IT.COM

advice Domain name theft

Spaceship Spaceship
Watch

BrandEntrance.com

Open 24/7/365Top Member
Impact
2,290
I just discovered that one of my domain names has been stolen (for want of a better word) and I just need to know what to do in this event.

The name was moved from one registrar to another without my permission and is under someone else's name.

The website is under my control and I have left some info there for the IIS (Swedish ICANN Country Reps) to see.

Any advice would be appreciated. I have a site under development there as I stated. This word is a hype word and was recently added to the Official Swedish Dictionary. I don't want to say the name of the site.

I know there are domain registrars here and I would really like to know how they deal with this.
 
Last edited:
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Was "Transfer lock" set on your name?
Try to contact your registrar to see what they say about it
 
2
•••
I know there are domain registrars here

There is only one person that I would contact that is active here and that is Rob from epik...send him a direct message with basic details and he may be able to help.
 
3
•••
Was "Transfer lock" set on your name?
Try to contact your registrar to see what they say about it
My registrar has recently changed owners. The place where the name landed was with a registrar that changed owners. I think it's done to hide as much as possible.

The official data in sweden is that the name was reg'd with the same owner since 2016 but my receipts and info at waybackmachine prove that it redirects to my registrar in sweden and was reg'd the day I said it was. I still have a live site today.

The registrar I had it with says that their data is changed aka someone has changed the logfiles.

I am also a Linux Admin.

----------
The IIS say they can't do anything so this fkr is going to get away with it because the swedish police are not going to investigate this.

Why do the IIS have this mission? The official data is being tampered without any action being done. It goes against the info at waybackmachine and my email receipts which are legal documents in this country.

They are useless.
 
Last edited:
0
•••
There is only one person that I would contact that is active here and that is Rob from epik...send him a direct message with basic details and he may be able to help.
How do I do that?
 
0
•••
Is this how the industry is going to be?

Just let anybody steal a domain, and if they are in Sweden then they get away with it.

How can I complain about this to ICANN? Aren't they the top ones?
Aren't IIS supposed to work proactively to ensure the domaining in Sweden follows rules and regulations with requirements for accountability, routines and a so called paper trail?
 
Last edited:
0
•••
1
•••
As you mentioned IIS I take it you're talking about a ccTLD. Could you pm me the name? And possibly the registrar?

Weird story. Maybe they hacked your account and got the Auth code? You wouldn't need any further approval to move the name if you had the code so that may have happened.

Edit: Also, it might be useful to know exactly when this happened. IIS has complaint procedures set in place (not sure you already followed that route) and there's always the possibility to sue them if it's worth it in terms of value lost.

Edit 2:): I have been dealing with IIS as a registry for as long as I can remember and there has never been any sign of shady practices going on so there must be more to the story. Do keep us posted.
 
Last edited:
1
•••
I can only imagine how stressful this is @jamesall. I am a little confused by situation.
The name was moved from one registrar to another without my permission and is under someone else's name.
In terms of one registrar to another there are amalgamations, buy outs, registrar failures followed by bulk transfer, etc. so that by itself is not necessarily something a registrant can do anything about. However, you say the contacts were changed so it does not list you? That is of course serious. But the following confuse me a bit....
The website is under my control and I have left some info there for the IIS (Swedish ICANN Country Reps) to see.
To me that implies that you can still set the DNS pointing which means you do still control the domain name, or do I misunderstand?

And the name was renewed right? You are not talking about it being lost simply because it expired?

I hope it gets resolved.

Bob
 
Last edited:
1
•••
I can only imagine how stressful this is @jamesall. I am a little confused by situation.
In terms of one registrar to another there are amalgamations, buy outs, registrar failures followed by bulk transfer, etc. so that by itself is not necessarily something a registrant can do anything about. However, you say the contacts were changed so it does not list you? That is of course serious. But the following confuse me a bit....

To me that implies that you can still set the DNS pointing which means you do still control the domain name, or do I misunderstand?

And the name was renewed right? You are not talking about it being lost simply because it expired?

I hope it gets resolved.

Bob
The domain is about to expire at the end of this month. Yes I can still set the DNS pointing.

The Swedish IIS has some hacking going on. I got a mail from my registrar stating the domain was regd in 2016 by theis guy whose name is with it now. Then I got a mail from the IIS saying that it was registered in 2017 and with the same owner but I have a receipt for my registration and purhcase and the waybackmachine only shows the date I registered the domain. It also redirects to the registrar where I registered it because then there was no webpage.

PM with domain name
 
2
•••
Again, weird. Feel free to pm me with additional info and I'll see if I can find some trails. Without a name there's little to comment on any further.
 
0
•••
0
•••
The domain is about to expire at the end of this month. Yes I can still set the DNS pointing.

If your account allows you to control dns, Then you have control of the name. Pay the $10 renewal and relax until you figure it out with the new registrar as it sounds like a database issue at the registrar since the original owners name appears.
 
1
•••
I checked it out but can't find anything strange. It's probably your new host/registrar screwing up. Might be wise to request the auth code and move it asap. Don't know if the domain shows in your panel but I'm sure they could mail it to the domain owner.

