advice Domain name theft

[BrandEntrance.com]

I just discovered that one of my domain names has been stolen (for want of a better word) and I just need to know what to do in this event.

The name was moved from one registrar to another without my permission and is under someone else's name.

The website is under my control and I have left some info there for the IIS (Swedish ICANN Country Reps) to see.

Any advice would be appreciated. I have a site under development there as I stated. This word is a hype word and was recently added to the Official Swedish Dictionary. I don't want to say the name of the site.

I know there are domain registrars here and I would really like to know how they deal with this.

 

[Mister Funsky]

I know there are domain registrars here

There is only one person that I would contact that is active here and that is Rob from epik...send him a direct message with basic details and he may be able to help.

 

[BrandEntrance.com]

ok. well if you have proof there's nothing to worry about. all I can say is archive.org doesnt show any data besides a lander from 2018.

Show attachment 120865

That is redirecting to FSData... it's looking for home becuase it can't find an index.php file there for a site, because I hadn't built it yet, and therefore redirects to the registrars main page. That is how that is set up with them. Proof that I had it registered there. They only removed the domainname yesterday and with that... access to the site. They have log files. I have screen dumps witnesses, support errands with them and others regarding the site, database software incompatibility and upgrades etc. and an installation from a 3rd party company. Plus my payments, registration emails etc.

About 50 emails on the subject of this site beck and forth with their support.

 

[branding]

This is frustrating if people just add negative comments without actually reading what has happened.

If one of you get robbed I am not going to jump in and say "well maybe you are a thief and they are just taking back what is theirs!". Keep it real.

I registered a free domain and paid for it. Used it for a year. The whois data was about the day I regd it. Now the data is changed and my site and all that is now closed down. I HAVE LEGAL DOCUMENTS AND RECEIPTS and interactions with companies that prove it was mine.

Now do you understand?

Chill man. Like I said. There's a good possibility you actually did reg it due to a back end error. So I can get you're pissed off.

Nobody's calling you a thief though. Maybe the registrar did but over here nobody is accusing you of anything. I actually spend some cash to check out your story as if what you claim is to be true the entire .se root would be compromised and that would put over 1K of domains I handle at danger.

 

[Gube]

Was "Transfer lock" set on your name?
Try to contact your registrar to see what they say about it

 

[BrandEntrance.com]

I can only imagine how stressful this is @jamesall. I am a little confused by situation.
In terms of one registrar to another there are amalgamations, buy outs, registrar failures followed by bulk transfer, etc. so that by itself is not necessarily something a registrant can do anything about. However, you say the contacts were changed so it does not list you? That is of course serious. But the following confuse me a bit....

To me that implies that you can still set the DNS pointing which means you do still control the domain name, or do I misunderstand?

And the name was renewed right? You are not talking about it being lost simply because it expired?

I hope it gets resolved.

Bob

The domain is about to expire at the end of this month. Yes I can still set the DNS pointing.

The Swedish IIS has some hacking going on. I got a mail from my registrar stating the domain was regd in 2016 by theis guy whose name is with it now. Then I got a mail from the IIS saying that it was registered in 2017 and with the same owner but I have a receipt for my registration and purhcase and the waybackmachine only shows the date I registered the domain. It also redirects to the registrar where I registered it because then there was no webpage.

PM with domain name

 

[branding]

the weird part is, you apparently have been able to control the domain without owning it. My best guess is the registrar messed up. allowed you to register the domain while it has already been in possession of another client. maybe due to a merge of databases after the ownership change of the company.

there simply has to be more to the story. Your screens seem legit but I find it hard to believe IIS got hacked to this degree for this particular domain.

Anyway. I don't think there is anything others can do for you. You should definitely press your registrar for further explanation if you have proof of billing etc etc.

 

[xynames]

What you’re saying NameDeck, which is same thing I’m getting at, is that he possibly never had clear title to the domain. He never paid any fees (even though he keeps talking about “payments”). Apparently, he doesn’t have “receipts” (plural) because all that happened was one single transaction where he received control of the domain.

As far as that the domain didn’t exist other than for the one year that he had control of it, that’s conjecture not fact.

