question I'm an idiot. Anyone got this email lately? Did I get hacked?

[WhoaDomain.com]

Hello.

I received this email recently.

It came soon after I ordered a transfer from Dotster to LCN.

the link looked legit enough.

"Transfer" <[email protected]>

Attention: [email protected]

Re: Transfer of #%!#%vr.com

Domain.com received notification on Thu Nov 30 14:26:59 2017 that you have requested a transfer to another domain name registrar.

If you want to proceed with this transfer, you do not need to respond to this message.

If you wish to cancel the transfer, please contact us before Tue Dec 5 14:26:59 2017 by going to our website,

transfers.domain.com/?away=1&domain=%^!#%!#vr.com&id=^#%^%!#%^!#% to confirm.

You may need to enter the following information to accept or decline the transfer:

Domain Name: xxxcamvr.com
Transfer Key: ^#^%!#%^!

If we do not hear from you by Tue Dec 5 14:26:59 2017, the transfer will proceed.



my dumdass clicked that link and it took my to a page the looked legit enough. I had ticked the box that said accept.

and hit submit.


The thing is the domain is in my account over at LCN now. do I need to worry that it will get transferred out?

what that hell was that whole crap of ticking the box for Accept or Deny?

what was the purpose of this kind of email?

contacted Dotster and showed them the email and they said they are not associated with that email address.

how the hell did whoever sent me this email know exactly when I was doing a transfer for a domain to be emailing me that fast?

is my pc compromised? is LCN compromised? or is Dotster compromised?

did a whois on the email address and got this.

DOMAIN INFORMATION
Domain:
ns-not-in-service.com

Registrar:
Tucows Domains Inc.

Registration Date:
2002-01-18

Expiration Date:
2018-01-18

Updated Date:
2016-12-20

Status:
clientTransferProhibited
clientUpdateProhibited

Name Servers:
ns1.systemdns.com
ns2.systemdns.com
ns3.systemdns.com

REGISTRANT CONTACT
Name:
Tucows Inc.

Organization:
Tucows Inc.

Street:
96 Mowat Ave

City:
Toronto

State:
ON

Postal Code:
M6K 3M1

Country:
CA

Phone:
+1.4165350123

Email:

@tucows.com

ADMINISTRATIVE CONTACT
Name:
Tucows Inc.

Organization:
Tucows Inc.

Street:
96 Mowat Ave

City:
Toronto

State:
ON

Postal Code:
M6K 3M1

Country:
CA

Phone:
+1.4165350123

Email:

@tucows.com

TECHNICAL CONTACT
Name:
Tucows Inc.

Organization:
Tucows Inc.

Street:
96 Mowat Ave

City:
Toronto

State:
ON

Postal Code:
M6K 3M1

Country:
CA

Phone:
+1.4165350123

Email:

@tucows.com

RAW WHOIS DATA
Domain Name: NS-NOT-IN-SERVICE.COM
Domain ID: 82722666_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2016-12-20T04:58:12Z
Creation Date: 2002-01-18T17:02:44Z
Registrar Registration Expiration Date: 2018-01-18T17:02:44Z
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Tucows Inc.
Registrant Organization: Tucows Inc.
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M6K 3M1
Registrant Country: CA
Registrant Phone: +1.4165350123
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:

@tucows.com
Registry Admin ID:
Admin Name: Tucows Inc.
Admin Organization: Tucows Inc.
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M6K 3M1
Admin Country: CA
Admin Phone: +1.4165350123
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:

@tucows.com
Registry Tech ID:
Tech Name: Tucows Inc.
Tech Organization: Tucows Inc.
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M6K 3M1
Tech Country: CA
Tech Phone: +1.4165350123
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:

@tucows.com
Name Server: NS1.SYSTEMDNS.COM
Name Server: NS2.SYSTEMDNS.COM
Name Server: NS3.SYSTEMDNS.COM
DNSSEC: unsigned
Registrar Abuse Contact Email:

@tucows.com
Registrar Abuse Contact Phone: +1.4165350123
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2016-12-20T04:58:12Z <<<



so what's going on here NP? the link had the transfer key in it. so I didn't have to enter the auth code key.

so technically because I ticked the ACCEPT box the transfer key was already given in the link that I clicked?

This is some scary stuff man.

I was really tired and sleepy at the time wasn't really paying attention. what an idiot.

so should I worry? I mean the domain is in my LCN account.

thing is. after I did other transfers over at LCN coming from dotster. soon as I entered the auth codes

I started to get the same emails over and over again.

what the hell? like 10 of them.

 

[karmaco]

I’d make sure the lock was in place with the register. If you did not do transfers why did you click it? One way to find info is if you had privacy and lifted it it would show your email. The other info no clue.

Never ever click anything your not sure of. When your sure the domain is safe initiate your transfer again.

 

[karmaco]

When I transfer I get emails from the receiving register and emails from the losing register. The losing register is not replied to unless you wish to cancel.

 

[Jurgen Wolf]

Yes...
You should approve the transfer via email-link from the losing and from the gaining registrar...

 

[Jurgen Wolf]

Dotster/Domain.com - they both can act as Reseller of TUCOWS...

 

[Jurgen Wolf]

Your domain has been successfully transferred to LCN.
Just update nameservers...

 

[Silentptnr]

I got one today too! Almost got me. It was like I was approving the transfer of a domain to Uniregistry that I didn't initiate. I almost fell for it.

I checked my database and found that my domain was actually at GD. I checked both my GD and Uniregistry and they were fine.

