Domain Name Threat
If you feel your domain is under threat contact your domain registrar asap.
- Your domain registrar—Your registrar is the company from which you bought the domain. Contact them as soon as your domain gets hijacked and tell them you didn’t initiate the ownership transfer request. …
- ICANN―Contact ICANN regarding your domain name hijacking. But be warned, their experts might ask you for documentation, i.e., proof that you are the rightful owner of the domain.
I received an email from an entity which I forwarded to my registrar www.one.com
I am calling on all domain name detectives to try and help me find the owner of www.0ne.com, NOT www.one.com because someone is impersonating the registrar www.one.com and has sent me an email to me, masking their identity, trying to steal my domain name or put a virus on my computer.
I have reported and forwarded the email to the registrar ONE.COM for further investigation and have captured the email source which means nothing if this is a hacker, as there are ways to hide their identity. I would like to reach out to the owner of www.0ne.com (it’s a number, not a letter) to see if they can shed some light on this. They even used an email address that I supposedly own, to send their fraudulent email. Once I get to the bottom of this I will name and shame the entity and report them to the cyber security police (New Scotland Yard, London).
I could simply ignore this but I want to protect the next victim they target. This is not spam email more like phishing or a hacker.
Impersonating a legitimate business is very serious.
It seems a bit of a coincidence that I was unable to log in to my site as the login URL path had been changed about a week ago.
I performed a who is and this is what I found.
0ne.com Domain Information
Domain: 0ne.com
Registrar: DropCatch.com 565 LLC
Registered On: 2020-07-13
Expires On: 2023-07-13
Updated On: 2022-07-02
Status: clientTransferProhibited
Name Servers: ns1.dan.com ns2.dan.com
Registrant Contact Name: Stan N
Street: Dneprovska nab 26a
City: Kiev
State: Ky?vs’ka Oblast’
Postal Code: 02068
Country: UA
Phone: +380.666266666
Email:
@Ymail.com
Administrative Contact Name: Stan N
Street: Dneprovska nab 26a
City: Kiev
State: Ky?vs’ka Oblast’
Postal Code: 02068
Country: UA
Phone: +380.666266666
Email:
@Ymail.com
Technical Contact Name: Stan N
Street: Dneprovska nab 26a
City: Kiev
State: Ky?vs’ka Oblast’
Postal Code: 02068
Country: UA
Phone: +380.666266666
Email:
@Ymail.com
Raw Whois Data
Domain Name: 0Ne.com Registry Domain ID: 2545811224_DOMAIN_COM-VRSN Registrar WHOIS server: whois.NameBright.com Registrar URL: http://www.NameBright.com Updated Date: 2021-04-07T00:00:00.000Z Creation Date: 2020-07-13T18:23:55.000Z Registrar Registration Expiration Date: 2023-07-13T00:00:00.000Z Registrar: DropCatch.com 565 LLC Registrar IANA ID: 2045 Registrar Abuse Contact Email:@NameBright.com Registrar Abuse Contact Phone: +1.7204960020 Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Not Available From Registry Registrant Name: Stan N Registrant Organization: Registrant Street: Dneprovska nab 26a Registrant City: Kiev Registrant State/Province: Ky?vs'ka Oblast' Registrant Postal Code: 02068 Registrant Country: UA Registrant Phone: +380.666266666 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email:
Email Source
EMAIL-SOURCEHelp From LinkedIn
I posted on LinkedIn and my post went viral. I have since had the following information given to me:
The hosted services are running from:
It is hosted by: Amazon Technologies Inc.
WHOIS information: Click here
Organization name: AWS EC2 (eu-central-1)
IP address: 3.64.163.50
AS(autonomous system) number and organization: AS16509 Amazon.com, Inc.
