NameSilo

The domain JixHost.com was hijacked and stolen to another registrar

Located in Legal Discussion, started by Jose Nobio, May 3, 2021 at 11:46 PM

Replies:
49
Views:
1,171

  1. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,279
    Likes Received:
    3,859
    At least, you probably should fill a police report. Would not harm. (not a legal advice).

    The registrars need to select between various scenarios:

    - domain was stolen

    - domain was not stolen, but somebody representing himself as mr. Jose [not real mr. Jose] is trying to steal it right now

    - there is a business dispute between former business partners

    - etc, etc, etc

    How the registrars can decide what really happened? They do not have full picture. Moreover, being IT professionals, they might ask how was it possible to steal the whole webhosting business by just obtaing access to domain name? There are tons of other things. Servers. Domain reselling. Billing agreements (recurring). Bank, paypal, merchant accounts. Just to name a few.

    Please do not disclose extra details here on public forum though...

    The registrars cannot decide here. They, however, must do whatever the appropriate court prescribes them to. IMO.
     
    Last edited: May 4, 2021 at 5:12 PM
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Daniel Owens

    Daniel Owens Top Contributor VIP Gold Account

    Posts:
    16,760
    Likes Received:
    1,321
    Always be careful before pushing domains and make sure you keep domains you own. From time to time an accidental push can occur. If it does you must contact register same day rather than this issue contacting last year.
     
  3. DeluxeNames.com

    DeluxeNames.com Established Member Trusted Contest Holder ★★★★★★★★★★

    Posts:
    372
    Likes Received:
    47
    I've been a member here at NamePros since 2003 (Trusted Contest Holder, Trader Satisfaction 100%) & known Jose personally from our webhosting businesses for the past 3 years. I can vouch for him that he's an honest man and is the real owner of JixHost. I've seen the evidence & am 100% certain that Jose is correct.

    I saw how this community was able to put pressure on GoDaddy to release Brent Oxley's domains & I'm hoping we can do the same for Jose. Jose was posting for help from 2020 on the wrong forum & I told him that NamePros is the industry's #1 Domain Forum:
    https://www.webhostingtalk.com/showthread.php?t=1833325

    In this case it wasn't an accidental "push."
    Unfortunately Jose didn't have 2 Factor Authentication on his email account and the hacker was able to use it during the times that Jose was sleeping to transfer JixHost and almost other domains. The hacker (we think from Iraq) messed up by not deleting one of the transfer confirmation emails which Jose discovered.

    But it was too late for Jixhost. The hacker was able to clone Jose's website to fool new sign-ups from the YEARS of YouTube videos, Google ads, and links Jose has put in place.
    Check out Jose's video from the morning he discovered that JixHost had been stolen:


    Thank you for any ideas, especially how to put pressure on Namecheap.com to do the right thing and open up their own investigation (GoDaddy appears somewhat useless in fighting for Jose's Domain).

    I'm confident Namecheap will act with integrity in this matter as they are one of the best domain registrars that fight for fairness.
     
    Last edited: May 4, 2021 at 8:30 PM
  4. Mahogany

    Mahogany Top Contributor VIP

    Posts:
    2,650
    Likes Received:
    1,082
    Ive spoken with the OP on another forum before. I can vouch he's being using that brand/domain for many, many years. Best of luck to you brother.
     
  5. Lox

    Lox _____ VIP Gold Account

    Posts:
    3,196
    Likes Received:
    5,258
    Last edited: May 4, 2021 at 8:50 PM
  6. alcy

    alcy Top Contributor VIP

    Posts:
    19,152
    Likes Received:
    33,083
    I dont get it so the members there are unaware the site is cloned and stolen? shouldn't someone make it their priority to let them know to immediately stop using the site???? this is just plain weird tale
     
  7. Lox

    Lox _____ VIP Gold Account

    Posts:
    3,196
    Likes Received:
    5,258
    lol
     
  8. Daniel Owens

    Daniel Owens Top Contributor VIP Gold Account

    Posts:
    16,760
    Likes Received:
    1,321
    Should I signup for hosting there? Also, are you sure about the push process?
     
