Category: CYBER SECURITY

Restricted Domain Names

**Disclaimer** – All logos on this page are copyrighted and cannot be used without our permission.

Restricted Domain Names

Exploring Prohibited Domains: The Restrictions on Domain Name Registration

Domain names act as the digital addresses that guide users to websites and online resources. These unique identifiers play a crucial role in establishing an online presence, reflecting brands, ideas, and individuals. However, not all domain names are up for grabs. A subset of these names is deemed prohibited and restricted from registration due to various reasons ranging from legal concerns to ethical considerations.

Understanding Prohibited Domains:

Prohibited domains, also known as restricted or reserved domains, are those that are off-limits for public registration. These domain names are withheld from registration due to specific rules and regulations set by domain name authorities, government bodies, and international agreements. The reasons for prohibition can be categorized into legal, ethical, cultural, and technical concerns.

Legal Restrictions:

Certain domain names are prohibited due to legal implications. These names might involve trademarks, copyrighted material, or names that infringe upon intellectual property rights. Registering domain names that closely resemble well-known brands or copyrighted phrases can lead to legal disputes, as they could be seen as an attempt to mislead or profit from the reputation of established entities.

Ethical and Cultural Considerations:

Many domain names are prohibited to prevent offensive, obscene, or harmful content from being disseminated online. This includes names that contain hate speech, racial slurs, explicit content, or any material that goes against societal norms and values. Ethical considerations also extend to domain names that could potentially deceive users by impersonating legitimate institutions or organizations.

Geopolitical and National Restrictions:

Certain countries maintain strict controls over domain names that incorporate their official country codes. For instance, domain names ending with “.gov” are typically reserved for government entities, while those ending with “.edu” are often limited to educational institutions within the United States. This ensures that domain names accurately reflect the nature of the organizations they represent.

Technical Limitations:

Some domain names are prohibited due to technical reasons. These names might conflict with top-level domain (TLD) categories, reserved keywords, or the domain name system’s structure. These restrictions help maintain the stability and functionality of the internet infrastructure.

Examples of Prohibited Domains:

  1. Trademarks and Copyrights: Registering domain names that infringe upon well-known trademarks or copyrighted material is generally prohibited. This prevents cyber-squatting and protects the intellectual property rights of legitimate owners.
  2. Adult Content: Domain names containing explicit or adult content are often prohibited to ensure a safer online environment for users of all ages.
  3. Hate Speech: Names promoting hate speech, racism, and discrimination are restricted to curb the spread of harmful ideologies and maintain a respectful online space.
  4. Impersonation: Domain names that impersonate official organizations or individuals can be prohibited to prevent scams and fraudulent activities.
  5. Geopolitical Restrictions: Some country-code domains are restricted to entities within specific countries to maintain the authenticity and integrity of national online identities.

Enforcement and Consequences:

Domain name registrars and authorities actively monitor and enforce restrictions on prohibited domains. Violating these restrictions can result in legal action, domain suspension, or even loss of online credibility. Moreover, search engines and web browsers often flag websites with prohibited content, limiting their visibility and reach.

Listed of Restricted Keyword Domain Names

While the exact list of restricted keyword domain names can vary based on different domain registries and regulations, here are some general categories of restricted keywords that are commonly not allowed for domain name registration:

  1. Trademarks and Brands: Any domain name that infringes on a registered trademark or brand name is typically restricted. This includes names that are identical or very similar to well-known brands. (An example Bookings.com is trademarked so you would not be able to register www.hotelbookings+ext).
  2. Adult Content: Words or phrases that are explicit, suggestive, or related to adult content are often restricted to maintain a safe online environment. (self-explanatory).
  3. Hate Speech and Offensive Language: Domain names that contain hate speech, offensive slurs, or discriminatory language are generally restricted to prevent the spread of harmful ideologies.
  4. Illegal Activities: Keywords related to illegal activities, such as drug trafficking, hacking, or other criminal endeavors, are often restricted to prevent the promotion of unlawful behavior.
  5. Impersonation: Domain names that impersonate well-known organizations, government agencies, or individuals are usually restricted to prevent scams and fraud.
  6. Sensitive Topics: Keywords related to sensitive topics like terrorism, violence, or other controversial subjects might be restricted to prevent the spread of extremist ideologies.
  7. Geographical and Government Terms: Some domain extensions (TLDs) have restrictions on using names related to governments or geographical locations without proper authorization.
  8. Phishing and Fraud: Keywords that are commonly associated with phishing attempts or fraudulent activities might be restricted to protect users from deceptive websites.
  9. Misleading Information: Domain names that contain false or misleading information, such as fake news sites, might be restricted to maintain online credibility.
  10. Medical and Health Claims: Some domain names that make false or unverified claims about medical treatments, cures, or health benefits might be restricted to protect public health. (The word Cov#d is prohibited).
  11. Financial Scams: Keywords related to financial scams, pyramid schemes, or get-rich-quick schemes are often restricted to prevent financial harm to users.
  12. Educational and Governmental Designations: Certain TLDs have restrictions on domain names that suggest educational or governmental affiliations without proper authorization.
  13. Profanity: Domain names containing profane or vulgar language are typically restricted to maintain a professional online environment.
  14. Copyrighted Material: Keywords that are associated with copyrighted material, such as movie titles, book names, or song lyrics, might be restricted to protect intellectual property rights.
  15. Sovereign Names: An example of this was when Iceland.co.uk (Grocery Store got into a dispute with Iceland the country). Iceland launches legal challenge over supermarket name – BBC News (a country+ext cannot be registered but a town, or city can, furthermore you can register country+keyword+ext).

