The domain JixHost.com was hijacked and stolen to another registrar

[Jose Nobio]

I'm an owner of an industry recognized webhosting provider "Jixhost.com" since 2008 for which my domain was hijacked on October of 2020 from Domains Priced Right (GoDaddy) to Namecheap under a different registrant located in the middle east which has made a copy of my website and essentially stole a business I've had for 12 years.

I had immediately opened an unauthorized domain transfer dispute with my registrar and after 3 months they reply that Namecheap responded that the transfer was "authorized"


I've also posted 3 videos on my YouTube channel "WebsitePlex" regarding what happened.

I'm hoping it would be of enough value to the community to learn from and to bring to light this unfortunate situation.

 

[jberryhill]

I've gotten quotes from attorneys of $7k to $15k to file a suit in attempt to get a court order in recovering the domain. Is there a less expensive option?

Yes, and within around 40 days from start to finish.

Pursuing a transfer dispute in this type of situation is usually a pointless waste of time, since the transfer is likely to have been technically compliant, and to have likely used compromised email accounts which the registrars are required to regard as authoritative.

The transfer dispute process is most likely to go nowhere. If your email address was compromised, the transfer was technically compliant, and that is the end of the story there.

Furthermore, providing registrars with police reports is just a fancy way of packaging allegations which registrars have no way of knowing are true or not.

Since the domain name was used in the course of distinguishing your business, it obviously functioned as a trademark and it is surprising that none of the attorneys with whom you spoke recommended the obvious and less expensive course of action.

You might want to review the facts of these cases, and counsel identified in them.

This is a common fact pattern. If the attorneys with whom you have consulted thus far are unfamiliar with how to address this issue, you may be speaking with the wrong attorneys.

Have a look at the highlighted facts below:

https://www.adrforum.com/DomainDecisions/1008008.htm

Complainants are HandHeld Entertainment and Kieran O'Neil (collectively, “Complainant”), represented by John Berryhill

...

HandHeld Entertainment recently acquired Mr. O’Neill’s website, domain name, and the goodwill associated with the HOLYLEMON mark. The website is now a wholly owned subsidiary of HandHeld Entertainment. The Panel will hereinafter refer to HandHeld Entertainment and Mr. O’Neill collectively as “Complainant.”

At some point after entering into its asset purchase agreement with HandHeld Entertainment, Mr. O’Neill encountered difficulties logging into his e-mail account and soon thereafter discovered the he could no longer access the <holylemon.com> domain name, and that the domain name was somehow also transferred to another registrar. Mr. O’Neill believes this was the result of using public Wi-Fi Internet access while traveling to meet with HandHeld Entertainment.

...

Because Respondent has hijacked the <holylemon.com> domain name from Complainant and is using it to operate a website virtually identical to the website Complainant previously operated at the domain name in dispute, the Panel finds that Respondent has registered and is using the disputed domain name for the primary purpose of disrupting Complainant’s business pursuant to Policy ¶ 4(b)(iii).

https://www.adrforum.com/DomainDecisions/1623023.htm

Complainant is John Dilks (“Complainant”), represented by John Berryhill

...

Respondent has illegally hijacked the domain name and listed itself as the registrant, rather than Complainant. Respondent continues to transfer the domain name to different registrars in an effort to conceal Respondent’s true identity and to prevent easy recovery of the domain name. In an effort to conceal the hijacking, the disputed domain name has resolved to Complainant’s own website at all times. Where the complainant was the former owner of the domain name, this raises a rebuttable presumption of bad faith registration and use even when the domain name still resolves to Complainant’s web site. See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”); see also Verizon Trademark Servs. LLC v. Boyiko, FA 1382148 (Nat. Arb. Forum May 12, 2011) (“The Panel finds that Respondent’s registration and use of the confusingly similar disputed domain name, even where it resolves to Complainant’s own site, is still registration and use in bad faith pursuant to Policy ¶4(a)(iii).”). Respondent’s actions constitute find bad faith under Policy ¶4(a)(iii).

https://www.adrforum.com/DomainDecisions/1633946.htm

Complainant is Michael Evans and Chord Consulting Inc. d/b/a XAG (“Complainant”), represented by John Berryhill

...

Complainant alleges that it previously owned the registration for the <xag.com> domain name, and that Respondent only acquired the domain name through theft by compromising Complainant’s administrative e-mail address in order to authorize a registration transfer. While past panels have not seen many instances of similar domain name theft, they have found that there is a likelihood of bad faith when a complainant previously owned a domain name and no longer does, unless there is evidence to suggest a lack of bad faith. See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”). Therefore, given Respondent’s failure to respond, the Panel finds that Respondent registered and uses the <xag.com> domain name in bad faith pursuant to Policy ¶ 4(a)(iii).


