IT.COM

The domain JixHost.com was hijacked and stolen to another registrar

NameSilo
Watch

Jose Nobio

Established Member
Impact
51
I'm an owner of an industry recognized webhosting provider "Jixhost.com" since 2008 for which my domain was hijacked on October of 2020 from Domains Priced Right (GoDaddy) to Namecheap under a different registrant located in the middle east which has made a copy of my website and essentially stole a business I've had for 12 years.

I had immediately opened an unauthorized domain transfer dispute with my registrar and after 3 months they reply that Namecheap responded that the transfer was "authorized"


I've also posted 3 videos on my YouTube channel "WebsitePlex" regarding what happened.

I'm hoping it would be of enough value to the community to learn from and to bring to light this unfortunate situation.
 
5
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
At least, you probably should fill a police report. Would not harm. (not a legal advice).

The registrars need to select between various scenarios:

- domain was stolen

- domain was not stolen, but somebody representing himself as mr. Jose [not real mr. Jose] is trying to steal it right now

- there is a business dispute between former business partners

- etc, etc, etc

How the registrars can decide what really happened? They do not have full picture. Moreover, being IT professionals, they might ask how was it possible to steal the whole webhosting business by just obtaing access to domain name? There are tons of other things. Servers. Domain reselling. Billing agreements (recurring). Bank, paypal, merchant accounts. Just to name a few.

Please do not disclose extra details here on public forum though...

The registrars cannot decide here. They, however, must do whatever the appropriate court prescribes them to. IMO.
 
Last edited:
1
•••
Always be careful before pushing domains and make sure you keep domains you own. From time to time an accidental push can occur. If it does you must contact register same day rather than this issue contacting last year.
 
0
•••
Always be careful before pushing domains and make sure you keep domains you own. From time to time an accidental push can occur. If it does you must contact register same day rather than this issue contacting last year.
I've been a member here at NamePros since 2003 (Trusted Contest Holder, Trader Satisfaction 100%) & known Jose personally from our webhosting businesses for the past 3 years. I can vouch for him that he's an honest man and is the real owner of JixHost. I've seen the evidence & am 100% certain that Jose is correct.

I saw how this community was able to put pressure on GoDaddy to release Brent Oxley's domains & I'm hoping we can do the same for Jose. Jose was posting for help from 2020 on the wrong forum & I told him that NamePros is the industry's #1 Domain Forum:
https://www.webhostingtalk.com/showthread.php?t=1833325

In this case it wasn't an accidental "push."
Unfortunately Jose didn't have 2 Factor Authentication on his email account and the hacker was able to use it during the times that Jose was sleeping to transfer JixHost and almost other domains. The hacker (we think from Iraq) messed up by not deleting one of the transfer confirmation emails which Jose discovered.

But it was too late for Jixhost. The hacker was able to clone Jose's website to fool new sign-ups from the YEARS of YouTube videos, Google ads, and links Jose has put in place.
Check out Jose's video from the morning he discovered that JixHost had been stolen:

Thank you for any ideas, especially how to put pressure on Namecheap.com to do the right thing and open up their own investigation (GoDaddy appears somewhat useless in fighting for Jose's Domain).

I'm confident Namecheap will act with integrity in this matter as they are one of the best domain registrars that fight for fairness.
 
Last edited:
10
•••
Ive spoken with the OP on another forum before. I can vouch he's being using that brand/domain for many, many years. Best of luck to you brother.
 
4
•••
Last edited:
1
•••
I've been a member here at NamePros since 2003 (Trusted Contest Holder, Trader Satisfaction 100%) & known Jose personally from our webhosting businesses for the past 3 years. I can vouch for him that he's an honest man and is the real owner of JixHost. I've seen the evidence & am 100% certain that Jose is correct.