It’s important to note that the specific restrictions and guidelines can vary depending on the domain extension (TLD) you’re interested in and the policies of the domain registrar you’re using. It’s recommended to review the terms and conditions of the domain registrar and the relevant domain registry before attempting to register a domain name.

There are no specific domain name guidelines regarding domain restrictions just general information. There is no definitive list of which domains are prohibited and which ones are not.

Is ‘Cymru Bank’ a restricted domain name?

www.cymrubank.co.uk & www.cymrubank.com

“Cymru bank” does not appear to be a commonly recognized restricted keyword for domain name registration. (This is from doing research and I could not find a definitive list of banned domain names).

“Cymru” is the Welsh word for “Wales,” so a domain name like “Cymru Bank” could potentially be related to a bank in Wales or have other regional significance. When considering such domain names, it’s a good idea to research the specific TLD you’re interested in (such as “.com,” “.co.uk,” “.wales,” etc.) to understand if there are any restrictions or guidelines related to the use of names that could potentially imply affiliations with financial institutions or geographic regions.

“In our defense, there is no inclination that these keywords are restricted”

Furthermore, there is a famous Domain Investor called ‘Mike Mann’ who has a large portfolio of Bank domain names that he is selling, review his list here: DomainMarket.com I always follow his lead, and if the word bank was prohibited not only would we not be brokering www.bank.com but Mike would not have been able to register all those domains. So it will be interesting what BS excuse IONOS comes up with.

Always check with the domain registrar or registry associated with the TLD you’re interested in to ensure that the domain name you’re considering does not violate any restrictions or policies. It’s also possible that there have been updates or changes since my last knowledge update.

Registering Domain Name

Prohibited domains play a critical role in maintaining a safe, lawful, and ethical online environment. By restricting certain domain names from registration, authorities and organizations work to prevent misuse, protect intellectual property, and uphold the values of the digital realm. As the internet continues to evolve, the regulation of domain names remains an essential aspect of ensuring a positive online experience for users worldwide.

I start off by saying I own the website that has the keyword “Cymru” (country+keyword+ext) in the domain www.cymrumarketing.com and the domain(s) www.cymrumarketing.co.uk and www.cymrujournal.co.uk and www.cymrujournal.com and have multiple business directories related to different industries and services on this site, including banking and law. We do most of our marketing and advertising via this hub and are planning on expanding our services further.

Whenever a domain name is dropped we try to make use of it if our customers do not want them any longer.

We usually forward the domains to our marketing pages if we have no plans to develop them. In most cases, we use domain names for our marketing campaigns. On occasion, we may hand-register domains for our digital marketing strategies, just like we tried to do this instance with the www.cymrubank.co.uk and www.cymrubank.com

Cymru Journal Logo

We also have a collection of banking directories:

UK Business Banking Logo
www.ukbusinessbanking.co.uk & www.ukbusinessbanking.com Domain Names For Sale!

We are also affiliated to the following two banks.

Bullion Vault Logo

Domain Brokering

Both Michael Dooner and I are also jointly brokering the domain name www.bank.com

Security Threat

My concerns arose last week when I received two suspicious emails. I tried to contact complaints@ionos.co.uk and am still waiting for a reply. I sent them the email source code and nada, not a peep.

Upon having a conversation on Monday 28th August 2023 with a call handler, appertaining to my account being hacked she said I should have sent my email to security last week.

There is no list of email addresses to contact IONOS and how was I supposed to know what email to use? According to them they no longer monitor the email support@ionos.co.uk

The email for security is: hosting-security@ionos.co.uk

The point is that I attempted to register www.cymrubank.co.uk and www.cymrubank.com as I was planning on having a databank of stock images for the Cymru Marketing Journal (CMJUK) and a Banking Directory of Welsh Banks on my site, hence registered both the domain names.

All seemed well on Friday when I registered them but I noticed that normally the contracts immediately become available to use but for some reason, I could not see them on my dashboard.

I then phoned the registrar/hosting provider the following day (Saturday) and was told that the domains were under security review and that I had to wait 48 hours from the time of registering. The time came and went and I phoned them again on late Sunday evening giving them plenty of time to sort out the problem. I was told to wait another 24 hours.

Hacked Account

Hacker

Now this bit becomes crazier I then received one alarming email referencing my account on Monday 28th August 2023 had been hacked and I was locked out for security reasons. I then received a further two emails three minutes later one for each domain name to say my order had been rejected, even though they took the money out on Friday and the payment was pending (£1.20 per domain as I ordered a Mail Basic 5 package). The money was not the problem as in total it came to £2.40 for the first month for 12 months.

IONOS email
I have redacted my data for security reasons.

I proceeded to try and log in to my control panel and low and behold I was indeed locked out.

My immediate thoughts were to move my money out of my bank account which was associated with this hosting provider before proceeding to phone them, the email said there was a problem with my payment method and later stated over the phone the domains were restricted because of security and for me to reset my password.

“If the domains were restricted they should NOT be available for registration, it is as simple as that, no ifs or buts”.

There is no definitive list of words (perhaps this is my calling) other than sovereign names. An example of this is country name + domain extension and trademarks that cannot be registered other than some words that get censored by search engines and are deemed offensive and referenced in the articles below:

My Security concerns have been long going as I told the agent how could the entities that sent me the information by email last week know the names of the customers on the e-commerce stores without hacking the site. I was told I had to relay the message to their security department and not the complaints team.

