Godaddy domain names being stolen!

[DotComGod]

Confirmed that trace is correct, use this it's bonehead proof.

Just enter ip and hit the green arrow.

http://visualroute.visualware.com/

-=DCG=-

[south]

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Scott>tracert 76.73.68.156

Tracing route to 76.73.68.156 over a maximum of 30 hops


5 9 ms 7 ms * 208.67.164.21
6 9 ms 8 ms * 208.67.164.146
7 7 ms 6 ms * 208.67.164.33
8 7 ms 7 ms * border5.g1-2.fplfibernet-8.mia003.pnap.net [64.9
4.60.29]
9 7 ms 7 ms * core2.t6-2.bbnet2.mia003.pnap.net [69.25.0.66]
10 15 ms 15 ms * Tengigabitethernet2-2.ar1.MIA2.gblx.net [64.212.
16.165]
11 35 ms 35 ms 35 ms 64.209.97.14
12 56 ms 55 ms 56 ms pos-1-14-0-0-cr01.dallas.tx.ibone.comcast.net [6
8.86.85.153]
13 83 ms 82 ms 82 ms pos-1-9-0-0-cr01.denver.co.ibone.comcast.net [68
.86.85.173]
14 82 ms 82 ms 83 ms 75.149.229.10
15 * * * Request timed out.
16 83 ms 83 ms 84 ms openvz.dmehosting.com [76.73.5.250]
17 87 ms 87 ms 87 ms 76.73.68.156

Trace complete.

Hop 16 is the one right before the final ip address. (openvz.dmehosting.com )

Might be the place to start. Or maybe it's an owned(as in hacked) hosting account / VPS someone is bouncing off, if they have a clue.

[MAllie]

Quote:

Originally Posted by ydnaemsti

I actually do not blame the people that stole those domains. The problem lies with the registrars.

But that's like saying you wouldn't blame someone for stealing a wallet because it has been left unattended for a moment. We should all mind our wallets and our domain names, but just because you can steal something doesn't make it right. If you do steal, you are to blame, no matter how hard or easy someone has made it for you.

[ydnaemsti]

@Mallie

I disagree. I'm in the domaining business, not in a domain/security/prevention/storage business. The registrars should guarantee domain safety. This thing is a joke.

Wallet is a different story. I'm responsible for storage.

[MAllie]

Quote:

Originally Posted by ydnaemsti

@Mallie

I disagree. I'm in the domaining business, not in a domain/security/prevention/storage business. The registrars should guarantee domain safety. This thing is a joke.

Wallet is a different story. I'm responsible for storage.

I'm not saying that registrars shouldn't have systems to take care of the safety of domains. I'm saying that it's wrong to steal them, even if these systems aren't in place.

[fenomeno]

I got scammed by the same guy! I will post all infos about he in a few minutes, but i can see the same style. Some of his other infos are copy/pasted here as that is one thread on NP forum:

Dear NP Community, several months ago a scammer tried to sell 449.com 447.us Fzj.Com

Today at another forum, the thread was bumped back to the top of the list. We just got the notice the scammer had 4 Accounts and is now banned.

Here are the infos, his current username is -MASTER-

DNF:
-master-
alexandra_boss
atta
imit20

NP
7 accounts - all closed now.

Member names used in different forums:
al_boxx
alexandra_boss
big dealer
dealer_t

omidakat@hotmail.com is associated with ldomainl@gmail.com
Two of the domains are:

gungwar.com and usaago.com

Guess who listed usaago.com for sale on DNF...

Whois info of Gungwar from 11/17/2008:

Quote:
Domain Name: gungwar.com
Registrar: Name.com LLC

Expiration Date: 2009-09-13 11:09:51
Creation Date: 2008-09-13 11:09:51

Name Servers:
ns1.alborzhosting.com
ns2.alborzhosting.com

REGISTRANT CONTACT INFO
ANADOLU MAH
ANADOLU MAH
OZSiRiN EVLER. B-BLOCK. NR:5
ISPARTA
ISPARTA
32200
TR
Phone: +90.903122312165
Email Address: omidakat@hotmail.com

Same date for usaago.com

Quote:
Domain Name: usaago.com
Registrar: Name.com LLC

Expiration Date: 2009-09-13 11:09:52
Creation Date: 2008-09-13 11:09:52

Name Servers:
ns1.alborzhosting.com
ns2.alborzhosting.com

REGISTRANT CONTACT INFO
ANADOLU MAH
ANADOLU MAH
OZSiRiN EVLER. B-BLOCK. NR:5
ISPARTA
ISPARTA
32200
TR
Phone: +90.903122312165
Email Address: omidakat@hotmail.com
Usaago.com from 9/14/2008:

Quote:
Domain Name: usaago.com
Registrar: Name.com LLC

Expiration Date: 2009-09-13 11:09:52
Creation Date: 2008-09-13 11:09:52

Name Servers:
ns1.alborzhosting.com
ns2.alborzhosting.com

REGISTRANT CONTACT INFO
ANADOLU MAH
ANADOLU MAH
OZSiRiN EVLER. B-BLOCK. NR:5
ISPARTA
ISPARTA
32200
TR
Phone: +90.903122312165
Email Address: ldomainl@gmail.com
All results for "ldomainl@gmail.com" in Google point to web sites in Arabic/Iranian.