I saw how this community was able to put pressure on GoDaddy to release Brent Oxley's domains & I'm hoping we can do the same for Jose. Jose was posting for help from 2020 on the wrong forum & I told him that NamePros is the industry's #1 Domain Forum:
https://www.webhostingtalk.com/showthread.php?t=1833325

In this case it wasn't an accidental "push."
Unfortunately Jose didn't have 2 Factor Authentication on his email account and the hacker was able to use it during the times that Jose was sleeping to transfer JixHost and almost other domains. The hacker (we think from Iraq) messed up by not deleting one of the transfer confirmation emails which Jose discovered.

But it was too late for Jixhost. The hacker was able to clone Jose's website to fool new sign-ups from the YEARS of YouTube videos, Google ads, and links Jose has put in place.
Check out Jose's video from the morning he discovered that JixHost had been stolen:

Thank you for any ideas, especially how to put pressure on Namecheap.com to do the right thing and open up their own investigation (GoDaddy appears somewhat useless in fighting for Jose's Domain).

I'm confident Namecheap will act with integrity in this matter as they are one of the best domain registrars that fight for fairness.

I dont get it so the members there are unaware the site is cloned and stolen? shouldn't someone make it their priority to let them know to immediately stop using the site???? this is just plain weird tale
 
1
•••
Yes there is one organization named as ica which boasts of helping domain name registrants.
Ask help from them. Do not pay them 50k if they ask you to. Tell them you are a domain registrant and fraud has happened with you.
There are many people here who just pops up from nowhere. Ask one of them to connect you with the right person in ica

lol
 
1
•••
I'm an owner of an industry recognized webhosting provider "Jixhost.com" since 2008 for which my domain was hijacked on October of 2020 from Domains Priced Right (GoDaddy) to Namecheap under a different registrant located in the middle east which has made a copy of my website and essentially stole a business I've had for 12 years.

I had immediately opened an unauthorized domain transfer dispute with my registrar and after 3 months they reply that Namecheap responded that the transfer was "authorized"


I've also posted 3 videos on my YouTube channel "WebsitePlex" regarding what happened.

I'm hoping it would be of enough value to the community to learn from and to bring to light this unfortunate situation.
Should I signup for hosting there? Also, are you sure about the push process?
 
0
•••
I dont get it so the members there are unaware the site is cloned and stolen? shouldn't someone make it their priority to let them know to immediately stop using the site???? this is just plain weird tale

All existing clients were emailed that day telling them that I was migrating them to my other host, WebsitePlex com, the problem is that new clients don't know as they assume nothing changed and register with Jixhost. I've received reports from old clients that they were getting emails demanding additional amounts of money as well as discounts to pay them for 3 years of advance hosting all the while I'm hosting those clients on my servers.

The hackers got the domain and a copy of the website/whmcs then simply updated payment info. The servers with clients were not accessed or hacked as I changed all logins/passwords and keys.
 
4
•••
I dont get it so the members there are unaware the site is cloned and stolen? shouldn't someone make it their priority to let them know to immediately stop using the site???? this is just plain weird tale

The existing client base was notified on the same day and moved to my other host WebsitePlex com. Hacker did not have access to the servers, only the domain & website with whmcs.
 
3
•••
I've gotten quotes from attorneys of $7k to $15k to file a suit in attempt to get a court order in recovering the domain. Is there a less expensive option?

Less expensive? Dunno. But if you want the best in this business contact @jberryhill .
 
3
•••
In Rem domain name proceeding in Virginia may be a cheaper option. Should it be successful, Verisign registry will deliver the domain name to you, and no cooperation from either Namecheap or GoDaddy will be required. Why Virginia? Because Verisign, .com registry, is located in Virginia. You'll still need a lawyer though...
P.S. It is what "big boys" like Microsoft use to retreive infringing regs like m1cr0soft .com etc in bulk
 
4
•••
GoDaddy: Oct 26, 2020 jixhost.com @Joe Styler @Paul Nicks
From what I read above in the thread it seems like our team investigated and tried to recover the domain via a dispute. At this point the only option would be to contact an attorney. They can weigh in on your legal options. I would choose one familiar with domain names. Some names that come to mind of domain attorneys I would choose myself are @jberryhill Gerald Levine or Karen Bernstein in New York City, and Jason Schaeffer from esqwire.com. Again that is if I was to choose someone to represent me. I am not providing legal advice, any of them can give you legal advice. I am sorry this happened to you.
 
