fake WHOIS record

Forum Moderators: buckworks & webwork

Message Too Old, No Replies

fake WHOIS record

somebody put my e-mail as a contact!

Natashka

12:51 am on Feb 12, 2005 (gmt 0)

Somebody registered 4 domain names with the same names as my .com domains, but with .info extension and put my organization and e-mail address as a contact! I tried contacting the registrar where those domain names where registered, explained them the situation, but never heard back from them. What should I do? It's definitely not a good sign, they are probably up to smth bad, and I don't want to be responsible!

encyclo

12:56 am on Feb 12, 2005 (gmt 0)

Is it the same registrar that you use yourself? Some domain registrars bought up .info domains for their customers on their behalf (to try to get them to continue to pay the renewal fees once the first year was up). This was when regstering .info was free.

You need to get in touch with your registrar to see whether this was the case, or connect to your domain registrar's control panel (if they offer one) to see if the domains are listed under your account.

If it is not the same registrar but your email address is showing as the administrative contact, set up a transfer to grab the domains for yourself and change the nameservers.

Natashka

1:18 am on Feb 12, 2005 (gmt 0)

No, it's not the same registrar, but thanks for your suggestion! I will try to grab those domains, let's see if I succeed...

diamondgrl

1:20 am on Feb 12, 2005 (gmt 0)

This sounds fascinating. Please give an update. And what means did you use to find this out in the first place?

Natashka

3:41 am on Feb 12, 2005 (gmt 0)

Nope, I cannot :( I need to login to make any changes to those domains, but I obviously don't know the username and password. I also need to know user ID to use password remind feature. I contacted eNom (as those are parked eNom domains), but they refer me to the registrar. I also contacted my registrar, where my domains are registered, maybe they will tell me what to do.

I found it out absolutely accidentally, when I was checking through whois if any other extensions for my domain names were still available (not to buy, just from curiosity) and... surprise, surprise!

bill

4:27 am on Feb 12, 2005 (gmt 0)

but I obviously don't know the username and password.

If your e-mail address is used as the Admin contact then I'm sure they have a lost password link...just have them e-mail you the password.

diamondgrl

4:38 am on Feb 12, 2005 (gmt 0)

An interesting situation. Have you tried contacting the owner of the name servers, not just the domain registrar? Is it a major ISP? If so, they might be responsive.

Also, have you done a site:www.example.com on Google to see if there are any pages listed there? Might give you some insight as to what the scammer's game is.

diamondgrl

4:40 am on Feb 12, 2005 (gmt 0)

And you never answered my original question: How did you find out about this?

We might all want to make sure that our email addresses haven't been hijacked similarly. I know I am interested in knowing.

incrediBILL

4:43 am on Feb 12, 2005 (gmt 0)

I need to login to make any changes to those domains

If you need to LOGIN and it's YOUR EMAIL address in the record click LOST ACCOUNT ID then LOST PASSWORD and it should email it to you. If there is an additional challenge to getting that information, contact the registrar about what you have to do to get access to "your accounts" - some will require you to send (fax) a signed statement on your company letterhead, others require something notarized, but the fact that it's your name up there shouldn't make this too challenging.

amznVibe

4:48 am on Feb 12, 2005 (gmt 0)

If your .com was registered at eNom, then they did a gimmick back last year when they registered the .info for free at their other registrar "Sipence". Those domains however should have expired by now and disappeared if you didn't chose to keep them.

If the contact email is your email address, you should not even need to log into that account to get them. You should be able to initiate a transfer via another registrar - the catch is you will need the EPP "key" code, but you might be able to email the registrar and ask them for it.

Last but not least, if the address, phone (and fax) on there is yours and you can prove it with (legal) documentation, domain names can be transfered via paperwork faxed to the right people. You'll have to find out how by digging around here: [afilias.info...]

1milehgh80210

5:43 am on Feb 12, 2005 (gmt 0)

"It's definitely not a good sign, they are probably up to smth bad, and I don't want to be responsible!"

I don't think getting the domain in your control will make you look any less responsible for any bad things done in the past. (maybe more-so)
So maybe there is something else that could be done? anyone?

