WARNING: Stolen Domain C79.com Attention Adam etc.

[TheLegendaryJP]

Hi guys as you know we do our best as a community to catch theives and get names recovered for the rightful owners. The value of the name dictates to what level we/owner takes it but the point is stopping the theif and recovery no matter the name in return protecting everyone else from frther damage.

Here are some details, I appreciate ALL PM's with tips as to who this is and perhaps forum names etc.

In early Dec 2009 the domain name C79.com was stollen at Godaddy.
The true owner is as follows:
Natsiopoulos, A [email protected]
3 King Edwards Place
London, W3 9RP
United Kingdom
+44.0208993095

Mr. Natsiopoulos discovered 2 emails stating his domain was being transfered to another registrant with Godaddy, he quickly and correctly contacted Godaddy, provided both a passport and other ID. However Godaddy was unhelpful. Frankly if the system to stop a transfer is there to prevent these thefts it boggles my mind why they refuse to help when the system is used. At any rate the good news is the name remains within Godaddy. I will be contacting Adam as well and hope he or someone else could provide a good contact at GD to help further.

Now, the theif themself seems to be a domainer, owning other names, the whois they used for this theft is as follows:
Yejun, Luo [email protected]
No. 104, Tianhe Road
BidoDotComJbJFd
Guangzhou, Guangdong 510000
China
+86.15814821898

If anyone knows this member/individual please contact me, it appears he used " BidoDotComJbJFd " in his whois and only God knows why but clearly marked himself as one of us.

As for his email @namelinker.com, whois history shows its oldest info as a man in china later showing a man in Canada, suspicious as well and another clue. Theives lie of course and it could be they are in China or likely Canada!

It appears the theif also owns Domain-List.com which was registered last year and has C79.com for sale, another clus as to who this is, ring any bells for anyone?

Mr. Natsiopoulos spoke with me on the phone explaining the situation, he was sincere and appreciates all help.

Step up and post links to the theifs activity elsewhere and if you see this name currently listed anywhere for sale, thank you for your time.

 

[DN BROKER]

thanks for the warning

 

[TheLegendaryJP]

Another clue?

The domain name ZXZZ.com was sold by member GUA aka Tom Clowes, the buyer was as follows:
Carlos Ramos [email protected]
Av. Revolucion 1905 - 201
Mexico
DF
01000
MX

Within 3-4 months the whois switched to a China address and eventually the theifs whois info. Looks like it was " washed " and the theif put seperation between himself and the name. Unless of course ZXZZ.com had 4 owners in 6 months.

Tom please let us know who you sold to originall, is he a member? Thanks

 

[Theo]

You'd be surprised by the amount of domain laundering taking place in our industry.

 

[TheLegendaryJP]

Just received this PM at Namepros, thank you NP member

The IP block where domain-list and namelinker.com comes up with a reference to Liquidweb - Shows the host as "hostingdot.com", possibly a reseller account? (and suspicious too, as it's using whois privacy and doesn't have much in the way of contact info).

If a stolen domain is being listed for sale on a Liquidweb account, maybe that route might be worth pursuing.

Hope you catch this idiot!

 

[tomsa]

Seems to be this member : http://www.dnforum.com/member-namelinker.html

Found him checking brands.info history.

 

[TheLegendaryJP]

Seems to be this member : http://www.dnforum.com/member-namelinker.html

Found him checking brands.info history.

Incredible find Tomsa, excellent! That is the guy for sure, his shortdomains.org sub title under his username is a match as well. Not to mention exact username match lol

This is huge, ok PMing user and time to get down to biz, he is active as of lastnight and joined just 7 months ago. Who knows how many names have been stolen and sold, reports are there is at least one more.

would suggest doing a WHOIS history of B63.com (revealed by Googling the name of the current registrant of C79.com).

