Note by Lothos : I did not write this article. It was originally published in KV14. I formatted it in html, and added bold where I wanted something to stand out.
I had my domain name stolen by squatters. Now, before you start complaining that I should have renewed it if I wanted to keep it, let me explain. When your domain expires, it goes into a redemption period where it can be renewed. In my case, the redemption period was cut short and I was unable to renew my domain. My domain was stolen by a group of squatters who also happen to be spammers, pornographers, and domain registrars. How this group became domain registrars is beyond me.
Now, before I get ahead of myself, a little background information and some detective work:
This is the relevant whois data from my domain:
Sponsoring Registrar:Intercosmos Media Group Inc. (R48-LROR) Registrant ID:ODN-676871 Registrant Name:Orion Web Registrant Organization:Orion Web Registrant Street1:1st Floor Muya House Registrant Street2:Kenyatta Ave. Registrant Street3:p. o. box 4276-30100 Registrant City:Eldoret Registrant State/Province:KE Registrant Postal Code:30100 Registrant Country:KE Registrant Phone:+254.0735434737 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:info@kenyatech.com
The admin and tech contacts are the same as above.
Name Server:NS0.DIRECTNIC.COM Name Server:NS1.DIRECTNIC.COM
This shows that a company called Orion Web in Kenya, Africa now owns my domain. Pulling up the web page for my domain shows a page filled with ads, with a "Click here to buy this domain" button that leads to www.kenyatech.com, the company that now owns my domain name. They also own lots of other domain names. Lots and lots, in the range of 140,000 or more.
Kenyatech claims that they're located in Kenya, Africa. They also accept PayPal. Paypal does not do business with firms located in Kenya. Using GeoBytes reports that the ip address for www.kenyatech.com, 209.16.83.2, is located in Larose, Louisiana. Looking up the same address in the ARIN database shows this IP is assigned to I-55 Internet Services in Hammond, Louisiana. [ Note by lothos: I-55 Internet shares a datacenter with DirectNIC / Intercosmos according to this Wired article ]
A little research on the www.kenyatech.com site, browsing through all the domains, shows a few patterns. The oldest dated domain I could find registered to them was in August of 2004. The most current I could find was August 23 2005, a week before this writing. Most are registerd to kenyatech, but some of the older ones are registered to:
NOLDC, Inc. 838 Camp Street 4th Floor New Orleans, LA 70130 US 504-523-0360
Some of the domains are registered to Domain Contender, with the majority being registered through InterCosmos Media Group, DBA directnic.com. Curious about where they're from? They're both owned by the same people, and the address is:
650 Poydras Street Suite 1150 New Orleans, LA 70130 US (504) 679-5170
Is it just me, or is there a pattern developing with all these Louisiana addresses?? The Camp Street address and the Poydras street address are within blocks of each other.
I filled out a form on www.kenyatech.com offering to buy the domain for $50. This offer was turned down. They instead suggested that I pay $300 plus a $30 fee, according to the following:
Hello, NOLDC, Inc. accepts wire, money order or certified or cashiers check (international checks please add an additional US$50 processing fee) only. Checks and money orders must be made payable to NOLDC, Inc., and sent to: NOLDC, Inc. 838 Camp St., 4th Floor New Orleans, Louisiana 70130 NOLDC, Inc. Wire Information (Note: Please be sure to add wire fees to final price of domain purchase. Also, be sure to include the domain name that you are purchasing in the Additional Information Section.) Wire Fees for US Banks is $10.00 Wire Fees for Banks outside of the US is $50.00 Bank: Hibernia Bank 2412 Manhattan Blvd Harvey, La 70058 USA ABA#: 065000090 Account#: 2080083613 Swift Code: HIBKUS44 Beneficiary: NOLDC, Inc. 650 Poydras St Ste 1150 New Orleans, La 70130 USA Sincerely- NOLDC, Inc.