I didn't click anything in the email. I did think...is someone trying to steal one of my domains. The email was well done and looked official. I hovered the links and they even looked legit.

Just awful.

 

[WhoaDomain.com]

so ok am I F**ked? or what? so all I did was tick the box for accept. and click submit. if this was some kind of domain hijacking attempt.

can someone give me worse case scenario?

I mean the domain is in my lcn account now.

transfers.domain.com/?away=1&domain=%^!#%!#vr.com&id=^#%^%!#%^!#%

the last part was the transfer key provided in the email.

it was embedded in the link.so when I clicked. I wasn't asked to input the transfer key since it was already in the link.

was this company trying to catch the transfer before it actually hit my lcn account like they were trying to redirect the transfer mid transfer? but lucky for me the transfer was quick?

could they have maybe redirected the transfer before it landed in my lcn account?

so much to think about for future crap like this to avoid.

I still don't get why or how whoever sent this would KNOW right to the minute that I was doing a transfer?

 

[Silentptnr]

so ok am I F**ked? or what? so all I did was tick the box for accept. and click submit. if this was some kind of domain hijacking attempt.

can someone give me worse case scenario?

I mean the domain is in my lcn account now.

transfers.domain.com/?away=1&domain=%^!#%!#vr.com&id=^#%^%!#%^!#%

the last part was the transfer key provided in the email.

it was embedded in the link.so when I clicked. I wasn't asked to input the transfer key since it was already in the link.

was this company trying to catch the transfer before it actually hit my lcn account like they were trying to redirect the transfer mid transfer? but lucky for me the transfer was quick?

could they have maybe redirected the transfer before it landed in my lcn account?

so much to think about for future crap like this to avoid.

I still don't get why or how whoever sent this would KNOW right to the minute that I was doing a transfer?

You have to understand that "clicking a link" can do a lot. They could have put malware in your computer or many other things. I can't tell you exactly what they did, but I hope you have good antivirus, etc on your computer.

 

[Jurgen Wolf]

Dotster/Domain.com - they both can act as Reseller of TUCOWS...

No any hacking here...
You got the absolutely legit email from the losing registrar (TUCOWS)...
Look in WHOIS that you posted here... that domain is from the own corporate portfolio of TUCOWS...

Thread is about nothing!

 

[WhoaDomain.com]

I’d make sure the lock was in place with the register. If you did not do transfers why did you click it? One way to find info is if you had privacy and lifted it it would show your email. The other info no clue.

Never ever click anything your not sure of. When your sure the domain is safe initiate your transfer again.

no i did just one transfer for this one domain. then all of a sudden got email from that email address in my inbox. I guess i didn't think nothing of it because it was instant. and mentioned the domain.

and had that domain.com link.

but that email is using a domain that's been registered since 2002?

is that a legit Tucows email then? I'm gonna call them tomorrow about this. Dotster live chat say it's not theirs. they tried to blame it on LCN saying it's lcn sending the email.
It happens as soon as I input the auth codes from Dotster to LCN for transfer confirmation.

usually you get this kind of email from Cheapdomain or name.com asking you to accept a transfer. which is good for me because I do transfers last minute.

 

[WhoaDomain.com]

No any hacking here...
You got the absolutely legit email from the losing registrar (TUCOWS)...
Look in WHOIS that you posted here... that domain is from the own corporate portolio of TUCOWS...

Thread is about nothing!

Thanks. I'm relieved. reason I panicked was well the Dotster live chat rep said they don't recognized. that email.

that's when I panicked.

and then googled the email address and got that.

https://www.google.com/search?ei=WB.....0...1.1.64.psy-ab..0.1.173....0.yY4KXAnhi7o



first thing you see on that search results is. this.

Unauthorized domain transfer? - Dyn Community Forum
https://www.dyncommunity.com/questions/16939/unauthorized-domain-transfer.html
May 29, 2011 - 6 posts - ‎3 authors
I've been a happy DynDNS user for years. Today, out of the blue I received an email [email protected] stating that I had requested a Domain Transfer. Sure enough, I login to my DynDNS account and it shows the domain transfer in a state of pending. I did not request or authorize ...

 

[WhoaDomain.com]

also the email gave a transfer key that was different from the one Dotster game me.

 

[Jurgen Wolf]

Their LiveChat is outsourced to Indians...
Probably, that representative is just incompetent...

If you have any concerns regarding ns-not-in-service.com - just email to

@tucows.com and recheck with their team...

 

[Jurgen Wolf]

Domain/Dotster are 100% resellers of TUCOWS... for many years!

 

[Jurgen Wolf]

Something like NameCheap which has own accreditation but even still they are reselling eNom...

 

[WhoaDomain.com]

what sucks is the last 6-9 domains I started transfers for and put in the auth codes. I got emails from this same email address for those transfers.I panicked and sent them to spam folder and then trashed them all.

now I can't speed up the transfer for those. damnit.

 

[Kuffy]

.com transfers are pretty routine, but some of the other registries can kick out some different transfer alerts. I had to look twice at the stuff that cane in for transferring my first xyz name.

 

[Cdomains]

Why would you click a link to approve a transfer you did not start yourself?

If you did not initiate a transfer you would not receive any email from a registrar.

Never, ever, ever click a link in any email.

I never click links in emails, instead I go to the site itself and see what is happening.

Even the most legit looking emails can be Phishing attempts.

Clicking on a link in an email, and even in some case just opening an email with HTML can get you.

This is why I try to only download email headers and if I don't know the sender or I am not expecting the email I will not download the whole email and delete the email after seeing just the header.

 

[xynames]

Much Ado About Nothing.