December 8, 2009 -- registrant is Innovative Communications
December 9, 2009 -- registrant is Luo Yejun
December 15, 2009 (and now) -- registrant is Innovative Communications

Above quote is thanks to GeorgeK, good find!

I see a lot of trader feedback for him from known members, can someone speak up about what they bought or who they paid, does his whois ring true?

As mentioned there may be a flaw in GD some how that is allowing this, that or he is so lucky on Dec 9th lol Why there isnt a GD legal rep here at DNF is beyond logic!

 

[PRED]

glad you're on this JP. there's actually another thread in legal section where a mass thief is on the large i would like you to have a look at. the thread where user 'thisdot' had domains stolen at godaddy and user 'chinesedomain'
we're talking dozens and dozens stolen. again godaddy

anyway, onto this. i actually sold a domain to 'namelinker' after checking my messages and tr. found him to be very likeable and friendly
i checked the whois on the domain i sold and it matches what you are describing
pm me if you want me to give you domain for whois to check

one thing i would say, it is possible you are onto something but thieves pretend to be other people too. its possible theif could have changed details to any members. could be me or you they changed whois to to make look kosher. then they can change whois back anytime. worth a thought before we shoot this member

anyway keep up the good work, there seems to be a rash of this fraud and thieving going on and godaddy are doing nothing. where are the reps?
why don't they add more security to logging in like enom etc?

sent you a pm JP

 

[TheLegendaryJP]

Got your PM Pred, thanks bro.

This guy imo has other usernames/identity and evidence has been found. A member Blitz at NP's provided this link...

http://www.dnforum.com/f26/aged-llll-coms-uduh-com-ojuz-com-diaj-com-5-a-thread-405651.html

It would take forever to go through each but the user was banned and the whois in some of those LLLL reflect this theif ( c79.com ). We are dealing with a man with many personalities or a group you are correct.

As for pretending to be him I doubt it, we have this guy tied to different thefts on 2 boards now with different usernames too. If he was pretending to be a theif he picked the identity of another theif to use for whoi, doesnt make sense mate, its him. I do agree he likely has some legit deals, no doubt but the moment you steal one name youre toast.

 

[silverclick]

besides keeping the domain locked ... what else can be done to prevent this from happening?

How did he get access in the first place?

 

[katherine]

AFAIK Namelinker is clean, it could be that he purchased the name from the thief and there was a changeover between him and the true owner.
Let's not jump to conclusions too fast

 

[TheLegendaryJP]

AFAIK Namelinker is clean, it could be that he purchased the name from the thief and there was a changeover between him and the true owner.
Let's not jump to conclusions too fast

Problem with this is whois history does not support that at all, see below. Also the whois he uses is also linked to three other suspicious names, one returned already at GD and the other in the link provided above the member was banned. Why did he change his username recently, why did he have to rejoin in the spring last year?

Sorry but there is too much against him. He needs to reply and state how he received c79.com along with proof of purchase. Otherwise a guy across the world called me for help on a $100 name and sent his passport and ID to GD all for what, kicks?

« Previous Next »
Domain: c79.com - Domain History
Cache Date: 2009-12-09
Registrar: GODADDY.COM, INC.
Registrant Search: Click on an email address we found in this whois record
to see which other domains the registrant is associated with:
[email protected]

--------------------------------------------------------------------------------


Registrant:
A Natsiopoulos
3 King Edwards Place
London, W3 9RP
United Kingdom

« Previous Next »
Domain: c79.com - Domain History
Cache Date: 2009-12-10
Registrar: GODADDY.COM, INC.
Registrant Search: Click on an email address we found in this whois record
to see which other domains the registrant is associated with:
[email protected]

--------------------------------------------------------------------------------


Registrant:
Luo Yejun
No. 104, Tianhe Road
BidoDotComJbJFd
Guangzhou, Guangdong 510000
China


No in between guy, maybe that was his down fall this time ! The real owner has stated that the whois email was the one that sent the request no one else involved. So he would have to have bought a name from a theif who had the real owners email and never looked at whois etc, not possible and here is why, his whois is reflected on more than one stolen name now and a pattern is developing, username changes, bans, rejoining..if it looks like a duck, quacks like a duck...