6
•••
From what I read above in the thread it seems like our team investigated and tried to recover the domain via a dispute. At this point the only option would be to contact an attorney. They can weigh in on your legal options. I would choose one familiar with domain names. Some names that come to mind of domain attorneys I would choose myself are @jberryhill Gerald Levine or Karen Bernstein in New York City, and Jason Schaeffer from esqwire.com. Again that is if I was to choose someone to represent me. I am not providing legal advice, any of them can give you legal advice. I am sorry this happened to you.

Thanks J! Have a nice day!
 
1
•••
On February 5, 2021 I got this response from Domains Priced Right (GoDaddy)

Here's our response to your request.

We have received an update regarding JIXHOST COM, NameCheap has concluded the transfer was valid. Please understand that we did everything in our power to get the domain back into your possession.

Here are a couple options for you to consider:

1. Contact the current owner of the domain name

That's a very clever answer from Domain Priced Right. Please contact the robber who stole your domain and beg him to hand it over
 
2
•••
2021 will be a disasters for domainers too, beside covid-19, we heard many big domain hacks
 
2
•••
The existing client base was notified on the same day and moved to my other host WebsitePlex com. Hacker did not have access to the servers, only the domain & website with whmcs.

so they are asking members for extra money etc..scam as much as possible.

I think u need to resolve this asap as there is chance if people get scammed there they may after u for refunds or legal case. as they still believe u run biz... with all yer info there..name etc I assume.

it may take u time to recover name but in meantime u should explore other venues to basically get the site shutdown.

u have enuf proof the site is not ran by u.

try to find out how to get site offline.. those members need to be protected..u just cant let them be on a stolen cloned site...this is unbelievable..

and frankly u not trying to call police or other proper authorities just to shut down site is abnormal to me. protecting your clients should be yer priority. now u just left them on scam site ..with extra payment demands etc..all their personal info compromised too.
 
0
•••
1) you must file a police complaint and send the complaint copy to both GoDaddy and namecheap.

2) ask namecheap to restrict the domain name from moving out to another registrar.

3) ask namecheap why are they not transferring the domain back when you raised a domain transfer dispute. What reason did they give you ? Send them police/court complaint copy.

4) You must secure auto debit monthly payment approvals of your customers. Inform your bank as well to not allow any unauthorised transaction from your company bank account associated at backend of your website.

5) take ip address details from GoDaddy which was used to approve the transfer from your email id.

6) is there any of your employee who left recently ? Or is there any employee whom you fired and was kind of angry with you.

7) Ask any of your customer to make an additional payment of hosting as asked by thief , and then ask feds to trace the money flow upto the bank account and associated address with it .

This is not just a domain theft . They are after your business.
 
0
•••
so they are asking members for extra money etc..scam as much as possible.

I think u need to resolve this asap as there is chance if people get scammed there they may after u for refunds or legal case. as they still believe u run biz... with all yer info there..name etc I assume.

it may take u time to recover name but in meantime u should explore other venues to basically get the site shutdown.

u have enuf proof the site is not ran by u.

try to find out how to get site offline.. those members need to be protected..u just cant let them be on a stolen cloned site...this is unbelievable..

and frankly u not trying to call police or other proper authorities just to shut down site is abnormal to me. protecting your clients should be yer priority. now u just left them on scam site ..with extra payment demands etc..all their personal info compromised too.

I had made a report to IC3.gov (FBI), made YouTube videos, emailed all clients, reported abuse to Namecheap and HostGator (their host), posted in forums and company Facebook and twitter accounts.
 