Results for "omidakat@hotmail.com" point to all sorts of scams.

I will keep everyone updated on this scammer

Some more of this guy's stuff:

Dynadot Forums - selling "zakumisymbol.com"
Dynadot Forums - selling (sold) j8l.com

WHOIS info for j8l.com as of 11/16/2008:

Quote:
Domain Name: j8l.com
Registrar: Name.com LLC

Expiration Date: 2009-08-07 18:24:14
Creation Date: 2003-08-07 18:24:14

Name Servers:
ns1.dreamhost.com
ns2.dreamhost.com
ns3.dreamhost.com

Note that arch3r25@gmail.com is the email used by banned scammer 9MM, as seen here.

Dynadot Forums - selling nq6.net

WHOIS of nq6.net recently changed to:

Quote:
Registrant:
dariush omid
no32-east 45 st.
bolton, 56345
Ukraine

Domain Name: NQ6.NET
Created on: 06-Feb-06
Expires on: 06-Feb-09
Last Updated on: 01-Dec-08

Administrative Contact:
omid, dariush paridokht.com@gmail.com
no32-east 45 st.
bolton, 56345
Ukraine
4564034 Fax --
paridokht.com is a web site with ...you guessed it...Iranian WHOIS info. Nothing to do with Ukraine.

I cant guarantee that is the same guy, but i have reason to belive as someone mentioned in this thread one of his email as LdariushL@ something..........i just listed one other email with the same style of "L" as first and last letter"...........also, some dariush tried to sell my domain name at some arabic forum. He stole DVD.fm from me.

Also, many tracks leads to Iran, and i get info about his IP which should be from Teheran.........

And for one who have NP account.....here it it that thread:
http://www.namepros.com/warnings-and...d-exposed.html

And another thread:

http://www.namepros.com/warnings-and...r-vacumer.html

And IP addresses of NP member Vacumer, who stole my DVD.fm.....i belive that is the same guy as the one about who is this thread:

IP Address Geo Trace First Used
85.185.163.112 Tehran, Tehran, Iran 2009-07-21 04:46:04
173.45.101.100 , , Unknown 2009-07-21 21:37:19
173.45.98.66 , , Unknown 2009-07-23 14:53:08
212.33.209.69 , , Unknown 2009-07-24 02:47:48
212.33.209.190 , , Unknown 2009-07-24 03:01:30
173.45.103.205 , , Unknown 2009-07-24 10:44:09

And Darisuh on some arabic forum, selling my dvd.fm:
http://www.forum.persiantools.com/t133153.html

[Dave Zan]

Quote:

Originally Posted by ydnaemsti

The registrars should guarantee domain safety.

If cops can't guarantee one's safety 24/7, then I don't know why one expects a
private party like a registrar to "guarantee domain safety" other than whatever
security measures they've got in place. Besides, registrars don't control all things
that can make a hijacking occur like one's computer or email access.

Unless maybe one's willing to let the registrar control those too? Or perhaps one
should forward those escrow emails to the registrar first?

You tell me.

[ydnaemsti]

@Dave
You sound very naive. Cops are there to control and make money, they're not there to guarantee anyone's safety except the ruling entity at a given time (their employer).

Now going back to domains. The fact that there is so many domains stolen every day tells me few things:

1. The entire registrar/domain storage architecture is bogus and creates asylum for those like the hero in this thread.
2. The is room for improvement, which means there is room for a new company to come in and dominate the market.
3. Registrars should create an option to roll back all stolen transactions.

[Cartoonz]

Quote:

Originally Posted by ydnaemsti

@Dave
You sound very naive. Cops are there to control and make money, they're not there to guarantee anyone's safety except the ruling entity at a given time (their employer).

Now going back to domains. The fact that there is so many domains stolen every day tells me few things:

1. The entire registrar/domain storage architecture is bogus and creates asylum for those like the hero in this thread.
2. The is room for improvement, which means there is room for a new company to come in and dominate the market.
3. Registrars should create an option to roll back all stolen transactions.

Dave's not the one that sounds naive.

[Dave Zan]

Quote:

Originally Posted by ydnaemsti

Registrars should create an option to roll back all stolen transactions.

Most if not all do as Mallie previously posted. It's verifying claims that poses a
big challenge, especially those who do reply with rebuttals of their own.

I've dealt with various cases of this in my previous registrar. Sure was one big
headache sometimes.

[Doc Com]

I think I just got one from escrow.com.

I have never had any contact with the buyer. And no contact from Escrow.com until this email came:

It has been 2 days and the seller has not agreed to the transaction terms for:

---

If you are the seller, please sign in to your account at Escrow.com, click on your transaction number, and then agree to the terms and the escrow instructions.

If no action is taken, this transaction will be canceled in 3 days.

--------------------
Escrow.com
support@escrow.com
888-511-8600