The name was regged in 2016 and shows a last update of little over a year ago which may have been a transfer so if something happened to the name itself it wasn't a very recent occurrence. Did loopia change owners? they're quite an established registrar as far as I know.

Wayback doesnt give me much besides a lander though.
 
0
•••
I checked it out but can't find anything strange. It's probably your new host/registrar screwing up. Might be wise to request the auth code and move it asap. Don't know if the domain shows in your panel but I'm sure they could mail it to the domain owner.

The name was regged in 2016 and shows a last update of little over a year ago which may have been a transfer so if something happened to the name itself it wasn't a very recent occurrence. Did loopia change owners? they're quite an established registrar as far as I know.

Wayback doesnt give me much besides a lander though.
None of the above data fits reality. That data presented has been changed.

I have had the domain for 1 year. I registered it first. It was never regd in 2016. IIS say it was registered in 2017. I regd it in 2018.
 
0
•••
.se.png


I blacked out the name but it clearly shows 2016... who did you reg it with?
 
0
•••
The update is that they have removed the domain from my control now and my site is gone. A police complaint is filed for a domain name of substantial value that has been stolen by thieves who have hacked the IIS Internet foundation in charge of .se domain names.

It is most likely insiders who have access at these places. It is a CyberCrime and Sweden's Police Authority have a division for that. They might actually do something about it.

I have been lawyering up is all I am able to say now.
 
1
•••
Does your current registrar have any explanation?
Any log for this ? (since they removed it from your control panel..)
 
0
•••
The update is that they have removed the domain from my control now and my site is gone. A police complaint is filed for a domain name of substantial value that has been stolen by thieves who have hacked the IIS Internet foundation in charge of .se domain names.

It is most likely insiders who have access at these places. It is a CyberCrime and Sweden's Police Authority have a division for that. They might actually do something about it.

I have been lawyering up is all I am able to say now.

ok. well if you have proof there's nothing to worry about. all I can say is archive.org doesnt show any data besides a lander from 2018.

s2.png
 
0
•••
ok. well if you have proof there's nothing to worry about. all I can say is archive.org doesnt show any data besides a lander from 2018.

Show attachment 120865
That is redirecting to FSData... it's looking for home becuase it can't find an index.php file there for a site, because I hadn't built it yet, and therefore redirects to the registrars main page. That is how that is set up with them. Proof that I had it registered there. They only removed the domainname yesterday and with that... access to the site. They have log files. I have screen dumps witnesses, support errands with them and others regarding the site, database software incompatibility and upgrades etc. and an installation from a 3rd party company. Plus my payments, registration emails etc.

About 50 emails on the subject of this site beck and forth with their support.
 
Last edited:
3
•••
That is redirecting to FSData... it's looking for home becuase it can't find an index.php file there for a site, because I hadn't built it yet, and therefore redirects to the registrars main page. That is how that is set up with them. Proof that I had it registered there. They only removed the domainname yesterday and with that... access to the site. They have log files. I have screen dumps witnesses, support errands with them and others regarding the site, database software incompatibility and upgrades etc. and an installation from a 3rd party company. Plus my payments, registration emails etc.

About 50 emails on the subject of this site beck and forth with their support.

ok, well as there's publicly no data to support this and there are no trails to be found I'm not sure what you can do. Archive.org only indexed one page which is late 2018. If the website was developed I find it hard to believe there's only one indexed page.

Anyway, as you seem to be certain of your case and it hasn't been regged before 2018 all I can suggest to you is to get in touch with the ombudsman and maybe a lawyer.

Like I said, I have been dealing with IIS as a registry for like 2 decades and never had any issues. If what you're claiming is true it would be a big deal as they have a proven track record of reliability.

also, you sent me some screenshots where you were the domain was using a SSL cert. in order for that to work there must have been some domains verification against an ip address. see if you can find that in your browser and save it for future reference. it may act as proof.
 
0
•••
the weird part is, you apparently have been able to control the domain without owning it. My best guess is the registrar messed up. allowed you to register the domain while it has already been in possession of another client. maybe due to a merge of databases after the ownership change of the company.

there simply has to be more to the story. Your screens seem legit but I find it hard to believe IIS got hacked to this degree for this particular domain.

Anyway. I don't think there is anything others can do for you. You should definitely press your registrar for further explanation if you have proof of billing etc etc.
 
2
•••
there simply has to be more to the story. Your screens seem legit but I find it hard to believe IIS got hacked to this degree for this particular domain.

Never underestimate thieves ... or the stupidity of thieves.

svajpaChrome SSL.JPG
 
Last edited:
0
•••
My best guess is the registrar messed up. allowed you to register the domain while it has already been in possession of another client.

there simply has to be more to the story.
So is this another @ my domain was stolen @ thread at NP where nothing was stolen and in fact there is an alternate explanation? In this case here is the explanation that the OP never had clear title to it in the first place? he was never the bona fide owner?
 
Last edited:
0
•••
So is this another @ my domain was stolen@ thread at NP where nothing was stolen and in fact there is an alternate explanation? In this case here is the explanation that the OP never had clear title to it in the first place? he was never the bona fide owner?
Because nothing ever got stolen before right?
 
0
•••
Back