----------------

The UDRP elements are straightforward:

1. Trademark Rights

"Jixhost" is obviously a distinctive and longstanding mark for the service.

2. Legitimate Rights

The respondent has no legitimate rights in a stolen name

3. Bad Faith Registration and Use

Obviously, stealing a name constituted bad faith registration

You will hear some people say "you can't use the UDRP for a stolen domain name." That is nonsense. What you can't do is to use the UDRP for a stolen domain name if you did not have trademark rights in the term. The UDRP does not require a registered mark, but provable common law rights in a distinctive term are sufficient.

And, finally, if you are approached by anyone selling "domain name insurance" ask to see whatever license they have obtained from the state where they are operating.

 

[DeluxeNames.com]

Always be careful before pushing domains and make sure you keep domains you own. From time to time an accidental push can occur. If it does you must contact register same day rather than this issue contacting last year.

I've been a member here at NamePros since 2003 (Trusted Contest Holder, Trader Satisfaction 100%) & known Jose personally from our webhosting businesses for the past 3 years. I can vouch for him that he's an honest man and is the real owner of JixHost. I've seen the evidence & am 100% certain that Jose is correct.

I saw how this community was able to put pressure on GoDaddy to release Brent Oxley's domains & I'm hoping we can do the same for Jose. Jose was posting for help from 2020 on the wrong forum & I told him that NamePros is the industry's #1 Domain Forum:
https://www.webhostingtalk.com/showthread.php?t=1833325

In this case it wasn't an accidental "push."
Unfortunately Jose didn't have 2 Factor Authentication on his email account and the hacker was able to use it during the times that Jose was sleeping to transfer JixHost and almost other domains. The hacker (we think from Iraq) messed up by not deleting one of the transfer confirmation emails which Jose discovered.

But it was too late for Jixhost. The hacker was able to clone Jose's website to fool new sign-ups from the YEARS of YouTube videos, Google ads, and links Jose has put in place.
Check out Jose's video from the morning he discovered that JixHost had been stolen:

Thank you for any ideas, especially how to put pressure on Namecheap.com to do the right thing and open up their own investigation (GoDaddy appears somewhat useless in fighting for Jose's Domain).

I'm confident Namecheap will act with integrity in this matter as they are one of the best domain registrars that fight for fairness.

 

[Jose Nobio]

In the best interests of the industry, community, past and future clientele of JixHost, I have retained Attorney John Berryhill, Esq. to assist me in this matter in recovering the domain and its associated business to its rightful owner.

 

[bhartzer]

I'm an owner of an industry recognized webhosting provider "Jixhost.com" since 2008 for which my domain was hijacked on October of 2020 from Domains Priced Right (GoDaddy) to Namecheap under a different registrant located in the middle east which has made a copy of my website and essentially stole a business I've had for 12 years.

I had immediately opened an unauthorized domain transfer dispute with my registrar and after 3 months they reply that Namecheap responded that the transfer was "authorized"


I've also posted 3 videos on my YouTube channel "WebsitePlex" regarding what happened.

I'm hoping it would be of enough value to the community to learn from and to bring to light this unfortunate situation.

Report the domain as stolen to DNProtect (dnprotect dot com) and we will be happy to look into the case and help with recovery.

 

[Jose Nobio]

Great news today, with special thanks to Attorney John Berryhill, Esq. who is a true expert in his field; JixHost.com is in process to be returned back to its rightful owner.

> Dear Parties,
>
> Please find attached the full text of the decision issued on September
> 10, 2021 by the Administrative Panel in the above-referenced case.
>
> The Administrative Panel's finding is as follows:
> "For the foregoing reasons, in accordance with paragraphs 4(i) of the
> Policy and 15 of the Rules, the Panel orders that the disputed domain
> name <jixhost.com> be transferred to the Complainant."

 

[Joe Styler]

GoDaddy: Oct 26, 2020 jixhost.com @Joe Styler @Paul Nicks

From what I read above in the thread it seems like our team investigated and tried to recover the domain via a dispute. At this point the only option would be to contact an attorney. They can weigh in on your legal options. I would choose one familiar with domain names. Some names that come to mind of domain attorneys I would choose myself are @jberryhill Gerald Levine or Karen Bernstein in New York City, and Jason Schaeffer from esqwire.com. Again that is if I was to choose someone to represent me. I am not providing legal advice, any of them can give you legal advice. I am sorry this happened to you.

 

[Lox]

... The last considering factor is …

…. To get the name back and protect your business reputation and at the same time you’re going to protect people from the scammer/s.