This links the Camp Street address with the Poydras Street address, by their own admission. Now, who owns Intercosmos a.k.a directnic.com, who owns Domain Contenders, and who owns NOLDC, Inc? A man by the name of Sigmund Solares. I suspect that kenyatech.com is also owned by Sigmund Solares, given all the evidence provided above. Sigmund Solares has a history of domain squatting, and a history of hiding behind non-existant entities for the purpose of hiding his squatting. This WIPO arbitration decision clearly outlines this:
Complainant claims that Respondent has no rights or legitimate interests in the disputed domain name. According to Complainant, this conclusion is suggested by Respondent's name: "Legal Services." Additionally, based on an investigation conducted by Complainant, Complainant claims that Legal Services is a fictitious identity adopted for the sole purpose of registering the disputed domain name. According to the investigation report there is no business by the name of Legal Services at the address listed in the .biz Whois database. Further, there is no business by the name of Legal Services at the address provided in the registration information. The only business listing found at that address is a business called "Ingrid's Beauty Salon." Likewise, the telephone number listed in the .biz Whois database is the number for an individual named "Sigmund Solares" who claims that he is not affiliated with Respondent. In fact, according to Complainant, Sigmund Solares is a principal in and primary contact for the Registrar of Respondent's domain name. Based on the above, Complainant asserts that Respondent has taken active steps to conceal its true identity and provided false contact details in connection with its domain name registration. Complainant concludes that the use of false and misleading contact information suggests that the domain name was registered for improper purposes.
Complainant also asserts that the fact that its trademark has a strong
reputation and is widely known is further support of Respondent's bad faith.
Finally, Complainant notes that the administrative, billing and technical
contacts for the registration is Joseph Tambert whose e-mail address is
listed as "josephtambert@homeville.com". Complainant states that the
website at SOURCE:
http://arbiter.wipo.int/domains/decisions/html/2002/dbiz2002-00190.html
Joseph Tambert may be Sigmund's partner. This is his address: Notice the Camp Street? Sigmund and Joseph are linked together on the
whois info for fbi.biz, as well as the above arbitration case. Joseph's
email address, as explained in the above WIPO arbitration quote, links to
a pornographic website. Sigmund's email, as listed on the whois for
sigmundsolares.com, also points to a porn site. This group has had IP
addresses blocked for sending spam. They have a history of domain
squatting. How the hell did they become domain registrars?
As domain registrars, this gives them access to the whois database. I
believe that they use that access to aquire a list of domains entering the
expiration period. They would then be able to flag that domain as being
under their control, allowing them to transfer ownership to the Kenyatech
entity and cutting short the redemption period.
There is also evidence that suggests they abuse the whois database.
The
whois database is used to find information on a domain name, including if
it is available for purchase. They may have access to what names are
looked up, and if it is available, and there is evidence to suggest that
they register these names for themselves before others have a chance to.
[ note by lothos: more info on that at
icann.org]
They also have a script on every domain they own, to judge the domain's
popularity. This script stores its data on a machine owned by
directnic.com. The more popular sites have to pay more money to buy the
domain back. I have seen less popular sites go for as little as $50, and
I've seen some offers of a thousand dollars turned down. The more popular
sites are renewed, and the less popular are allowed to expire. Being
domain registrars, they might not have had to pay anything to aquire the
144,000+ domains they own.
So, what can you do? If your domain was snatched, by all means don't
visit it or the kenyatech web site. Hopefully it will be allowed to
expire. Contact anyone linking to your website, and have them change the
link. If you have a popular domain, your only hope may be to go through
arbitration, or sue. There is a class action lawsuit being organized by
rederon.net. Complain to
ICANN.org,
and hopefully we can have their domain registrar status revoked. By all
means, don't pay them and support their bad habits!
Joseph Tambert
838 Camp Street
New Orleans
[ Update by lothos: the whois info on my stolen domain now shows
NS0.EXPIREDDOMAINSERVICES.COM and NS1.EXPIREDDOMAINSERVICES.COM as the
nameservesr. The ExpiredDomainServices.com domain is owned by:
Registrant:
InterCosmos Media Group, Inc.
650 Poydras St
Suite 1150
New Orleans, LA 70130
US
504-679-5170
This shows a more direct link between the stolen domains and InterCosmos
Media Group aka DirectNIC.com aka Sigmund Solares ]
Back to RootFest