I told them that they should not be doing business with Russia as they do not like the US or the UK and the Agent on Monday was adamant that they do not do business with Russia even though I have evidence that they do: https://ukdomainbrokers.ukwebsitedesigners.co.uk/ionos-ecwid-ecommerce-russian-app/ The agent was full on arguing with me that I did not know what I was talking about. I have even had one of the executives in IONOS admit that everything I am saying is correct, but there was nothing they could do.

“IONOS uses an e-commerce 3rd party app that they have white-labeled as their own but is in actual fact is supplied by ECWID which is a Russian App”.

To think IONOS are trying to pass the buck is beyond unreal. I have the latest Antivirus on all my devices and Wordfece on all my websites and it seems a bit of a coincidence that 3 minutes after I was hacked I had two rejection emails saying there was a problem with my payment for www.cymrubank.com and www.cymrubank.co.uk, in which I immediately moved all my money out of my account.

I get invoiced in bulk once a month so there would not have been a problem until IONOS tried to take my money out after the 15th of each month.

I think it is high tide I warn people not to buy restricted words but also to be careful of trademark words.

…and perhaps start looking for another hosting provider, because even as I finish writing this post, I still note that the two domains in question are available for registration, if the same shenanigans continue it may be that they do not value my business (all 91 contracts) or do not want to continue doing any more business with me.

Do I need the domain names not really as I can simply create sub-directories to the tail end of my URL?

It is the security aspect I am the most upset about and how this ruined my bank holiday, instead of spending quality time with my family I had to sort this sh#t out, which prompted me to write this article (yes the word sh#t is a censored word).

IONOS Contact Emails Are As Follows:

  • complaints@ionos.co.uk
  • billing@ionos.co.uk
  • hosting-security@ionos.co.uk

My Final Words As I Sign Off

You are more than welcome to try and register the domains, but I have resigned to the fact I do not want them any longer. If you encounter similar problems, leave your comments below. I will be reaching out to the security team before sharing this article on social media for their response.

It seems highly suspicious that the domains are still available and it makes me wonder why this has happened and do they value my business.

Leave a Reply

#accounthacked #trojan #virus #ionos #cymrubank #phishing #cybersecurity #hacked #hacker #virus #antivirus #norton #safelinks #ecwid #russianapp #ionosecommerce

Domain Name Threat

Cyber Security Domain Name Threat

Domain Name Threat

If you feel your domain is under threat contact your domain registrar asap.

  • Your domain registrar—Your registrar is the company from which you bought the domain. Contact them as soon as your domain gets hijacked and tell them you didn’t initiate the ownership transfer request. …
  • ICANN―Contact ICANN regarding your domain name hijacking. But be warned, their experts might ask you for documentation, i.e., proof that you are the rightful owner of the domain.

I received an email from an entity which I forwarded to my registrar www.one.com

I am calling on all domain name detectives to try and help me find the owner of www.0ne.com, NOT www.one.com because someone is impersonating the registrar www.one.com and has sent me an email to me, masking their identity, trying to steal my domain name or put a virus on my computer.

I have reported and forwarded the email to the registrar ONE.COM for further investigation and have captured the email source which means nothing if this is a hacker, as there are ways to hide their identity. I would like to reach out to the owner of www.0ne.com (it’s a number, not a letter) to see if they can shed some light on this. They even used an email address that I supposedly own, to send their fraudulent email. Once I get to the bottom of this I will name and shame the entity and report them to the cyber security police (New Scotland Yard, London).

I could simply ignore this but I want to protect the next victim they target. This is not spam email more like phishing or a hacker.

Impersonating a legitimate business is very serious.

It seems a bit of a coincidence that I was unable to log in to my site as the login URL path had been changed about a week ago.

I performed a who is and this is what I found.

0ne.com Domain Information

Domain: 0ne.com

Registrar: DropCatch.com 565 LLC

Registered On: 2020-07-13

Expires On: 2023-07-13

Updated On: 2022-07-02

Status: clientTransferProhibited

Name Servers: ns1.dan.com ns2.dan.com

Registrant Contact Name: Stan N

Street: Dneprovska nab 26a

City: Kiev

State: Ky?vs’ka Oblast’

Postal Code: 02068

Country: UA

Phone: +380.666266666

Email:

email@Ymail.com

Administrative Contact Name: Stan N

Street: Dneprovska nab 26a

City: Kiev

State: Ky?vs’ka Oblast’

Postal Code: 02068

Country: UA

Phone: +380.666266666

Email:

email@Ymail.com

Technical Contact Name: Stan N

Street: Dneprovska nab 26a

City: Kiev

State: Ky?vs’ka Oblast’

Postal Code: 02068

Country: UA

Phone: +380.666266666

Email:

email@Ymail.com

Raw Whois Data

Domain Name: 0Ne.com
Registry Domain ID: 2545811224_DOMAIN_COM-VRSN
Registrar WHOIS server: whois.NameBright.com
Registrar URL: http://www.NameBright.com
Updated Date: 2021-04-07T00:00:00.000Z
Creation Date: 2020-07-13T18:23:55.000Z
Registrar Registration Expiration Date: 2023-07-13T00:00:00.000Z
Registrar: DropCatch.com 565 LLC
Registrar IANA ID: 2045
Registrar Abuse Contact Email: email@NameBright.com
Registrar Abuse Contact Phone: +1.7204960020
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Stan N
Registrant Organization: 
Registrant Street: Dneprovska nab 26a
Registrant City: Kiev
Registrant State/Province: Ky?vs'ka Oblast'
Registrant Postal Code: 02068
Registrant Country: UA
Registrant Phone: +380.666266666
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: email@Ymail.com
Registry Admin ID: Not Available From Registry
Admin Name: Stan N
Admin Organization: 
Admin Street: Dneprovska nab 26a
Admin City: Kiev
Admin State/Province: Ky?vs'ka Oblast'
Admin Postal Code: 02068
Admin Country: UA
Admin Phone: +380.666266666
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: email@Ymail.com
Registry Tech ID: Not Available From Registry
Tech Name: Stan N
Tech Organization: 
Tech Street: Dneprovska nab 26a
Tech City: Kiev
Tech State/Province: Ky?vs'ka Oblast'
Tech Postal Code: 02068
Tech Country: UA
Tech Phone: +380.666266666
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: email@Ymail.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net
>>> Last update of WHOIS database: 2023-01-12T10:36:52.403Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Email Source