Natashka

7:07 am on Feb 12, 2005 (gmt 0)

Thanks to everybody for your input.

bill and incrediBILL:

My e-mail is the contact for everything: registrant, Admin, Technical, Billing... There is a lost password feature, but they ask to enter not an e-mail address, but a user ID, which I don't know. And the registrar customer service doesn't answer my emails.

diamondgirl:

How did I find out about it? Like I said, I was just doing a lookup on my own domain names, and noticed that .info domains were also taken, and out of curiosity I decided to see who registered them and... surprise!

As for nameservers, it's eNom. I send them an email and got an answer: "Your domain was acquired through one of our resellers, so you will need to contact them directly for assistance with your domain name, login or DNS assistance. We do not have access to this data."

And no, these sites are not indexed by Google. Those are parked domains.

amznVibe:

You are very close to truth. The domains were registered through Sipence and nameservers are eNom's. It was Sipence customer service that I contacted first and they didn't answer. eNom answered, their reply is above. The domains were registered on September 24, 2004. They haven't expired yet. My registrar is Registerfly. Does Registerfly has smth to do with Sipence and eNom? I opened a ticket with them, no reply so far.

1milehgh80210:

you are absolutely right, actually I don't need those domains! Besides transfer is not free. All I want is my contact information to be removed from those domains, that's all!

amznVibe

3:57 pm on Feb 12, 2005 (gmt 0)

You are very close to truth. The domains were registered through Sipence and nameservers are eNom's. It was Sipence customer service that I contacted first and they didn't answer. eNom answered, their reply is above. The domains were registered on September 24, 2004. They haven't expired yet. My registrar is Registerfly. Does Registerfly has smth to do with Sipence and eNom? I opened a ticket with them, no reply so far.

Sipence IS enom (for example they have the same physical address). eNom uses Sipence as a drop catching registrar and they did the huge free .info registration last year to boost up their registration numbers. Registerfly is enom's largest reseller (despite the interface differences, they use enom for all your registrations).

That domain is actually yours since enom gave all the .info's to the original .com holders. You just missed the notice from them:
[google.com...]

eNom registers the .info equivalents of nearly a million .com domains owned by its customers. Domain name statistics show that eNom registered 950,000 domain names between Sept. 27 and Oct. 4.

Seems we have another thread recently on this too:
[webmasterworld.com...]

Tapolyai

8:01 pm on Feb 12, 2005 (gmt 0)

I had a similar problem.

My domain name was used with rip-off domain "abc.com" and garbage mailbox address as the registrar. But the contact info was "garbage@mydomain.com" where mydomain.com is MY DOMAIN not abc.com's.

The registrar was in China, and as such had no real contact or any sort of information for the record.

The culprit used a different named web site as a rip-off site WITH a spam combo.

S/he sent out spam messages with "abc.com" return address pointing to the web site, and of course administrators trying to find who it is owned by, immediately looked at the whois record of "abc.com".

What was the domain for spamming contact? Mine! So, I received about 200 angry admin messages to my "abuse@mydomain.com" in less then 10 minutes.

Solution? None. I just had to wait it out, until the spammer abbandoned the domain, and the registration. :-(

Natashka

12:57 am on Feb 13, 2005 (gmt 0)

amznVibe, thanks so much for the info! I didn't know that. Now I have to ask Registerfly how to point these domains to my nameservers, since they are mine! and they really should be on my list of active domains :)

Tapolyai, your story is really horrible... I think registrars should do something about it, one thing is to put some bogus in WHOIS, but to put a real person and/or domain as a contact is an absolutely different ball game.

ritch_b

12:16 pm on Feb 15, 2005 (gmt 0)

Fake or incorrect WHOIS information can be reported to Internic, via their Whois Data Problem Report System [wdprs.internic.net], although I can't guarantee whether anything will come of reporting a problem, nor what the outcome might be.

Tapolyai

5:45 pm on Feb 15, 2005 (gmt 0)

I actually reported the abuse to the Registrar, then the Registrar to ICANN. Which in turn told me too bad.

Natashka

9:31 am on Feb 17, 2005 (gmt 0)

ritch_b, thanks for the info. My story had the happy end though :) After a week of writing and complaining to all involved parties, they probably got sick and tired of me LOL and all 4 .info domains are mine now, and I got them for free!