Note by Lothos : I did not write this article. It was originally published in KV14. I formatted it in html, and added bold where I wanted something to stand out.

Squatters Exposed!

by anonymous

I had my domain name stolen by squatters. Now, before you start complaining that I should have renewed it if I wanted to keep it, let me explain. When your domain expires, it goes into a redemption period where it can be renewed. In my case, the redemption period was cut short and I was unable to renew my domain. My domain was stolen by a group of squatters who also happen to be spammers, pornographers, and domain registrars. How this group became domain registrars is beyond me.

Now, before I get ahead of myself, a little background information and some detective work:

This is the relevant whois data from my domain:

Sponsoring Registrar:Intercosmos Media Group Inc. (R48-LROR)
Registrant ID:ODN-676871
Registrant Name:Orion Web
Registrant Organization:Orion Web
Registrant Street1:1st Floor Muya House
Registrant Street2:Kenyatta Ave.
Registrant Street3:p. o. box 4276-30100
Registrant City:Eldoret
Registrant State/Province:KE
Registrant Postal Code:30100
Registrant Country:KE
Registrant Phone:+254.0735434737
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:

The admin and tech contacts are the same as above.


This shows that a company called Orion Web in Kenya, Africa now owns my domain. Pulling up the web page for my domain shows a page filled with ads, with a "Click here to buy this domain" button that leads to, the company that now owns my domain name. They also own lots of other domain names. Lots and lots, in the range of 140,000 or more.

Kenyatech claims that they're located in Kenya, Africa. They also accept PayPal. Paypal does not do business with firms located in Kenya. Using GeoBytes reports that the ip address for,, is located in Larose, Louisiana. Looking up the same address in the ARIN database shows this IP is assigned to I-55 Internet Services in Hammond, Louisiana. [ Note by lothos: I-55 Internet shares a datacenter with DirectNIC / Intercosmos according to this Wired article ]

A little research on the site, browsing through all the domains, shows a few patterns. The oldest dated domain I could find registered to them was in August of 2004. The most current I could find was August 23 2005, a week before this writing. Most are registerd to kenyatech, but some of the older ones are registered to:

 NOLDC, Inc.
 838 Camp Street
 4th Floor
 New Orleans, LA 70130

Some of the domains are registered to Domain Contender, with the majority being registered through InterCosmos Media Group, DBA Curious about where they're from? They're both owned by the same people, and the address is:

 650 Poydras Street
 Suite 1150
 New Orleans, LA 70130
 (504) 679-5170

Is it just me, or is there a pattern developing with all these Louisiana addresses?? The Camp Street address and the Poydras street address are within blocks of each other.

I filled out a form on offering to buy the domain for $50. This offer was turned down. They instead suggested that I pay $300 plus a $30 fee, according to the following:


 NOLDC, Inc. accepts wire, money order or certified or cashiers check
 (international checks please add an additional US$50 processing fee) only.

 Checks and money orders must be made payable to NOLDC, Inc., and sent to:

 NOLDC, Inc.
 838 Camp St., 4th Floor
 New Orleans, Louisiana 70130

 NOLDC, Inc. Wire Information
 (Note: Please be sure to add wire fees to final price of domain purchase. 
 Also, be sure to include the domain name that you are purchasing in the 
 Additional Information Section.)
 Wire Fees for US Banks is $10.00
 Wire Fees for Banks outside of the US is $50.00

 Bank: Hibernia Bank
 2412 Manhattan Blvd
 Harvey, La 70058

 ABA#: 065000090
 Account#: 2080083613
 Swift Code: HIBKUS44

 Beneficiary: NOLDC, Inc.
 650 Poydras St Ste 1150
 New Orleans, La 70130

 NOLDC, Inc.