EMAIL-SOURCE

Help From LinkedIn

I posted on LinkedIn and my post went viral. I have since had the following information given to me:

The hosted services are running from:

It is hosted by: Amazon Technologies Inc.
WHOIS information: Click here
Organization name: AWS EC2 (eu-central-1)
IP address: 3.64.163.50
AS(autonomous system) number and organization: AS16509 Amazon.com, Inc.
AS name: AMAZON-02
Reverse DNS of the IP: ec2-3-64-163-50.eu-central-1.compute.amazonaws.com
City: Frankfurt am Main
Country: Germany

So. there are some AWS instances running on this domain in Germany. Deep diving into some open port scans I can also see common ports open used to run “Bad Bots”

Contact – https://support.aws.amazon.com/#/contacts/report-abuse

Note From The Editor

I will update this post in due course when I get a response from the registrar www.one.com

I have started a chat and this is what transpired:

Chat started on 15 Jan 2023, 03:24 PM (GMT+0)
(03:24:05)*** RENATA MAZIAK joined the chat ***
(03:24:05)RENATA MAZIAK
To whom it may concern,

I am getting tired of the SLOW RESPONSE I am getting. Please scroll to read the thread.

On top of this, I wanted to know how to get a CSV file for all the inventory (products) of a shop namely xxxxxxxxxxx, and what does Mareze do? she only gives me a
guide on how to export orders. (not quite the same) lol and omg.

I am getting sick and tired of the extremely slow response and also I still want
to know how to separate the WordPress site from my sub-domain DON NOT GIVE ME TUTORIALS. I have attempted to do it through FTP and it does not migrate. I was told by someone in one.com I cannot separate the subdomain I need answers.

I AM GETTING SICK AND TIRED OF THE POOR SERVICE THIS COMPANY IS PROVIDING.

You really do not want me to rant on LinkedIn.

From: Renata M Barnes <renatamaziak@msn.com>
Sent: 13 January 2023 00:45
To: one.com team <support@one.com>
Subject: Re[2]: Conversation with RENATA MAZIAK

Dear Mareze,

With reference to my setting up a new database and migrating the subdomain,
it is not possible. It is not an error message per~se it just will not migrate.

I have another issue I think there is an attempt for my domain www.cymrumarketing.com to be hijacked, the very same domain I could not log in to the other day.

I forwarded an email I received to support an hour or so ago and wrote a post
about it on my other site:
YOU NEED TO READ THIS

https://ukdomainbrokers.ukwebsitedesigners.co.uk/domain-name-threat/

I need to be assured my domain and my site is safe.

I want to speak with a human.
(03:24:08)*** Support Robot joined the chat ***
(03:24:08)Support Robot
Hi RENATA MAZIAK! Welcome to one.com customer support.
(03:24:14)Support Robot
What kind of WordPress issue does it concern?
(03:24:20)RENATA MAZIAK
4: None of the above
(03:24:42)RENATA MAZIAK
I want to speak with a human
(03:24:51)Support Robot
May I know the email address or domain name, please?
(03:24:51)Support Robot
Alright, I will now transfer you to a human supporter who will help you further.
(03:24:53)Support Robot
I’m sorry to tell you that it’s currently very busy and the waiting time is more than 10 minutes.
(03:24:55)Support Robot
Here is a brief summary of our conversation so my colleague can quickly get an overview.

Initial question: To whom it may concern,

I am getting tired of the SLOW RESPONSE I am getting. Please scroll to read the thread.

On top of this, I wanted to know how to get a CSV file for all the inventory (products) of a shop namely xxxxxxxxxxxx, and what does Mareze do? she only gives me a guide on how to export orders. (not quite the same) lol and omg.

I am getting sick and tired of the extremely slow response and also I still want to
know how to separate the WordPress site from my sub-domain DON NOT GIVE ME TUTORIALS. I have attempted to do it through FTP and it does not migrate. I was told by someone in one.com I cannot separate the subdomain I need answers.

I AM GETTING SICK AND TIRED OF THE POOR SERVICE THIS COMPANY IS PROVIDING.

You really do not want me to rant on LinkedIn.

From: Renata M Barnes
Sent: 13 January 2023 00:45
To: one.com team <support@one.com>
Subject: Re[2]: Conversation with RENATA MAZIAK

Dear Mareze,

With reference to my setting up a new
Domain: teainfusions.co.uk
(03:24:56)*** Support Robot has transferred chat to English Support ***
(03:26:09)RENATA MAZIAK
I have sent a few emails and have not hand any response
(03:26:45)RENATA MAZIAK
Hello is anyone there?
(03:26:58)Automatic message
Thank you for your patience. Waiting times are currently longer than normal. Please hold on and we will be with you as soon as possible or feel free to send an email via https://www.one.com/en/support
(03:56:43)*** Karen joined the chat ***
(03:56:44)*** Support Robot left the chat ***
(03:56:53)Karen
You have to reach one.com online support! This is Karen.
Thank you for the information you have provided. Please bear with me while I go through it quickly, and I will be with you shortly.
(03:57:09)RENATA MAZIAK
Hi
(04:04:57)Karen
Hello there. I am still checking the account and thread.
Please continue to hold.
(04:05:08)RENATA MAZIAK
ok
(04:05:14)Karen
Thanks.
(04:05:20)RENATA MAZIAK
no probs
(04:05:36)Karen
👍🏻
(04:18:04)Karen
By the way regarding the CSV file for the product, there is a way however please note that it will not include image files or/and files that are related to digital products.