0
•••
1) you must file a police complaint and send the complaint copy to both GoDaddy and namecheap.

2) ask namecheap to restrict the domain name from moving out to another registrar.

3) ask namecheap why are they not transferring the domain back when you raised a domain transfer dispute. What reason did they give you ? Send them police/court complaint copy.

4) You must secure auto debit monthly payment approvals of your customers. Inform your bank as well to not allow any unauthorised transaction from your company bank account associated at backend of your website.

5) take ip address details from GoDaddy which was used to approve the transfer from your email id.

6) is there any of your employee who left recently ? Or is there any employee whom you fired and was kind of angry with you.

7) Ask any of your customer to make an additional payment of hosting as asked by thief , and then ask feds to trace the money flow upto the bank account and associated address with it .

This is not just a domain theft . They are after your business.

1. Reported to IC3 (FBI)
2. Namecheap has not suspended the domain when I reported abuse to them.
3. They would not communicate to me and referred me to GoDaddy
4. Auto payments were fine, new payments by a few clients that were not aware had their accounts suspended by the original website/billing system still accessible by me via IP. I edited the suspended page to direct the client to call or email me so I could explain the situation to them including suggesting they file a chargeback if payment was made.
5. GoDaddy said I needed a court order for any Information.
6. I have no employees.
7. Feds have not responded to my complaint, I obtained their email associated to their PayPal account via a screen shot from a client that had paid them inadvertently. If you go to the website now and go through checkout, their PayPal account email would be revealed.
 
0
•••
I'm an owner of an industry recognized webhosting provider "Jixhost.com" since 2008 for which my domain was hijacked on October of 2020 from Domains Priced Right (GoDaddy) to Namecheap under a different registrant located in the middle east which has made a copy of my website and essentially stole a business I've had for 12 years.

I had immediately opened an unauthorized domain transfer dispute with my registrar and after 3 months they reply that Namecheap responded that the transfer was "authorized"


I've also posted 3 videos on my YouTube channel "WebsitePlex" regarding what happened.

I'm hoping it would be of enough value to the community to learn from and to bring to light this unfortunate situation.

dont u find it odd they targeted u for yer business..and not because for domain value per se... do u wonder if it could be someone u know... who knew about profitability of yer site?

I mean isn't it safe to conclude the thief knew b4 stealing yer name that they would clone yer site and run it?
 
0
•••
@tamar namecheap should to freeze outgoing transfers and name server changes are not allowed until this case is closed
 
2
•••
dont u find it odd they targeted u for yer business..and not because for domain value per se... do u wonder if it could be someone u know... who knew about profitability of yer site?

I mean isn't it safe to conclude the thief knew b4 stealing yer name that they would clone yer site and run it?

I feel that 11 years of history with over 20k registrants in the database, coupled with marketing attracted not only clients but criminals as well. The mistake I made was that I did not have 2FA enabled and I did not disable password reset in cPanel. My domain email account was compromised so it was simply password resets via email to gain access to my registrar to initiate transfer and cPanel to download a backup.
 
2
•••
I've gotten quotes from attorneys of $7k to $15k to file a suit in attempt to get a court order in recovering the domain. Is there a less expensive option?

Yes, and within around 40 days from start to finish.

Pursuing a transfer dispute in this type of situation is usually a pointless waste of time, since the transfer is likely to have been technically compliant, and to have likely used compromised email accounts which the registrars are required to regard as authoritative.

The transfer dispute process is most likely to go nowhere. If your email address was compromised, the transfer was technically compliant, and that is the end of the story there.

Furthermore, providing registrars with police reports is just a fancy way of packaging allegations which registrars have no way of knowing are true or not.

Since the domain name was used in the course of distinguishing your business, it obviously functioned as a trademark and it is surprising that none of the attorneys with whom you spoke recommended the obvious and less expensive course of action.

You might want to review the facts of these cases, and counsel identified in them.