This links the Camp Street address with the Poydras Street address, by their own admission. Now, who owns Intercosmos a.k.a, who owns Domain Contenders, and who owns NOLDC, Inc? A man by the name of Sigmund Solares. I suspect that is also owned by Sigmund Solares, given all the evidence provided above. Sigmund Solares has a history of domain squatting, and a history of hiding behind non-existant entities for the purpose of hiding his squatting. This WIPO arbitration decision clearly outlines this:

Complainant claims that Respondent has no rights or legitimate interests in the disputed domain name. According to Complainant, this conclusion is suggested by Respondent's name: "Legal Services." Additionally, based on an investigation conducted by Complainant, Complainant claims that Legal Services is a fictitious identity adopted for the sole purpose of registering the disputed domain name. According to the investigation report there is no business by the name of Legal Services at the address listed in the .biz Whois database. Further, there is no business by the name of Legal Services at the address provided in the registration information. The only business listing found at that address is a business called "Ingrid's Beauty Salon." Likewise, the telephone number listed in the .biz Whois database is the number for an individual named "Sigmund Solares" who claims that he is not affiliated with Respondent. In fact, according to Complainant, Sigmund Solares is a principal in and primary contact for the Registrar of Respondent's domain name. Based on the above, Complainant asserts that Respondent has taken active steps to conceal its true identity and provided false contact details in connection with its domain name registration. Complainant concludes that the use of false and misleading contact information suggests that the domain name was registered for improper purposes.

Complainant also asserts that the fact that its trademark has a strong reputation and is widely known is further support of Respondent's bad faith. Finally, Complainant notes that the administrative, billing and technical contacts for the registration is Joseph Tambert whose e-mail address is listed as "". Complainant states that the website at is a pornographic website. Thus, Complainant claims that a risk exists that Complainant's valuable and well-known trademark and service mark will be associated with a pornographic site and will be tarnished as a result.


Joseph Tambert may be Sigmund's partner. This is his address:

Joseph Tambert
838 Camp Street
New Orleans

Notice the Camp Street? Sigmund and Joseph are linked together on the whois info for, as well as the above arbitration case. Joseph's email address, as explained in the above WIPO arbitration quote, links to a pornographic website. Sigmund's email, as listed on the whois for, also points to a porn site. This group has had IP addresses blocked for sending spam. They have a history of domain squatting. How the hell did they become domain registrars?

As domain registrars, this gives them access to the whois database. I believe that they use that access to aquire a list of domains entering the expiration period. They would then be able to flag that domain as being under their control, allowing them to transfer ownership to the Kenyatech entity and cutting short the redemption period.

There is also evidence that suggests they abuse the whois database. The whois database is used to find information on a domain name, including if it is available for purchase. They may have access to what names are looked up, and if it is available, and there is evidence to suggest that they register these names for themselves before others have a chance to. [ note by lothos: more info on that at]

They also have a script on every domain they own, to judge the domain's popularity. This script stores its data on a machine owned by The more popular sites have to pay more money to buy the domain back. I have seen less popular sites go for as little as $50, and I've seen some offers of a thousand dollars turned down. The more popular sites are renewed, and the less popular are allowed to expire. Being domain registrars, they might not have had to pay anything to aquire the 144,000+ domains they own.

So, what can you do? If your domain was snatched, by all means don't visit it or the kenyatech web site. Hopefully it will be allowed to expire. Contact anyone linking to your website, and have them change the link. If you have a popular domain, your only hope may be to go through arbitration, or sue. There is a class action lawsuit being organized by Complain to, and hopefully we can have their domain registrar status revoked. By all means, don't pay them and support their bad habits!

[ Update by lothos: the whois info on my stolen domain now shows NS0.EXPIREDDOMAINSERVICES.COM and NS1.EXPIREDDOMAINSERVICES.COM as the nameservesr. The domain is owned by:

 InterCosmos Media Group, Inc.
 650 Poydras St
 Suite 1150
 New Orleans, LA 70130

This shows a more direct link between the stolen domains and InterCosmos Media Group aka aka Sigmund Solares ]

Back to RootFest