Are you using a Google Chrome Browser?
(04:19:01)RENATA MAZIAK
I have all the browsers.
(04:19:30)RENATA MAZIAK
What about my compromised email?
(04:20:06)RENATA MAZIAK
Are you going to show me how to get a csv?
(04:21:22)Karen
Still checking on it with our Technical team.

Yes, please access your shop, and go to products and use Chrome browser
(04:21:40)RENATA MAZIAK
and then what?
(04:23:55)Karen
Once open, press F12 in your keyboard this will show up and click on the 3 dots:
(04:23:55)Karen
Agent uploaded: image.png
URL: https://onecomhelp.zendesk.com/attachments/token/3V6i6KHU8sWI7Yp93NOTHbfa2/?name=image.png
Type: image/png
Size: 24571
(04:24:56)Karen
On the run command, please enter this command:
one.application.settings.showUploadCSV(true);
(04:24:56)Karen
Agent uploaded: image.png
URL: https://onecomhelp.zendesk.com/attachments/token/VSjc2JNrP14DkB1LYmTSvr5VX/?name=image.png
Type: image/png
Size: 10610
(04:25:06)Karen
Click on enter once done
(04:25:20)RENATA MAZIAK
What are you referring to you are making no sense
(04:26:02)Karen
Have you followed the instruction above and entered the command?
(04:26:09)RENATA MAZIAK
The CSV is on your server not on my computer
(04:27:21)Karen
If you follow the instruction above, you will see this button to download the CSV of your products.

Notes:
The downloaded data doesn’t include product image files and files that are related to digital products.
(04:27:21)Karen
Agent uploaded: image.png
URL: https://onecomhelp.zendesk.com/attachments/token/EzhaLwFKtARYQd2a2QEU6YDlk/?name=image.png
Type: image/png
Size: 14598
(04:27:37)RENATA MAZIAK
I never uploaded the inventory, my client did.
(04:28:24)Karen
This instruction I provided is how you can get a CSV file of your product on the shop.
In this way, you can download it and save it on your device
(04:29:22)RENATA MAZIAK
ok, as for my compromised domain name what is happening with that and the email I received form 0ne.com not one.com
(04:31:14)Karen
Just to clarify, this is the domain name: cymrumarketing.com that you are referring?
(04:31:27)RENATA MAZIAK
yes
(04:33:45)RENATA MAZIAK
I also want to seperate the sub-domain from the main domain and back it up to a new directory.
(04:37:24)Karen
Regarding with the domain: cymrumarketing.com, it is safe. You can check on a legit whois site
https://www.whois.com/whois/cymrumarketing.com 

It might be a phishing email, and we suggest not clicking any link
(04:37:24)Karen
Agent uploaded: image.png
URL: https://onecomhelp.zendesk.com/attachments/token/6A6OnBm0MrrGWJuxydbXfxTdt/?name=image.png
Type: image/png
Size: 39277
(04:39:18)RENATA MAZIAK
Yes I get this and as such have not done so but someone is pretending to be one.com from 0ne.com do you not think this is alarming also I need to separate the sub-domain how do I do this?
(04:42:17)Karen
Phishing and scammers technology also evolve, so we just need to be vigilant as once reported they will simply close down the server they are using and open a new one. This was already reported, however, some are hard to trace, especially if they use proxy and VPNs.

