcservers.net OrgNOCHandle: NOC1402-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-630-729-0228 OrgNOCEmail: NOC@fdcservers.net OrgTechHandle: TECHS72-ARIN OrgTechName: Tech Support OrgTechPhone: +1-630-729-0228 OrgTechEmail: support@fdcservers.net You would have to contact the block owners, and hopefully they will have login records if it's a pppoe or dial up connection. It doesn't appear to have a fqdn on that address (76.73.68.156) You may have to subpoena the records from the owner of the ip range, or they may cooperate.
__________________ All offers valid for 72 hours except running auctions. SJCParking.com | SFOOffsiteParking.com | LaGuardiaParking.net Last edited by south; 10-09-2009 at 11:11 PM.. Reason: Automerged Doublepost | |
|
| |
|
| Tags |
| 4n.net , domain scammers , domain scams , i.domain405 , stolen domain names |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