  9. Jose Nobio

    Jose Nobio New Member

    Posts:
    16
    Likes Received:
    17
    All existing clients were emailed that day telling them that I was migrating them to my other host, WebsitePlex com, the problem is that new clients don't know as they assume nothing changed and register with Jixhost. I've received reports from old clients that they were getting emails demanding additional amounts of money as well as discounts to pay them for 3 years of advance hosting all the while I'm hosting those clients on my servers.

    The hackers got the domain and a copy of the website/whmcs then simply updated payment info. The servers with clients were not accessed or hacked as I changed all logins/passwords and keys.
     
  10. Jose Nobio

    Jose Nobio New Member

    Posts:
    16
    Likes Received:
    17
    The existing client base was notified on the same day and moved to my other host WebsitePlex com. Hacker did not have access to the servers, only the domain & website with whmcs.
     
  11. DirkS

    DirkS DutchPirates.com VIP

    Posts:
    6,921
    Likes Received:
    5,780
    Less expensive? Dunno. But if you want the best in this business contact @jberryhill .
     
  12. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    2,279
    Likes Received:
    3,859
    In Rem domain name proceeding in Virginia may be a cheaper option. Should it be successful, Verisign registry will deliver the domain name to you, and no cooperation from either Namecheap or GoDaddy will be required. Why Virginia? Because Verisign, .com registry, is located in Virginia. You'll still need a lawyer though...
    P.S. It is what "big boys" like Microsoft use to retreive infringing regs like m1cr0soft .com etc in bulk
     
  13. Joe Styler

    Joe Styler Aftermarket Product Manager GoDaddy Staff Afternic Staff PRO VIP

    Posts:
    2,245
    Likes Received:
    4,610
    From what I read above in the thread it seems like our team investigated and tried to recover the domain via a dispute. At this point the only option would be to contact an attorney. They can weigh in on your legal options. I would choose one familiar with domain names. Some names that come to mind of domain attorneys I would choose myself are @jberryhill Gerald Levine or Karen Bernstein in New York City, and Jason Schaeffer from esqwire.com. Again that is if I was to choose someone to represent me. I am not providing legal advice, any of them can give you legal advice. I am sorry this happened to you.
     
  14. Lox

    Lox _____ VIP Gold Account

    Posts:
    3,196
    Likes Received:
    5,258
    Thanks J! Have a nice day!
     
  15. LUP

    LUP Top Contributor VIP

    Posts:
    2,968
    Likes Received:
    763
    That's a very clever answer from Domain Priced Right. Please contact the robber who stole your domain and beg him to hand it over
     
  16. PhongSGC

    PhongSGC Top Contributor VIP

    Posts:
    2,331
    Likes Received:
    908
    2021 will be a disasters for domainers too, beside covid-19, we heard many big domain hacks
     
  17. alcy

    alcy Top Contributor VIP

    Posts:
    19,152
    Likes Received:
    33,083
    so they are asking members for extra money etc..scam as much as possible.

    I think u need to resolve this asap as there is chance if people get scammed there they may after u for refunds or legal case. as they still believe u run biz... with all yer info there..name etc I assume.

    it may take u time to recover name but in meantime u should explore other venues to basically get the site shutdown.

    u have enuf proof the site is not ran by u.

    try to find out how to get site offline.. those members need to be protected..u just cant let them be on a stolen cloned site...this is unbelievable..

    and frankly u not trying to call police or other proper authorities just to shut down site is abnormal to me. protecting your clients should be yer priority. now u just left them on scam site ..with extra payment demands etc..all their personal info compromised too.
     
  18. barybadrinath

    barybadrinath Top Contributor VIP

    Posts:
    769
    Likes Received:
    1,010
    1) you must file a police complaint and send the complaint copy to both GoDaddy and namecheap.

