1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How did they find my WhoIs protected info on PBN domain?

Discussion in 'Black Hat SEO' started by Lares, May 12, 2016.

  1. Lares

    Lares Junior Member

    Joined:
    Jun 27, 2011
    Messages:
    190
    Likes Received:
    74
    So just got this mail today in my spam folder. I use this domain for my PBN. Obviously its a scam, but i cannot figure it out how they got my name and email address. The domain was registered in 2014 with namecheap with whoisguard enabled. I never disabled it, and domaintools still show all my data hidden.

    I tried to google my name + domain and my email + domain and nothing shows.

    I dont think it was send to the whois protected mail that forwards it to my email either or it would say so.

    Any ideas how could they find my mail and name?

    What worries me is if someone could so easily find my name and mail with whois protection, then google can find it too...


    Code:
    From: Domain Notice <[email protected]>
    Sent: Thursday, May 12, 2016 5:10 AM
    To: MY NAME
    Subject: Domain Notification for xxxxxxxx.com : This is your Final Notice of Domain Listing
    
    Attention: Important Notice , DOMAIN SERVICE NOTICE
    Domain Name:  xxxxxxxx.com
    
    ATT: MY NAME
    xxxxxxxx.com
    Response Requested By
    13 / May. - 2016
    
    PART I: REVIEW NOTICE
    
    Attn: MY NAME
    As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it's time to send in your registration.
    Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.
    Privatization allows the consumer a choice when registering. Search engine registration includes domain name search engine submission. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.
    This Notice for: xxxxxxxx.com will expire at 11:59PM EST, 13 - May. - 2016 Act now!
    
    Select Package:
    http://domainssubmit.com/?domain=xxxxxxxx.com
    
    Payment by Credit/Debit Card
    
    Select the term using the link above by 13 - May. - 2016
    http://xxxxxxxx.com
     
  2. gundamwing

    gundamwing Supreme Member

    Joined:
    Sep 18, 2008
    Messages:
    1,282
    Likes Received:
    916
    i get those email alot, maybe they scan your hosting --> whois each domain-- grab email and blast..
    thats why many that email goes to spam folder
     
    • Thanks Thanks x 1
  3. ChrisX

    ChrisX Jr. VIP Jr. VIP

    Joined:
    Oct 8, 2011
    Messages:
    284
    Likes Received:
    141
    Gender:
    Male
    Home Page:
    Any chance a different company had your name/email/domain and leaked it (or got hacked)?

    The whois is protected though.
     
  4. Lares

    Lares Junior Member

    Joined:
    Jun 27, 2011
    Messages:
    190
    Likes Received:
    74
    Its hosted with m2host.com. They are the only one who know the domain, mail and my name. So unless they got hacked, or they are the one sending those emails i cant think of anything better..
     
  5. Ch3Mik

    Ch3Mik Registered Member

    Joined:
    Apr 10, 2015
    Messages:
    99
    Likes Received:
    111
    Occupation:
    Survivor
    Location:
    Spain
    • Thanks Thanks x 2
  6. TayaX

    TayaX Jr. VIP Jr. VIP

    Joined:
    Dec 13, 2010
    Messages:
    3,533
    Likes Received:
    1,979
    Occupation:
    Skype : TayaxBHW
    Location:
    France
    Home Page:
    100% accurate. When building a PBN, make sure you never use your email with the hosting company, create a new one.
     
    • Thanks Thanks x 1
  7. yasburrows

    yasburrows Regular Member

    Joined:
    Dec 31, 2012
    Messages:
    229
    Likes Received:
    52
    Got spammed "to death" once I bought a domain from names.co.uk and another from namecheap. Same stupid, crappy e-mails as you got which I almost "fell for" first time.
     
  8. facebook fans

    facebook fans Junior Member

    Joined:
    Jun 15, 2013
    Messages:
    194
    Likes Received:
    44
    the company you bought the domain from must be selling the email address and domain names that have been registered. i got spammed thye following day of purchasing 6 domain names from godaddy
     
  9. tb303

    tb303 Senior Member

    Joined:
    Dec 18, 2011
    Messages:
    850
    Likes Received:
    539
    I get a lot of spam to whoisguard protected domains. They just email the ****@whoisguard.com address in the whois record (you can check this usually by examining the headers)...but they are usually just addressed to "webmaster".
    The fact they used your own name must be either someone sold on your details or its a data breach somewhere!

    AFAIK, SOA record should show the contact email of the server administrator ie your host.

    Some hosts ask for an "abuse" email when you sign up. Remember this is not protected by domain privacy! I always use [email protected] to keep things separate there.
     
    • Thanks Thanks x 1
  10. accelerator_dd

    accelerator_dd Jr. VIP Jr. VIP

    Joined:
    May 14, 2010
    Messages:
    2,448
    Likes Received:
    1,010
    Occupation:
    SEO
    Location:
    IM Wonderland
    That is weird for sure. Whois doesn't show your info, that is for sure. Maybe a different domain on the same IP that wasn't whois hidden?
     
  11. Ch3Mik

    Ch3Mik Registered Member

    Joined:
    Apr 10, 2015
    Messages:
    99
    Likes Received:
    111
    Occupation:
    Survivor
    Location:
    Spain
  12. Lares

    Lares Junior Member

    Joined:
    Jun 27, 2011
    Messages:
    190
    Likes Received:
    74
    Very good info. But seems this is not case here. Some other email there from the host.


    Already tried to send to my whoisguard email from my other mail, and yes its shows different in header. So it was send directly to my mail.


    I have just 1 domain hosted there. They don't allow more. And its shared hosting, so many other domains are on same IP.

    I guess there must have been some data breach with host. It happened before twice already with some other host and other domains. They sent emails about it. God knows how many times it happens and they never reveal. I have no other idea.
     
  13. starki

    starki Power Member

    Joined:
    Jul 17, 2012
    Messages:
    710
    Likes Received:
    233
    Just read "WHOIS Running the Internet: Protocol, Policy, and Privacy" by Garth O. Bruen. Or do some research on EIG and ResellerClub from India. You'll quickly find out that a huge part of the net is controlled by just a few companies all connected in some way, plus a bunch of resellers. Assuming that data doesn't leak somewhere is an illusion in my opinion.
     
  14. umerjutt00

    umerjutt00 Jr. VIP Jr. VIP

    Joined:
    Oct 28, 2011
    Messages:
    3,908
    Likes Received:
    2,168
    Occupation:
    Ninja
    They send the email @whoisguard.com (the email which namecheap shows if you have whois privacy enabled). It then forwards the mail to your email address.
     
  15. Fatih Yavuz

    Fatih Yavuz Newbie

    Joined:
    Aug 1, 2016
    Messages:
    3
    Likes Received:
    0
    Gender:
    Male
    Have you experienced any problem because your domains are who is protected? You saidsomeone could so easily find your name and mail. Did it affect your sites' seo?
     
  16. mbreezy

    mbreezy Jr. VIP Jr. VIP

    Joined:
    Jun 27, 2012
    Messages:
    495
    Likes Received:
    163
    Some other registrar info like host ip or something could be tied to your email from some domains that aren't private.

    Try domainbigdata.com