IMO

Regards

 

[tonyk2000]

@Jose Nobio - on this stage, you might definitely want to contact a lawyer who is familiar with domain-related matters. Legal section of this forum will help... IMO, the 1st thing the lawyer would recommend will be to stop sharing the info on public forum.

Registrars have seen a lot of sophisticated domain thefts, so it is definitely impossible for them to "take sides" even if you provide more evidence on public forum or in ticket(s). So, going legal way is probably the only method to resolve this.

(I am not a lawyer. Just imho)

 

[Jose Nobio]

@jberryhill I sent an email to you, thank you.

 

[Jose Nobio]

I'm currently in the 10 day waiting period, so by September 30th I expect to have access to my domain again.

 

[Mahogany]

Ive spoken with the OP on another forum before. I can vouch he's being using that brand/domain for many, many years. Best of luck to you brother.

 

[Jose Nobio]

I dont get it so the members there are unaware the site is cloned and stolen? shouldn't someone make it their priority to let them know to immediately stop using the site???? this is just plain weird tale

All existing clients were emailed that day telling them that I was migrating them to my other host, WebsitePlex com, the problem is that new clients don't know as they assume nothing changed and register with Jixhost. I've received reports from old clients that they were getting emails demanding additional amounts of money as well as discounts to pay them for 3 years of advance hosting all the while I'm hosting those clients on my servers.

The hackers got the domain and a copy of the website/whmcs then simply updated payment info. The servers with clients were not accessed or hacked as I changed all logins/passwords and keys.

 

[tonyk2000]

In Rem domain name proceeding in Virginia may be a cheaper option. Should it be successful, Verisign registry will deliver the domain name to you, and no cooperation from either Namecheap or GoDaddy will be required. Why Virginia? Because Verisign, .com registry, is located in Virginia. You'll still need a lawyer though...
P.S. It is what "big boys" like Microsoft use to retreive infringing regs like m1cr0soft .com etc in bulk

 

[alcy]

If you had found @jberryhill immediately after the theft & acted right away, it would have been worth the money.

Over a year Iater, no it is not worth the money. WebsitePlex.com is a better business name then JixHost. JixHost.com without the business is worth $50 or less as it sounds like a non-serious kiddie host.

I'm disappointed with Namecheap.com as I thought they would act with integrity and open up their own independent investigation instead of relying on GoDaddy who we already knew was too big to be helpful. But I thought the smaller & more domainer-friendly Namecheap.com would help because they had a better reputation than terrible GoDaddy.

@Tamar, your Namecheap is just as bad as GoDaddy, too big & "by the book" to be helpful to domainers. You aren't able to bend rigid & outdated policies to do the right thing based on the specific circumstances of a case like JixHost.com

Turns out Namecheap.com is too filled with red-tape to care or flex their policy based on the circumstances. I will be moving my ~1000 domains away from Namecheap.com to a Registry small enough to care & with an owner I can message directly, @Rob Monster at Epik.com. If JixHost had been moved to Epik, you'd have your domain back the first week it was stolen.

Brent Oxley, because you were helped by NamePros, would you please be willing to use your fame & clout to put pressure on Namecheap @create.com ?

Please, everyone with a voice, urge others to move their domains away from Namecheap as I have done at my own forum:
https://hostboards.com/discussion/4455/move-domains-away-from-namecheap-to-epik/p1?new=1

nc does not offer anyway good prices..nor pleasant ui

not even phone support.

I once had bunches of names there. but that was mostly when I began to domain...not knowing there is better

any serious savy seasoned domainer does not have nc as top their list.

they just do not give a damn about remaining competitive with their prices. and the price to pay for that is that clients wont give a.damn.about them. they will just surely fade into non existence.

I'm down to 6.names there..and wont be coming back.unless they move way up on domprices.com

which imo will be never

they will still catch newbies like I once was.into sucking extra cash...which is too bad.
but we all wasted money in some ways when beginning this biz.

not to mention there interface is terribly unfriendly and slow.

 

[MasterOfMyDomains]

I pm @tamar she is namecheap rep. Sorry for your loss, hopefully your name be back in your hands soon.
Thank you for sharing

 

[Jose Nobio]

I dont get it so the members there are unaware the site is cloned and stolen? shouldn't someone make it their priority to let them know to immediately stop using the site???? this is just plain weird tale

The existing client base was notified on the same day and moved to my other host WebsitePlex com. Hacker did not have access to the servers, only the domain & website with whmcs.

 

[branding]

I've gotten quotes from attorneys of $7k to $15k to file a suit in attempt to get a court order in recovering the domain. Is there a less expensive option?

Less expensive? Dunno. But if you want the best in this business contact @jberryhill .