    2) ask namecheap to restrict the domain name from moving out to another registrar.

    3) ask namecheap why are they not transferring the domain back when you raised a domain transfer dispute. What reason did they give you ? Send them police/court complaint copy.

    4) You must secure auto debit monthly payment approvals of your customers. Inform your bank as well to not allow any unauthorised transaction from your company bank account associated at backend of your website.

    5) take ip address details from GoDaddy which was used to approve the transfer from your email id.

    6) is there any of your employee who left recently ? Or is there any employee whom you fired and was kind of angry with you.

    7) Ask any of your customer to make an additional payment of hosting as asked by thief , and then ask feds to trace the money flow upto the bank account and associated address with it .

    This is not just a domain theft . They are after your business.
     
  19. Jose Nobio

    Jose Nobio New Member

    Posts:
    16
    Likes Received:
    17
    I had made a report to IC3.gov (FBI), made YouTube videos, emailed all clients, reported abuse to Namecheap and HostGator (their host), posted in forums and company Facebook and twitter accounts.
     
  20. Jose Nobio

    Jose Nobio New Member

    Posts:
    16
    Likes Received:
    17
    1. Reported to IC3 (FBI)
    2. Namecheap has not suspended the domain when I reported abuse to them.
    3. They would not communicate to me and referred me to GoDaddy
    4. Auto payments were fine, new payments by a few clients that were not aware had their accounts suspended by the original website/billing system still accessible by me via IP. I edited the suspended page to direct the client to call or email me so I could explain the situation to them including suggesting they file a chargeback if payment was made.
    5. GoDaddy said I needed a court order for any Information.
    6. I have no employees.
    7. Feds have not responded to my complaint, I obtained their email associated to their PayPal account via a screen shot from a client that had paid them inadvertently. If you go to the website now and go through checkout, their PayPal account email would be revealed.
     
  21. alcy

    alcy Top Contributor VIP

    Posts:
    19,152
    Likes Received:
    33,083
    dont u find it odd they targeted u for yer business..and not because for domain value per se... do u wonder if it could be someone u know... who knew about profitability of yer site?

    I mean isn't it safe to conclude the thief knew b4 stealing yer name that they would clone yer site and run it?
     
  22. LUP

    LUP Top Contributor VIP

    Posts:
    2,968
    Likes Received:
    763
    @tamar namecheap should to freeze outgoing transfers and name server changes are not allowed until this case is closed
     
  23. Jose Nobio

    Jose Nobio New Member

    Posts:
    16
    Likes Received:
    17
    I feel that 11 years of history with over 20k registrants in the database, coupled with marketing attracted not only clients but criminals as well. The mistake I made was that I did not have 2FA enabled and I did not disable password reset in cPanel. My domain email account was compromised so it was simply password resets via email to gain access to my registrar to initiate transfer and cPanel to download a backup.
     
  24. jberryhill

    jberryhill Top Member John Berryhill, Ph.d., Esq. PRO VIP ★★★★★★★★★★

    Posts:
    2,490
    Likes Received:
    4,668
    Yes, and within around 40 days from start to finish.

    Pursuing a transfer dispute in this type of situation is usually a pointless waste of time, since the transfer is likely to have been technically compliant, and to have likely used compromised email accounts which the registrars are required to regard as authoritative.

    The transfer dispute process is most likely to go nowhere. If your email address was compromised, the transfer was technically compliant, and that is the end of the story there.

    Furthermore, providing registrars with police reports is just a fancy way of packaging allegations which registrars have no way of knowing are true or not.

    Since the domain name was used in the course of distinguishing your business, it obviously functioned as a trademark and it is surprising that none of the attorneys with whom you spoke recommended the obvious and less expensive course of action.

    You might want to review the facts of these cases, and counsel identified in them.

    This is a common fact pattern. If the attorneys with whom you have consulted thus far are unfamiliar with how to address this issue, you may be speaking with the wrong attorneys.