Regarding the separate subdomain, the email ticket you have is threaded, and I just wanted to make sure the domain you are referring for this.
(04:43:29)RENATA MAZIAK
Yes it is the same domain
(04:44:22)Karen
cymrumarketing.com, this right?
(04:44:28)RENATA MAZIAK
yes
(04:44:42)Karen
I am checking the web files. Please hold.
(04:44:55)RENATA MAZIAK
https://marketingagency.cymrumarketing.com/
(04:45:26)RENATA MAZIAK
I am away from the computer for 2 mins
(04:51:21)Karen
I just wanted to make sure we are on the same page so that I could check this further. You mentioned that you wanted to separate the WordPress site from the subdomain (marketingagency.cymrumarketing.com), may I know where you are planning to move it on and what domain or subdomain? Or may I know what you are trying to achieve, just to be clear?
(04:51:27)Karen
Sure. Please take your time.
I’ll wait.
(04:52:22)RENATA MAZIAK
I want two separate sites.
(04:53:16)RENATA MAZIAK
I just want the instruction first of all nothing more.
(04:55:39)Karen
I just need to understand what you are trying to achieve or do, so I could provide the exact instruction.
Having it as a subdomain (marketingagency.cymrumarketing.com) makes it a different or separate site to your main domain. Unless you will migrate and use the website files of (marketingagency.cymrumarketing.com) to a totally different domain name.
(04:58:07)RENATA MAZIAK
For argument’s sake, I want two lots of hosting. I want to host fro the static site cymrumarketing.com and I want to host for the WordPress site to be stand-alone separate and I have another domain name www.cymrujournal.com
(04:59:51)RENATA MAZIAK
All I want is the instructions at this stage. I have tried using FTP and have had help from third-party tech engineers who have said it is not possible to migrate my WordPress.
(05:02:29)RENATA MAZIAK
are you there?
(05:02:59)Karen
Yes, just checking on this. Please hold.
(05:03:17)RENATA MAZIAK
ok
(05:04:14)Karen
You mentioned that you tried doing this using FTP, may I know the FTP details such as Hostname, and username port did you use?
(05:05:18)Karen
Because I check on your SFTP/FTP it is off, and it might be the reason why you cannot do it on SFTP/FTP
You can check this on how to activate the SFTP and FTP:
(05:05:19)Karen
Agent uploaded: image.png
URL: https://onecomhelp.zendesk.com/attachments/token/4Jpi0So6JUlD3SOUaBcmcwaYd/?name=image.png
Type: image/png
Size: 25567
(05:05:34)RENATA MAZIAK
I used ionos. I do not have the hosting any longer because I dropped it because it did not work.#
(05:05:37)Karen
https://help.one.com/hc/en-us/articles/115005588249-How-do-I-activate-SFTP-for-my-web-space-
(05:06:45)Karen
Because if you will migrate the website (your subdomain), for example to your domain cymrujournal.com they will need an active SFTP or FTP to connect and migrate the website over
(05:07:31)Karen
Once SFTP/FTP is enabled and you already set a password, you can let them try to migrate it using the credential showing on your SFTP or FTP
(05:07:34)RENATA MAZIAK
Please give me clear instructions on how to do this or if I was to migrate to
WordPress hosting with you would you be able to do it for me?
(05:09:17)RENATA MAZIAK
I need the last bit answered and I am then ending the chat would you be able to do it if I purchased new hosting?
(05:12:56)Karen
Just to be clear, are you going to migrate the website file of marketingagency.cymrumarketing.com to cymrujournal.com.
As I need to know from which website will be migrated and the receiving website so I could provide clear instructions.

Please provide me the 
1. Migrating from (URL):
2. Migrating to (URL):

so we could better understand
(05:14:08)Karen
Because if you will ask us for instructions to migration this is what we have: https://help.one.com/hc/en-us/articles/360000029298-Using-1-click-WordPress-migration and https://help.one.com/hc/en-us/articles/115005585969-Move-your-WordPress-site-to-another-domain
(05:15:13)RENATA MAZIAK
I am not sure if to drop the hosting for the static site cymrumarketing.com and
use this domain for the WordPress site or use the cymrujournal.com domain. I have not made my mind up all I want is instructions.
(05:15:35)RENATA MAZIAK
static hosting for a web builder
(05:18:17)Karen
This is the instruction we have for migration.
https://help.one.com/hc/en-us/articles/360000029298-Using-1-click-WordPress-migration and https://help.one.com/hc/en-us/articles/115005585969-Move-your-WordPress-site-to-another-domain

Please note that a website file created on WordPress can be migrated, however, this will not convert it to a website builder platform if that is what you are referring on your last chat.
(05:20:39)RENATA MAZIAK
I am not interested in web builder I just want to have two separate sites even if it means buying WordPress hosting from you. You still have not said if I was to do that would you migrate it for me seeing as I am on the managed package
(05:23:44)Karen
Yes, we can request our Manage WordPress team for the migration if you will provide them with these details below and if the WordPress or hosting is with us:
 
1. Migrating from (URL):
2. Migrating to (URL):
(05:25:17)RENATA MAZIAK
Ok, thank you. I will make a note of this. I am ending the chat and thanks for your help.
(05:25:55)*** RENATA MAZIAK left the chat ***

There were three issues I wanted to answer.

  1. The phishing of my website (now answered).
  2. The CSV file of a shop was answered and am no closer to downloading it as the instructions did not work, and the images are not downloadable.
  3. The migration of my WordPress site (semi-answered), avoided giving me the instructions, conveniently.

If you have any information please use the form below to send it to us:

#domaintheft #domainnametheft #cymrumarketing #dan.com #one.com #0ne,com #hacker #phishing #cyberthreat

IP: 103.209.229.2 Attempted to Hack My site.

IP: 103.209.229.2 Attempted to Hack My site

Hackers Site www.wimsbd.com

“I think it is only right to give this person their five minutes of fame considering the effort they have gone to trying to hack my website”.

I used the following service to do a ‘Reverse IP Look Up’: https://www.whatismyip.com/reverse-dns-lookup/

MY WEBSITE

This is the message I had from WordPress, I have redacted some of the information and sent the hacker an email. The original WordPress message can be seen at the bottom of the screenshot.

I have enlarged the text below!

Fw: [] Failed WordPress login attempt by IP 103.209.229.2

From: xxxxxx@xxxxxxxxxxxxx Tue 08/06/2021 11:37

To: wimsbd@gmail.com

I have just done an IP Address Look UP

IP Address Location Information for 103.209.229.2

SCROLL TO READ NOTIFICATION FROM WORDPRESS

  • City: Rangpur
  • State: Rangpur
  • Country: Bangladesh
  • Postal Code: 5403
  • Time Zone: +06:00

Host Info for 103.209.229.2ASN: 135115ISP: Wims OnlineHost Name: 103.209.229.2 Domain: wimsbd.com

Proxy Check Info for 103.209.229.2

  • Proxy: No

And am wondering why you are attempting to hack www.disabledentrepreneur.uk ??????????????????????🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬🤬
IF YOU PLAY WITH FIRE, YOU WILL GET BURNT!🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥


From: wordpress@disabledentrepreneur.uk <wordpress@disabledentrepreneur.uk>
Sent: 08 June 2021 10:48
To: xxxxxxxx@xxxxxxxxxxxxxxxx>
Subject: [] Failed WordPress login attempt by IP 103.209.229.2  

Hello,

12 failed login attempts (3 lockout(s)) from IP 103.209.229.2
Last user attempted: xxxxxxxxxxxx
IP was blocked for 20 minutes

This notification was sent automatically via Limit Login Attempts Reloaded Plugin. This is installed on your disabledentrepreneur.uk WordPress site. Please login to your WordPress dashboard to view more info.

