How did they find my WhoIs protected info on PBN domain?

Lares

Regular Member
Joined
Jun 27, 2011
Messages
209
Reaction score
80
So just got this mail today in my spam folder. I use this domain for my PBN. Obviously its a scam, but i cannot figure it out how they got my name and email address. The domain was registered in 2014 with namecheap with whoisguard enabled. I never disabled it, and domaintools still show all my data hidden.

I tried to google my name + domain and my email + domain and nothing shows.

I dont think it was send to the whois protected mail that forwards it to my email either or it would say so.

Any ideas how could they find my mail and name?

What worries me is if someone could so easily find my name and mail with whois protection, then google can find it too...


Code:
From: Domain Notice <[email protected]>
Sent: Thursday, May 12, 2016 5:10 AM
To: MY NAME
Subject: Domain Notification for xxxxxxxx.com : This is your Final Notice of Domain Listing

Attention: Important Notice , DOMAIN SERVICE NOTICE
Domain Name:  xxxxxxxx.com

ATT: MY NAME
xxxxxxxx.com
Response Requested By
13 / May. - 2016

PART I: REVIEW NOTICE

Attn: MY NAME
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it's time to send in your registration.
Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.
Privatization allows the consumer a choice when registering. Search engine registration includes domain name search engine submission. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.
This Notice for: xxxxxxxx.com will expire at 11:59PM EST, 13 - May. - 2016 Act now!

Select Package:
http://domainssubmit.com/?domain=xxxxxxxx.com

Payment by Credit/Debit Card

Select the term using the link above by 13 - May. - 2016
http://xxxxxxxx.com
 
i get those email alot, maybe they scan your hosting --> whois each domain-- grab email and blast..
thats why many that email goes to spam folder
 
Any chance a different company had your name/email/domain and leaked it (or got hacked)?

i get those email alot, maybe they scan your hosting --> whois each domain-- grab email and blast..
thats why many that email goes to spam folder

The whois is protected though.
 
Its hosted with m2host.com. They are the only one who know the domain, mail and my name. So unless they got hacked, or they are the one sending those emails i cant think of anything better..
 
Got spammed "to death" once I bought a domain from names.co.uk and another from namecheap. Same stupid, crappy e-mails as you got which I almost "fell for" first time.
 
the company you bought the domain from must be selling the email address and domain names that have been registered. i got spammed thye following day of purchasing 6 domain names from godaddy
 
I get a lot of spam to whoisguard protected domains. They just email the ****@whoisguard.com address in the whois record (you can check this usually by examining the headers)...but they are usually just addressed to "webmaster".
The fact they used your own name must be either someone sold on your details or its a data breach somewhere!

AFAIK, SOA record should show the contact email of the server administrator ie your host.

Some hosts ask for an "abuse" email when you sign up. Remember this is not protected by domain privacy! I always use [email protected] to keep things separate there.
 
That is weird for sure. Whois doesn't show your info, that is for sure. Maybe a different domain on the same IP that wasn't whois hidden?
 
Take a look here: http://mxtoolbox.com/SOALookup.aspx

SOA stands for "Start of Authority", and some hostings will put your email as SOA record.

If you are using cPanel and your hosting supports this function, take a look at "Edit DNS Zone": https://documentation.cpanel.net/display/ALD/Edit+DNS+Zone

You should be able to see that info there :)

Very good info. But seems this is not case here. Some other email there from the host.

I get a lot of spam to whoisguard protected domains. They just email the ****@whoisguard.com address in the whois record (you can check this usually by examining the headers)...but they are usually just addressed to "webmaster".
The fact they used your own name must be either someone sold on your details or its a data breach somewhere!

AFAIK, SOA record should show the contact email of the server administrator ie your host.

Some hosts ask for an "abuse" email when you sign up. Remember this is not protected by domain privacy! I always use [email protected] to keep things separate there.


Already tried to send to my whoisguard email from my other mail, and yes its shows different in header. So it was send directly to my mail.


That is weird for sure. Whois doesn't show your info, that is for sure. Maybe a different domain on the same IP that wasn't whois hidden?

I have just 1 domain hosted there. They don't allow more. And its shared hosting, so many other domains are on same IP.

I guess there must have been some data breach with host. It happened before twice already with some other host and other domains. They sent emails about it. God knows how many times it happens and they never reveal. I have no other idea.
 
Just read "WHOIS Running the Internet: Protocol, Policy, and Privacy" by Garth O. Bruen. Or do some research on EIG and ResellerClub from India. You'll quickly find out that a huge part of the net is controlled by just a few companies all connected in some way, plus a bunch of resellers. Assuming that data doesn't leak somewhere is an illusion in my opinion.
 
They send the email @whoisguard.com (the email which namecheap shows if you have whois privacy enabled). It then forwards the mail to your email address.
 
Have you experienced any problem because your domains are who is protected? You saidsomeone could so easily find your name and mail. Did it affect your sites' seo?
 
Some other registrar info like host ip or something could be tied to your email from some domains that aren't private.

Try domainbigdata.com
 
Back
Top