This is a common fact pattern. If the attorneys with whom you have consulted thus far are unfamiliar with how to address this issue, you may be speaking with the wrong attorneys.

Have a look at the highlighted facts below:

https://www.adrforum.com/DomainDecisions/1008008.htm

Complainants are HandHeld Entertainment and Kieran O'Neil (collectively, “Complainant”), represented by John Berryhill

...

HandHeld Entertainment recently acquired Mr. O’Neill’s website, domain name, and the goodwill associated with the HOLYLEMON mark. The website is now a wholly owned subsidiary of HandHeld Entertainment. The Panel will hereinafter refer to HandHeld Entertainment and Mr. O’Neill collectively as “Complainant.”

At some point after entering into its asset purchase agreement with HandHeld Entertainment, Mr. O’Neill encountered difficulties logging into his e-mail account and soon thereafter discovered the he could no longer access the <holylemon.com> domain name, and that the domain name was somehow also transferred to another registrar. Mr. O’Neill believes this was the result of using public Wi-Fi Internet access while traveling to meet with HandHeld Entertainment.

...

Because Respondent has hijacked the <holylemon.com> domain name from Complainant and is using it to operate a website virtually identical to the website Complainant previously operated at the domain name in dispute, the Panel finds that Respondent has registered and is using the disputed domain name for the primary purpose of disrupting Complainant’s business pursuant to Policy ¶ 4(b)(iii).

https://www.adrforum.com/DomainDecisions/1623023.htm

Complainant is John Dilks (“Complainant”), represented by John Berryhill

...

Respondent has illegally hijacked the domain name and listed itself as the registrant, rather than Complainant. Respondent continues to transfer the domain name to different registrars in an effort to conceal Respondent’s true identity and to prevent easy recovery of the domain name. In an effort to conceal the hijacking, the disputed domain name has resolved to Complainant’s own website at all times. Where the complainant was the former owner of the domain name, this raises a rebuttable presumption of bad faith registration and use even when the domain name still resolves to Complainant’s web site. See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”); see also Verizon Trademark Servs. LLC v. Boyiko, FA 1382148 (Nat. Arb. Forum May 12, 2011) (“The Panel finds that Respondent’s registration and use of the confusingly similar disputed domain name, even where it resolves to Complainant’s own site, is still registration and use in bad faith pursuant to Policy ¶4(a)(iii).”). Respondent’s actions constitute find bad faith under Policy ¶4(a)(iii).

https://www.adrforum.com/DomainDecisions/1633946.htm

Complainant is Michael Evans and Chord Consulting Inc. d/b/a XAG (“Complainant”), represented by John Berryhill

...

Complainant alleges that it previously owned the registration for the <xag.com> domain name, and that Respondent only acquired the domain name through theft by compromising Complainant’s administrative e-mail address in order to authorize a registration transfer. While past panels have not seen many instances of similar domain name theft, they have found that there is a likelihood of bad faith when a complainant previously owned a domain name and no longer does, unless there is evidence to suggest a lack of bad faith. See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”). Therefore, given Respondent’s failure to respond, the Panel finds that Respondent registered and uses the <xag.com> domain name in bad faith pursuant to Policy ¶ 4(a)(iii).


----------------

The UDRP elements are straightforward:

1. Trademark Rights

"Jixhost" is obviously a distinctive and longstanding mark for the service.

2. Legitimate Rights

The respondent has no legitimate rights in a stolen name

3. Bad Faith Registration and Use

Obviously, stealing a name constituted bad faith registration

You will hear some people say "you can't use the UDRP for a stolen domain name." That is nonsense. What you can't do is to use the UDRP for a stolen domain name if you did not have trademark rights in the term. The UDRP does not require a registered mark, but provable common law rights in a distinctive term are sufficient.

And, finally, if you are approached by anyone selling "domain name insurance" ask to see whatever license they have obtained from the state where they are operating.
 
Last edited:
17
•••
5
•••
Back