AS name: AMAZON-02
Reverse DNS of the IP: ec2-3-64-163-50.eu-central-1.compute.amazonaws.com
City: Frankfurt am Main
Country: Germany
So. there are some AWS instances running on this domain in Germany. Deep diving into some open port scans I can also see common ports open used to run “Bad Bots”
Contact – https://support.aws.amazon.com/#/contacts/report-abuse
Note From The Editor
I will update this post in due course when I get a response from the registrar www.one.com
I have started a chat and this is what transpired:
| Chat started on 15 Jan 2023, 03:24 PM (GMT+0) | |
| (03:24:05) | *** RENATA MAZIAK joined the chat *** |
| (03:24:05) | RENATA MAZIAK To whom it may concern, I am getting tired of the SLOW RESPONSE I am getting. Please scroll to read the thread. On top of this, I wanted to know how to get a CSV file for all the inventory (products) of a shop namely xxxxxxxxxxx, and what does Mareze do? she only gives me a guide on how to export orders. (not quite the same) lol and omg. I am getting sick and tired of the extremely slow response and also I still want to know how to separate the WordPress site from my sub-domain DON NOT GIVE ME TUTORIALS. I have attempted to do it through FTP and it does not migrate. I was told by someone in one.com I cannot separate the subdomain I need answers. I AM GETTING SICK AND TIRED OF THE POOR SERVICE THIS COMPANY IS PROVIDING. You really do not want me to rant on LinkedIn. From: Renata M Barnes <renatamaziak@msn.com> Sent: 13 January 2023 00:45 To: one.com team <support@one.com> Subject: Re[2]: Conversation with RENATA MAZIAK Dear Mareze, With reference to my setting up a new database and migrating the subdomain, it is not possible. It is not an error message per~se it just will not migrate. I have another issue I think there is an attempt for my domain www.cymrumarketing.com to be hijacked, the very same domain I could not log in to the other day. I forwarded an email I received to support an hour or so ago and wrote a post about it on my other site: YOU NEED TO READ THIS https://ukdomainbrokers.ukwebsitedesigners.co.uk/domain-name-threat/ I need to be assured my domain and my site is safe. I want to speak with a human. |
| (03:24:08) | *** Support Robot joined the chat *** |
| (03:24:08) | Support Robot Hi RENATA MAZIAK! Welcome to one.com customer support. |
| (03:24:14) | Support Robot What kind of WordPress issue does it concern? |
| (03:24:20) | RENATA MAZIAK 4: None of the above |
| (03:24:42) | RENATA MAZIAK I want to speak with a human |
| (03:24:51) | Support Robot May I know the email address or domain name, please? |
| (03:24:51) | Support Robot Alright, I will now transfer you to a human supporter who will help you further. |
| (03:24:53) | Support Robot I’m sorry to tell you that it’s currently very busy and the waiting time is more than 10 minutes. |
| (03:24:55) | Support Robot Here is a brief summary of our conversation so my colleague can quickly get an overview. Initial question: To whom it may concern, I am getting tired of the SLOW RESPONSE I am getting. Please scroll to read the thread. On top of this, I wanted to know how to get a CSV file for all the inventory (products) of a shop namely xxxxxxxxxxxx, and what does Mareze do? she only gives me a guide on how to export orders. (not quite the same) lol and omg. I am getting sick and tired of the extremely slow response and also I still want to know how to separate the WordPress site from my sub-domain DON NOT GIVE ME TUTORIALS. I have attempted to do it through FTP and it does not migrate. I was told by someone in one.com I cannot separate the subdomain I need answers. I AM GETTING SICK AND TIRED OF THE POOR SERVICE THIS COMPANY IS PROVIDING. You really do not want me to rant on LinkedIn. From: Renata M Barnes Sent: 13 January 2023 00:45 To: one.com team <support@one.com> Subject: Re[2]: Conversation with RENATA MAZIAK Dear Mareze, With reference to my setting up a new Domain: teainfusions.co.uk |
| (03:24:56) | *** Support Robot has transferred chat to English Support *** |
| (03:26:09) | RENATA MAZIAK I have sent a few emails and have not hand any response |
| (03:26:45) | RENATA MAZIAK Hello is anyone there? |
| (03:26:58) | Automatic message Thank you for your patience. Waiting times are currently longer than normal. Please hold on and we will be with you as soon as possible or feel free to send an email via https://www.one.com/en/support |
| (03:56:43) | *** Karen joined the chat *** |
| (03:56:44) | *** Support Robot left the chat *** |
| (03:56:53) | Karen You have to reach one.com online support! This is Karen. Thank you for the information you have provided. Please bear with me while I go through it quickly, and I will be with you shortly. |
| (03:57:09) | RENATA MAZIAK Hi |
| (04:04:57) | Karen Hello there. I am still checking the account and thread. Please continue to hold. |