Anyway the simple explanation is that the domain belongs to someone else that someone being whoever registered it at some prior date - apparently 2016 - and OP’s “registration” wasn’t a registration of a new domain but rather his picking up what was already registered but not actually expired.

The other explanation is the one offered by OP that there was some vast conspiracy to backdate creation date of the domain and that no one has been paying fees or holding title on the domain since 2016.

 

[branding]

What you’re saying NameDeck, which is same thing I’m getting at, is that he possibly never had clear title to the domain. He never paid any fees (even though he keeps talking about “payments”). Apparently, he doesn’t have “receipts” (plural) because all that happened was one single transaction where he received control of the domain.

As far as that the domain didn’t exist other than for the one year that he had control of it, that’s conjecture not fact.

Anyway the simple explanation is that the domain belongs to someone else that someone being whoever registered it at some prior date - apparently 2016 - and OP’s “registration” wasn’t a registration of a new domain but rather his picking up what was already registered but not actually expired.

The other explanation is the one offered by OP that there was some vast conspiracy to backdate creation date of the domain and that no one has been paying fees or holding title on the domain since 2016.

Yes, we're on the same page here. I'm not saying the OP has no reason to be pissed off, I know I would be in this scenario but just like you I tend to be looking for the easiest, more logical explanation.

I also take into account the value of the name. If I were to run some elaborate scheme to hack a registry I sure as hell wouldn't target this domain. It's not worth the risk. It might have been the case if I targeted a fair lot of good (not amazing, super premium as that wouldn't go unnoticed) but eventually it would get noticed and I'm sure any registry that would be compromised to this extend would be trending news in no time, especially if it concerns a well established ccTLD like .se.

Op sent me some screenshots from a chat he had with the support. They basically accused him, which usually a support guy won't degrade himself too. I was a pain in the ass this day to their support (same people) and they have been nothing but friendly and accommodating.

I'd love to see a full transcript of that chat to know on what facts their support based their claims so if OP is willing to share them in private I'm willing to review their stance.

Thing is, there's no real solution to this case that OP may find to be satisfactory.

If IIS really was hacked and there's some elaborate scheme going on, suing seems to be the only option. If OP really has the proof he claims he has it's an easy win though and would 100% result in him getting the domain back. Any sane lawyer would take that case. If OP really has the proof he claims he has that is.

If it was registered to him in error while already registered by someone else, sure, the registrar is to blame but he would not have any legal claim to the name, just like xynames stated before.

 

[BrandEntrance.com]

Update:

I got the domain name back again!

And... yes I paid all fees for the domain when I had it originally etc. What the heck do you guys expect? Anyway I got it back and the matter is closed.

It is my domain!!!

 

[BrandEntrance.com]

@Rob Monster Anything you can help me with?

 

[branding]

As you mentioned IIS I take it you're talking about a ccTLD. Could you pm me the name? And possibly the registrar?

Weird story. Maybe they hacked your account and got the Auth code? You wouldn't need any further approval to move the name if you had the code so that may have happened.

Edit: Also, it might be useful to know exactly when this happened. IIS has complaint procedures set in place (not sure you already followed that route) and there's always the possibility to sue them if it's worth it in terms of value lost.

Edit 2: I have been dealing with IIS as a registry for as long as I can remember and there has never been any sign of shady practices going on so there must be more to the story. Do keep us posted.

 

[Bob Hawkes]

I can only imagine how stressful this is @jamesall. I am a little confused by situation.

The name was moved from one registrar to another without my permission and is under someone else's name.

In terms of one registrar to another there are amalgamations, buy outs, registrar failures followed by bulk transfer, etc. so that by itself is not necessarily something a registrant can do anything about. However, you say the contacts were changed so it does not list you? That is of course serious. But the following confuse me a bit....

The website is under my control and I have left some info there for the IIS (Swedish ICANN Country Reps) to see.

To me that implies that you can still set the DNS pointing which means you do still control the domain name, or do I misunderstand?

And the name was renewed right? You are not talking about it being lost simply because it expired?

I hope it gets resolved.

Bob

 

[offthehandle]

The domain is about to expire at the end of this month. Yes I can still set the DNS pointing.