Under Attack? Try our advanced protection. Have Questions? Visit our help section.


Unsubscribe from these notifications.

#domaintheft #domaintheives #hackers #hacking #cybercrime #cybertheft #cybersecurity #domainguard

How to spot a dodgy email.

How to spot dodgy emails.

I have never thought too much about it until one of my clients forwarded me an email he had received from a person supposedly trying to steal my business. I had to look twice and realised that the entity was actually referring to an old domain my client had until it was stolen and cybersquatted.

You can view the cyber-squatted domain here: www.firstphaseelectricalwales.co.uk you will find it points to a clothing site yet again.

You can ready the whole three part cybersqualtting incident here:

Futhermore the domain supposedly changed hands in July of this year but my client is still getting emails this tells me the same entity is still using the domain name and still has my client’s data. Had the domain really have gone to a thirdparty they would not have had access to my clients data or email address. My client’s email that he received today was to his gmail email not his company email meaning how would the new owner know about my clients gmail email unless they were one and the same entity?

So when you open these emails two things that can happen if you reply to such emails they could either be malware infected and will be embed on your computer or you may get lots of spam messages whereby the sender will be then able to use your email address and spam other people.

Another way cyber criminals work is by using undisclosed email addresses this way they can send bulk emails. An undisclosed email may be used if you previously have had an email subscription and your email has be leaked or sold to a thirdparty that may then want to send out spam emails in bulk.

This goes against your privacy protection and you have to remember that email lists are worth a lot of money to some people so it stands to reason that they can be sold and misused.

How to spot a dodgy email.

This is an actual email I received to my private email account.

Apple know how to spell and they use their company name to send out information.

Check For Misspellings

The first and most obvious tip-off is misspellings. In the header above, the name of the company is spelled incorrectly, and the likelihood that a big corporation would misspell its own name is pretty unlikely.

Also look out for subdomain names such as info@subdomain.company.com No legitimate company would send out emails from their subdomain. Subdomains are the extension to a the originators website and are mainly used for blogs: https://ukdomainbrokers.ukwebsitedesigners.co.uk/

So for all intent and puposes the above is an example of my sub domain and I would not send out an email from info@ukdomainbrokers.ukwebsitedesigners.co.uk. I would however send one out from info@ukwebsitedesigners.co.uk

IP Address

Another quick trick is to look up the IP address the message came from. If it’s in a different country than the company, it’s probably fake.

Received From

The “Received” line tells you where the email originated from. If the email is actually from who it says it’s from, it would probably come from the company’s website. In the email above, the website the email came from has nothing to do with the company it says it’s from. If however the email mimicks your email the sender is hiding their identity.

Reply To

Same goes for the “Reply To” field. You can tell the email address has been spoofed because the “Reply To” address doesn’t match the “From” address.

Spoofing:

Email spoofing the process of disguising the original senders identity by creating email messages with a forged sender email address. The core email protocols do not have any mechanism for authentication, making it common for spam and phishing emails to use such spoofing to mislead or even prank the recipient about the origin of the message.

Final Notes.

Always check the recipients email. If you do not know or were not expecting anything from anyone DO NOT OPEN EMAIL ATTACHMENTS.

If you get emails from web designer telling you your website is s##t do ask your current web designers to send an audit report of your website. Also if the sender is sending you an email from a gmail, hotmail or msn account without a company signature in the footer of the email this is reason for alarm bells to ring.

DO NOT USE OFFSHORE WEBSITE DESIGNERS.

SUPPORT LOCAL BUSINESSES!

Do not reply to anyone that has a suspicious email address, especially if it is a long thread of letters and numbers that do not resemble a person or company.

Always check email addresses from the sender.

Lastly always mark emails that have landed in your inbox as ‘report phishing’ rather than simply deleting them as the email client will block this email from their servers to stop other people falling victim.

Scam Alert Domain Name Phishing

Cyber Crime.

Scam Email to attempt cyber theft of my domain name.

Cyber crime is rife at the moment not just with domain theft but scammers doing everything they can to extract money from less fortunate people.

Yesterday I wrote a post on my other blog https://marketingagency.cymrumarketing.com/2020/11/03/scam-alert-letter/ about a Scam Letter I received from a banker, by coincidence an unrelated to the email I also wrote about a banker betting $5 Million Dollars on Donald Trump winning the election.

I named and shamed this person whom sent me the email whom most probably is not even using their real name. So low and behold today I receive another email to a website I own which is a Business Directory and Community Hub for the district in Cardiff UK where I live ‘Roath’.

Now you have to think to yourself how would this keyword be a conflict or beneficial to anyone in China?

The domain is: www.roathlife.com

The email is as follows and when I replied back it bounced, you can come to your own conclusions but I think some one is attempting to scam me and whoever it is has to get up earlier than me to catch me out.

Original Scam Email.