| (04:05:08) | RENATA MAZIAK ok |
| (04:05:14) | Karen Thanks. |
| (04:05:20) | RENATA MAZIAK no probs |
| (04:05:36) | Karen 👍🏻 |
| (04:18:04) | Karen By the way regarding the CSV file for the product, there is a way however please note that it will not include image files or/and files that are related to digital products. Are you using a Google Chrome Browser? |
| (04:19:01) | RENATA MAZIAK I have all the browsers. |
| (04:19:30) | RENATA MAZIAK What about my compromised email? |
| (04:20:06) | RENATA MAZIAK Are you going to show me how to get a csv? |
| (04:21:22) | Karen Still checking on it with our Technical team. Yes, please access your shop, and go to products and use Chrome browser |
| (04:21:40) | RENATA MAZIAK and then what? |
| (04:23:55) | Karen Once open, press F12 in your keyboard this will show up and click on the 3 dots: |
| (04:23:55) | Karen Agent uploaded: image.png URL: https://onecomhelp.zendesk.com/attachments/token/3V6i6KHU8sWI7Yp93NOTHbfa2/?name=image.png Type: image/png Size: 24571 |
| (04:24:56) | Karen On the run command, please enter this command: one.application.settings.showUploadCSV(true); |
| (04:24:56) | Karen Agent uploaded: image.png URL: https://onecomhelp.zendesk.com/attachments/token/VSjc2JNrP14DkB1LYmTSvr5VX/?name=image.png Type: image/png Size: 10610 |
| (04:25:06) | Karen Click on enter once done |
| (04:25:20) | RENATA MAZIAK What are you referring to you are making no sense |
| (04:26:02) | Karen Have you followed the instruction above and entered the command? |
| (04:26:09) | RENATA MAZIAK The CSV is on your server not on my computer |
| (04:27:21) | Karen If you follow the instruction above, you will see this button to download the CSV of your products. Notes: The downloaded data doesn’t include product image files and files that are related to digital products. |
| (04:27:21) | Karen Agent uploaded: image.png URL: https://onecomhelp.zendesk.com/attachments/token/EzhaLwFKtARYQd2a2QEU6YDlk/?name=image.png Type: image/png Size: 14598 |
| (04:27:37) | RENATA MAZIAK I never uploaded the inventory, my client did. |
| (04:28:24) | Karen This instruction I provided is how you can get a CSV file of your product on the shop. In this way, you can download it and save it on your device |
| (04:29:22) | RENATA MAZIAK ok, as for my compromised domain name what is happening with that and the email I received form 0ne.com not one.com |
| (04:31:14) | Karen Just to clarify, this is the domain name: cymrumarketing.com that you are referring? |
| (04:31:27) | RENATA MAZIAK yes |
| (04:33:45) | RENATA MAZIAK I also want to seperate the sub-domain from the main domain and back it up to a new directory. |
| (04:37:24) | Karen Regarding with the domain: cymrumarketing.com, it is safe. You can check on a legit whois site https://www.whois.com/whois/cymrumarketing.com It might be a phishing email, and we suggest not clicking any link |
| (04:37:24) | Karen Agent uploaded: image.png URL: https://onecomhelp.zendesk.com/attachments/token/6A6OnBm0MrrGWJuxydbXfxTdt/?name=image.png Type: image/png Size: 39277 |
| (04:39:18) | RENATA MAZIAK Yes I get this and as such have not done so but someone is pretending to be one.com from 0ne.com do you not think this is alarming also I need to separate the sub-domain how do I do this? |
| (04:42:17) | Karen Phishing and scammers technology also evolve, so we just need to be vigilant as once reported they will simply close down the server they are using and open a new one. This was already reported, however, some are hard to trace, especially if they use proxy and VPNs. Regarding the separate subdomain, the email ticket you have is threaded, and I just wanted to make sure the domain you are referring for this. |
| (04:43:29) | RENATA MAZIAK Yes it is the same domain |
| (04:44:22) | Karen cymrumarketing.com, this right? |
| (04:44:28) | RENATA MAZIAK yes |
| (04:44:42) | Karen I am checking the web files. Please hold. |
| (04:44:55) | RENATA MAZIAK https://marketingagency.cymrumarketing.com/ |
| (04:45:26) | RENATA MAZIAK I am away from the computer for 2 mins |
| (04:51:21) | Karen I just wanted to make sure we are on the same page so that I could check this further. You mentioned that you wanted to separate the WordPress site from the subdomain (marketingagency.cymrumarketing.com), may I know where you are planning to move it on and what domain or subdomain? Or may I know what you are trying to achieve, just to be clear? |
| (04:51:27) | Karen Sure. Please take your time. I’ll wait. |
| (04:52:22) | RENATA MAZIAK I want two separate sites. |
| (04:53:16) | RENATA MAZIAK I just want the instruction first of all nothing more. |