If your account allows you to control dns, Then you have control of the name. Pay the $10 renewal and relax until you figure it out with the new registrar as it sounds like a database issue at the registrar since the original owners name appears.

 

[BrandEntrance.com]

The update is that they have removed the domain from my control now and my site is gone. A police complaint is filed for a domain name of substantial value that has been stolen by thieves who have hacked the IIS Internet foundation in charge of .se domain names.

It is most likely insiders who have access at these places. It is a CyberCrime and Sweden's Police Authority have a division for that. They might actually do something about it.

I have been lawyering up is all I am able to say now.

 

[xynames]

Who has been paying the renewal fees each year since 2016?

 

[xynames]

Who has been paying the renewal fees each year since 2016?

Nobody paid any fees except me.

Sounds good, until he says

I was going to do my first renewal.

Which means, what? That he hadn’t paid any renewal fees yet (this was his “first renewal”) but was “going to?”

So, again,

Who has been paying the renewal fees each year since 2016?

 

[BrandEntrance.com]

This is frustrating if people just add negative comments without actually reading what has happened.

If one of you get robbed I am not going to jump in and say "well maybe you are a thief and they are just taking back what is theirs!". Keep it real.

I registered a free domain and paid for it. Used it for a year. The whois data was about the day I regd it. Now the data is changed and my site and all that is now closed down. I HAVE LEGAL DOCUMENTS AND RECEIPTS and interactions with companies that prove it was mine.

Now do you understand?

 

[branding]

N O B O D Y ! ! !. That data has been changed at IIS !!! It was never registered then.

Do any of you know what a database is and how to use one?

Uhm yes... I've been working on databases my entire life.

As you're an Linux admin yourself, wouldn't you say it's more likely for the registrar to get hacked than it is for the registry to get hacked if a hack happened?

Anyway, your registrar definitely does have some DB sync issues as I signed up, moved a domain, cancelled an invoice and the domain was still there in my account although it was actually not registered. Couldn't make changes to the DNS though.

They are a namesrs reseller, loopia is not so the issue is probably at your registrar or namesrs.

Unless ofcourse IIS did get hacked but I can see no public trace that supports that statement.

Your generated invoice should be proof of your buy and I think you actually did buy the name but due to a glitch in the back end you were able to reg it.

Where did you perform the domain check when you ordered it? At the registrar?

Glitches like this do happen. I once ended up with a single letter .org on namecheap. In cases like this the domain is not actually registered by 2 people at the same time.

I also remember that case where someone owned google.com for a short while due to a backend glitch.

 

[BrandEntrance.com]

Glad it worked out. Hope you don't mind me asking... What happened that caused this mess?

Whois shows it was dropped and re-registered...

PM

 

[BrandEntrance.com]

Was "Transfer lock" set on your name?
Try to contact your registrar to see what they say about it

My registrar has recently changed owners. The place where the name landed was with a registrar that changed owners. I think it's done to hide as much as possible.

The official data in sweden is that the name was reg'd with the same owner since 2016 but my receipts and info at waybackmachine prove that it redirects to my registrar in sweden and was reg'd the day I said it was. I still have a live site today.

The registrar I had it with says that their data is changed aka someone has changed the logfiles.

I am also a Linux Admin.

----------
The IIS say they can't do anything so this fkr is going to get away with it because the swedish police are not going to investigate this.

Why do the IIS have this mission? The official data is being tampered without any action being done. It goes against the info at waybackmachine and my email receipts which are legal documents in this country.

They are useless.

 

[BrandEntrance.com]

There is only one person that I would contact that is active here and that is Rob from epik...send him a direct message with basic details and he may be able to help.

How do I do that?

 

[BrandEntrance.com]

Is this how the industry is going to be?

Just let anybody steal a domain, and if they are in Sweden then they get away with it.

How can I complain about this to ICANN? Aren't they the top ones?
Aren't IIS supposed to work proactively to ensure the domaining in Sweden follows rules and regulations with requirements for accountability, routines and a so called paper trail?

 

[branding]

Again, weird. Feel free to pm me with additional info and I'll see if I can find some trails. Without a name there's little to comment on any further.

 

[Towvare]

Hey, Any update?