So whats the story with him Sdsinc? Afaik/Namelinker that is.

Join Date 05-04-2009

Look at WVZE.COM whois from the thread a few posts above, is this an alias of his because he still owns some of them, most recovered to the rightful owner and that dnf member banned. No denying needed, its clear anmd cut.

 

[vikrantjain22]

Now, the theif themself seems to be a domainer, owning other names, the whois they used for this theft is as follows:
Yejun, Luo [email protected]
No. 104, Tianhe Road
BidoDotComJbJFd
Guangzhou, Guangdong 510000
China
+86.15814821898

If anyone knows this member/individual please contact me, it appears he used " BidoDotComJbJFd " in his whois and only God knows why but clearly marked himself as one of us.

The reason he put in that code is because he is going to sell that name in BIDO Auctions shortly. As per BIDO Policy you need to confirm yourself as the registrant of the name you are submitting for sale.
Since Godaddy doesnt allow external whois searches to its database, as a alternative the registrant is asked to put a unique BIDO code in the address line / NS Server Line to Authenticate that the name indeed belongs to him.

Once the name is authenticated by BIDO, the name can go to a Guaranteed auction or a normal auction. In this case I suspect it might be a guaranteed auction and NOT a normal auction since in the former auction the BIDO Exclsuive buyers out in BIDS not viewable to outsiders and if after the auction is over, you can silently accept the same and sell the name to that Exclusive buyer without the name coming up for auction to the general Auction pool.
This way he might sell the name on th sly and no one will notice the auctioning of the name also.

 

[katherine]

Has the member been notified of this thread yet ?

 

[GUA]

Another clue?

The domain name ZXZZ.com was sold by member GUA aka Tom Clowes, the buyer was as follows:
Carlos Ramos [email protected]
Av. Revolucion 1905 - 201
Mexico
DF
01000
MX

Within 3-4 months the whois switched to a China address and eventually the theifs whois info. Looks like it was " washed " and the theif put seperation between himself and the name. Unless of course ZXZZ.com had 4 owners in 6 months.

Tom please let us know who you sold to originall, is he a member? Thanks

Having checked my records, I sold ZXZZ.com to Carlos Ramos on December 2nd 2008.
The sale was via Ebay, and Carlos also purchased TLIH.com (which is now showing Domains by Proxy whois).
I have contact information for Carlos if required.
I'll try and help in anyway I can.

Thanks
Thomas

 

[18493]

Threads like this need more visibility and recognition. Great posts and info.

---------- Post added at 01:49 PM ---------- Previous post was at 01:37 PM ----------

IMO - This kind of thread needs a sticky feature so it remains at the top of a respective forum/thread category.

 

[TheLegendaryJP]

Thanks for confirming its set to BIDO, the fact that member Namelinker sales steady here but isnt listing C79 is another red flag, hope BIDO sees this thread and haults the auction.

YES the member has been notified and still no response

 

[Millering]

At least i know Namelinker isn't a hacker or stealer, not a chance, he's been a moral domainer for many years.
It's close to Chineses Spring Festival now, only 1 week left, normally we go back to hometown, stay with parents. I guess that's why he didn't response.

Thanks
Miller

 

[TheLegendaryJP]

At least i know Namelinker isn't a hacker or stealer, not a chance, he's been a moral domainer for many years.
It's close to Chineses Spring Festival now, only 1 week left, normally we go back to hometown, stay with parents. I guess that's why he didn't response.

Thanks
Miller

Says the 4 month member from China as well.

 

[denny007]

At least i know Namelinker isn't a hacker or stealer

"An actor who attracts attention when another is intended to be the center of attention"
http://www.merriam-webster.com/dictionary/stealer

OK I believe you he is no stealer