| (04:55:39) | Karen I just need to understand what you are trying to achieve or do, so I could provide the exact instruction. Having it as a subdomain (marketingagency.cymrumarketing.com) makes it a different or separate site to your main domain. Unless you will migrate and use the website files of (marketingagency.cymrumarketing.com) to a totally different domain name. |
| (04:58:07) | RENATA MAZIAK For argument’s sake, I want two lots of hosting. I want to host fro the static site cymrumarketing.com and I want to host for the WordPress site to be stand-alone separate and I have another domain name www.cymrujournal.com |
| (04:59:51) | RENATA MAZIAK All I want is the instructions at this stage. I have tried using FTP and have had help from third-party tech engineers who have said it is not possible to migrate my WordPress. |
| (05:02:29) | RENATA MAZIAK are you there? |
| (05:02:59) | Karen Yes, just checking on this. Please hold. |
| (05:03:17) | RENATA MAZIAK ok |
| (05:04:14) | Karen You mentioned that you tried doing this using FTP, may I know the FTP details such as Hostname, and username port did you use? |
| (05:05:18) | Karen Because I check on your SFTP/FTP it is off, and it might be the reason why you cannot do it on SFTP/FTP You can check this on how to activate the SFTP and FTP: |
| (05:05:19) | Karen Agent uploaded: image.png URL: https://onecomhelp.zendesk.com/attachments/token/4Jpi0So6JUlD3SOUaBcmcwaYd/?name=image.png Type: image/png Size: 25567 |
| (05:05:34) | RENATA MAZIAK I used ionos. I do not have the hosting any longer because I dropped it because it did not work.# |
| (05:05:37) | Karen https://help.one.com/hc/en-us/articles/115005588249-How-do-I-activate-SFTP-for-my-web-space- |
| (05:06:45) | Karen Because if you will migrate the website (your subdomain), for example to your domain cymrujournal.com they will need an active SFTP or FTP to connect and migrate the website over |
| (05:07:31) | Karen Once SFTP/FTP is enabled and you already set a password, you can let them try to migrate it using the credential showing on your SFTP or FTP |
| (05:07:34) | RENATA MAZIAK Please give me clear instructions on how to do this or if I was to migrate to WordPress hosting with you would you be able to do it for me? |
| (05:09:17) | RENATA MAZIAK I need the last bit answered and I am then ending the chat would you be able to do it if I purchased new hosting? |
| (05:12:56) | Karen Just to be clear, are you going to migrate the website file of marketingagency.cymrumarketing.com to cymrujournal.com. As I need to know from which website will be migrated and the receiving website so I could provide clear instructions. Please provide me the 1. Migrating from (URL): 2. Migrating to (URL): so we could better understand |
| (05:14:08) | Karen Because if you will ask us for instructions to migration this is what we have: https://help.one.com/hc/en-us/articles/360000029298-Using-1-click-WordPress-migration and https://help.one.com/hc/en-us/articles/115005585969-Move-your-WordPress-site-to-another-domain |
| (05:15:13) | RENATA MAZIAK I am not sure if to drop the hosting for the static site cymrumarketing.com and use this domain for the WordPress site or use the cymrujournal.com domain. I have not made my mind up all I want is instructions. |
| (05:15:35) | RENATA MAZIAK static hosting for a web builder |
| (05:18:17) | Karen This is the instruction we have for migration. https://help.one.com/hc/en-us/articles/360000029298-Using-1-click-WordPress-migration and https://help.one.com/hc/en-us/articles/115005585969-Move-your-WordPress-site-to-another-domain Please note that a website file created on WordPress can be migrated, however, this will not convert it to a website builder platform if that is what you are referring on your last chat. |
| (05:20:39) | RENATA MAZIAK I am not interested in web builder I just want to have two separate sites even if it means buying WordPress hosting from you. You still have not said if I was to do that would you migrate it for me seeing as I am on the managed package |
| (05:23:44) | Karen Yes, we can request our Manage WordPress team for the migration if you will provide them with these details below and if the WordPress or hosting is with us: 1. Migrating from (URL): 2. Migrating to (URL): |
| (05:25:17) | RENATA MAZIAK Ok, thank you. I will make a note of this. I am ending the chat and thanks for your help. |
| (05:25:55) | *** RENATA MAZIAK left the chat *** |
There were three issues I wanted to answer.
- The phishing of my website (now answered).
- The CSV file of a shop was answered and am no closer to downloading it as the instructions did not work, and the images are not downloadable.
- The migration of my WordPress site (semi-answered), avoided giving me the instructions, conveniently.
If you have any information please use the form below to send it to us:
#domaintheft #domainnametheft #cymrumarketing #dan.com #one.com #0ne,com #hacker #phishing #cyberthreat