    Have a look at the highlighted facts below:

    https://www.adrforum.com/DomainDecisions/1008008.htm

    Complainants are HandHeld Entertainment and Kieran O'Neil (collectively, “Complainant”), represented by John Berryhill

    ...

    HandHeld Entertainment recently acquired Mr. O’Neill’s website, domain name, and the goodwill associated with the HOLYLEMON mark. The website is now a wholly owned subsidiary of HandHeld Entertainment. The Panel will hereinafter refer to HandHeld Entertainment and Mr. O’Neill collectively as “Complainant.”

    At some point after entering into its asset purchase agreement with HandHeld Entertainment, Mr. O’Neill encountered difficulties logging into his e-mail account and soon thereafter discovered the he could no longer access the <holylemon.com> domain name, and that the domain name was somehow also transferred to another registrar. Mr. O’Neill believes this was the result of using public Wi-Fi Internet access while traveling to meet with HandHeld Entertainment.

    ...

    Because Respondent has hijacked the <holylemon.com> domain name from Complainant and is using it to operate a website virtually identical to the website Complainant previously operated at the domain name in dispute, the Panel finds that Respondent has registered and is using the disputed domain name for the primary purpose of disrupting Complainant’s business pursuant to Policy ¶ 4(b)(iii).

    https://www.adrforum.com/DomainDecisions/1623023.htm

    Complainant is John Dilks (“Complainant”), represented by John Berryhill

    ...

    Respondent has illegally hijacked the domain name and listed itself as the registrant, rather than Complainant. Respondent continues to transfer the domain name to different registrars in an effort to conceal Respondent’s true identity and to prevent easy recovery of the domain name. In an effort to conceal the hijacking, the disputed domain name has resolved to Complainant’s own website at all times. Where the complainant was the former owner of the domain name, this raises a rebuttable presumption of bad faith registration and use even when the domain name still resolves to Complainant’s web site. See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”); see also Verizon Trademark Servs. LLC v. Boyiko, FA 1382148 (Nat. Arb. Forum May 12, 2011) (“The Panel finds that Respondent’s registration and use of the confusingly similar disputed domain name, even where it resolves to Complainant’s own site, is still registration and use in bad faith pursuant to Policy ¶4(a)(iii).”). Respondent’s actions constitute find bad faith under Policy ¶4(a)(iii).

    https://www.adrforum.com/DomainDecisions/1633946.htm

    Complainant is Michael Evans and Chord Consulting Inc. d/b/a XAG (“Complainant”), represented by John Berryhill

    ...

    Complainant alleges that it previously owned the registration for the <xag.com> domain name, and that Respondent only acquired the domain name through theft by compromising Complainant’s administrative e-mail address in order to authorize a registration transfer. While past panels have not seen many instances of similar domain name theft, they have found that there is a likelihood of bad faith when a complainant previously owned a domain name and no longer does, unless there is evidence to suggest a lack of bad faith. See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”). Therefore, given Respondent’s failure to respond, the Panel finds that Respondent registered and uses the <xag.com> domain name in bad faith pursuant to Policy ¶ 4(a)(iii).


    ----------------

    The UDRP elements are straightforward:

    1. Trademark Rights

    "Jixhost" is obviously a distinctive and longstanding mark for the service.

    2. Legitimate Rights

    The respondent has no legitimate rights in a stolen name

    3. Bad Faith Registration and Use

    Obviously, stealing a name constituted bad faith registration

    You will hear some people say "you can't use the UDRP for a stolen domain name." That is nonsense. What you can't do is to use the UDRP for a stolen domain name if you did not have trademark rights in the term. The UDRP does not require a registered mark, but provable common law rights in a distinctive term are sufficient.

    And, finally, if you are approached by anyone selling "domain name insurance" ask to see whatever license they have obtained from the state where they are operating.
     
    Last edited: May 5, 2021 at 3:01 PM
  25. Jose Nobio

    Jose Nobio New Member

    Posts:
    16
    Likes Received:
    17

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
biix
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...