 

[Jose Nobio]

I found the right attorney to handle this, thanks to your recommendations. The last considering factor is if its still viable financially for me to pursue this. Given the tarnished reputation of the domain and very light traffic (I still have access to google analytics for jixhost) I question if it's a good idea to invest several thousand dollars in recovering the domain. Any insight would be appreciated and if there's also a way to know the number of clients hosting with jixhost. Thanks

 

[DeluxeNames.com]

I found the right attorney to handle this, thanks to your recommendations. The last considering factor is if its still viable financially for me to pursue this. Given the tarnished reputation of the domain and very light traffic (I still have access to google analytics for jixhost) I question if it's a good idea to invest several thousand dollars in recovering the domain. Any insight would be appreciated and if there's also a way to know the number of clients hosting with jixhost. Thanks

If you had found @jberryhill immediately after the theft & acted right away, it would have been worth the money.

Over a year Iater, no it is not worth the money. WebsitePlex.com is a better business name then JixHost. JixHost.com without the business is worth $50 or less as it sounds like a non-serious kiddie host.

I'm disappointed with Namecheap.com as I thought they would act with integrity and open up their own independent investigation instead of relying on GoDaddy who we already knew was too big to be helpful. But I thought the smaller & more domainer-friendly Namecheap.com would help because they had a better reputation than terrible GoDaddy.

@Tamar, your Namecheap is just as bad as GoDaddy, too big & "by the book" to be helpful to domainers. You aren't able to bend rigid & outdated policies to do the right thing based on the specific circumstances of a case like JixHost.com

Turns out Namecheap.com is too filled with red-tape to care or flex their policy based on the circumstances. I will be moving my ~1000 domains away from Namecheap.com to a Registry small enough to care & with an owner I can message directly, @Rob Monster at Epik.com. If JixHost had been moved to Epik, you'd have your domain back the first week it was stolen.

Brent Oxley, because you were helped by NamePros, would you please be willing to use your fame & clout to put pressure on Namecheap @create.com ?

Please, everyone with a voice, urge others to move their domains away from Namecheap as I have done at my own forum:
https://hostboards.com/discussion/4455/move-domains-away-from-namecheap-to-epik/p1?new=1

 

[jstubbs3]

Sorry to hear about your loss. Personally speaking, the business (JixHosting) is most likely ruined at this stage and the domain name isn't really worth much.. estimated value is less than $1500 so is that really worth $7 to $15K to chase down a domain name that was stolen by some moron in the middle east who most likely stole it to try and gain some sort of ransom demand / or perform an online scam to collect payments?!?

The best thing to do I'd say is to write it off as a loss and to try and focus on protecting and earning your customer's trust back if at all possible.

I understand you mentioned that the hosting servers were not breached, but think about what you mentioned prior, they took a backup of your WHMCS the main platform that houses your customer's details and account information. Breaching the hosting servers is small potatoes by comparison.

Even if you managed to get the name back it wouldn't be trusted by consumers because of this issue right here. Regular businesses that get hacked have a hard time bouncing back and earning consumer trust, for a "web hosting" business to get hi-jacked and to initially have customer account details stolen is a bad deal that most likely will never bounce back.

Sure email can be breached and have you looked into how that happened? They had to have gained access to a local machine or via some sort of virus to get access to an email account.

Anyway, I feel sorry for you and wish nothing but the best for you moving forward. It's a hard pill to swallow to think about leaving behind a "business" you have had for 12 years, but at this stage, you have to think about moving forward and doing damage control. That business is ruined and while the basics of teaching them a lesson sound good, 9X out of ten that lesson would never get learned by those kinds of people. Sometimes you just have to know when to cut the losses and move on.

 

[noneisnone]

any new updates ?

 

[Jose Nobio]

And here it is

https://www.wipo.int/amc/en/domains/search/text.jsp?case=D2021-2234

 

[tamar]

Yes, I was tagged on this while already investigating the matter. I follow all mentions of the brand here so not to worry, you need not ping me directly, I check daily (yet it's midnight here so I may respond at more reasonable hours, but I will reply).

In terms of this situation, we are sorry to hear about the issue faced with the domain name. It is better to contact either GoDaddy or Namecheap support and ask them what other possible options you have in order to get access to the domain name. In this case, I am not at liberty to disclose anything further as it is a sensitive security matter and this is a public forum, yet I can say it appears like it was a process between two registrars.

I should note that there also isn't any communication our team has seen in 2021 about this issue. Please provide the ticket number if for some reason I am incorrect.

 

[tamar]

I will pass this on. You may want to keep this info more private out of the sensitivity to some of the info shared here.