Nick Liu <nick@chinaregistryshanghai.org> 05:35

To  info@roathlife.com

(It’s very urgent, therefore we kindly ask you to forward this email to your CEO. If you believe this has been sent to you in error, please ignore it. Thanks) Dear CEO, This is a formal email. We are the Domain Registration Service company in China. Here I have something to confirm with you. On November 4, 2020, we received an application from Hongxin Ltd requested “roathlife” as their internet keyword and China (CN) domain names (roathlife.cn, roathlife.com.cn, roathlife.net.cn, roathlife.org.cn). But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor in China?   Best Regards

Nick Liu | Service & Operations Manager

China Registry (Head Office)

Tel: +86-02161918696

Fax: +86-02161918697

Mob: +86-13816428671

6012, Xingdi Building, No. 1698 Yishan Road, Shanghai 201103, China

*****************************************

This email contains privileged and confidential information intended for the addressee only. If you are not the intended recipient, please destroy this email and inform the sender immediately. We appreciate you respecting the confidentiality of this information by not disclosing or using the information in this email.

My reply was:

Dear Nick Liu,

My name is Renata Maziak Barnes, I am the legal owner of the said domain names www.roathlife.com and www.roathlife.co.uk.
These domains have been registered and are developed by me. I also own www.ukdomainbrokers.com and specialise with UDRP’s.

Your domain names are on different GEO territories to myself being the owner from the time 2020-03-06 and I have actively developed my sites, therefore  there is no trademark conflict as I was the first person to publicly publish my domains names.

I would suggest your client refrains from registering the domain names because this could cause a problem in future, although I have no intention of ever marketing my business in China.

www.roathlife.cn is not registered and has no whois data

www.roathlife.com.cn is not registered and has not whois data
www.roathlife.net.cn is not registered and has no whois data
www.roathlife.org.cn is not registered and has no whois data

I await your reply at your earliest convenience.

Yours Truly,

Renata Maziak Barnes
Founder
www.roathlife.com
www.roathlife.co.uk
Tel: +44 (0) 7565253529

Mail delivery failed: returning message to sender

Mail Delivery System<mailer-daemon@kundenserver.de>

To  info@roathlife.com

This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more ofits recipients. This is a permanent error. The following address(es)failed:
nick@chinaregistryshanghai.org:SMTP error from remote server for RCPT TO command, host: mx.chinaregistryshanghai.org (199.195.251.131) reason: 550-Rejected because 82.165.159.43 is in a black list at zen.spamhaus.org550 https://www.spamhaus.org/sbl/query/SBL275660

— The header of the original message is following. —
Received: from oxbsltgw54.schlund.de ([172.19.249.7]) by  mrelayeu.kundenserver.de (mreue106 [213.165.67.115]) with ESMTPSA (Nemesis)  id 1MnItm-1jtEYQ3Htc-00jJDA for <nick@chinaregistryshanghai.org>; Wed, 04 Nov  2020 14:09:54 +0100Date: Wed, 4 Nov 2020 13:09:53 +0000 (GMT)From: info <info@roathlife.com>To: Nick Liu <nick@chinaregistryshanghai.org>Message-ID: <439891402.17398.1604495393295@email.ionos.co.uk>In-Reply-To: <202011041335263262056@chinaregistryshanghai.org>References: <202011041335263262056@chinaregistryshanghai.org>Subject: Re: roathlifeMIME-Version: 1.0Content-Type: multipart/related; boundary=”—-=_Part_17396_1939878953.1604495393253″X-Priority: 3Importance: NormalX-Mailer: Open-Xchange Mailer v7.10.3-Rev26X-Originating-Client: open-xchange-appsuiteX-Provags-ID: V03:K1:0iM3qWu96k7+nm6+4FH27tKPwLRBi3asRo6IkltspIx3TiUD8kb  64Uvu0jRQatF1oh4vDfkRIqu/dq6NyeeDKKZXgjPLwi3RTMcoCU6+tQ/oULYFxnptlDS3oS  IlPnkssjWtzaXo3GN5ANdoR8YOAFSgjH7j7v7yiwWdYUG6l3EGRySxCDl5dFixgSGqCZFZc  7KMuQNqSZjTIl6nphFPyA==X-Spam-Flag: YESX-UI-Out-Filterresults: junk:10;V03:K0:dkv51dmL+xI=:uYemXnJzgY5oUhy06auNt9z0  /s6XKe4ewOfXuhxlYsCuQnjZQZ8rRyx3d9vm8um4MQVT2TCP40TEZLgS+hlkJ7zOGoNigfUsO  /uxX0VlvP1Y2598VU7SFDa71yNpiYn57pI+0NRWuxMDVxzXftUBgs9OWRrR2YcRpBBBLAc4OL  uQE+bUIjVqcX7gI9Ht/2gH/HmgicgKTL7IRwiJmPzRin6agRweednEeaGngyVgz1hFNU/JwWe  aFqNNvU0Q+2UHmAdKte0AlLqugU/30/GG++dkm//fmctpH/2xvAOMmWRH3UMEjaQybSFNEGIv  rVSrzn+pPorxI8nsm5NaMKHrKhFiP4kZ3xt/yT8fY9Tc/b6BOBTtFT41i5RNa/cP14dDxlVG/  Grj3D5HVH4qNOjgzjPEcQFhvViI8WGsQFX+gLi1NC7E/EIpaWoXFI3YD4oL0ihfpC/JoCsPL3  /SLhxA6S4CWKkdsFvBSQfJNSddtAnxDwjcsy+RS5YEGl4i6nIqqFkNTeFeiU7lMpeE1I85/AN  uc79t8O70Dx02z5zhq2c=