Domain Hijacked form register,com and moved to Cloudflare

General
1

What is the name of the domain?

cantdisclosepublicly.com

What is the issue you’re encountering

Hijacked Domain

What steps have you taken to resolve the issue?

Emailed support/abuse, no luck

What are the steps to reproduce the issue?

Cant…

2

Cant find the edit button, in short I’ve been looking after a freinds domain, and managed it via my Cloudflare DNS account.

His domain was registered with register.com and pointed to Cloudflare Name Servers. My freinds register,com account got hacked, looks like register,com support worker fell victim to the attacker using legitmate id/verification. And it wasnt noticed for some time (who checks emails 24/7!)

The domain has been moved from my cloudflare management to another cloudflare account, and the attacker appears to have moved the domain to Cloudflare, which should help verify it in some ways?

What can i do, who do i need to contact? The only way my freind can verify its his is via phone/ID. As he now has no access to his emails, that was pointed at google apps.

3

You will need to contact your Registrar for this.

See also here for more information:

2 Likes
4

The registrer said to contact cloudflare, as its been transfered out :laughing:

5

Cloudflare can’t help you, your Registrar needs to dispute the transfer.

2 Likes
6

Cloudflare IS the new registar now… thats the problem.

images
images281×180 6.99 KB

Dear,

Thank you for contacting Web.com.

It appears the owner of the domain is using the reverse proxy service provider, Cloudflare, to mask the true IP address of the website. This means we cannot accurately determine the true host of the site and must recommend that you contact Cloudflare directly. Cloudflare will redirect your complaint to the current hosting provider so that it can be addressed accordingly.

Should you have any other questions, please feel free to contact us again.

Kind Regards,
Customer Support

8

Are you able to share the domain name so we could check who’s the domain registrar and what’s the domain status now? :thinking:

Otherwise, questions about Cloudflare Registrar will need to be resolved by the Customer Support team and cannot be resolved on the Community.

To contact the Registrar team, please submit a new support request from your Cloudflare account directly through the Cloudflare dashboard. Visit https://dash.cloudflare.com/?to=/:account/support and choose Cloudflare Registrar.

If you believe this is an abuse, kindly report this to the Cloudflare Abuse:

If it was a Cloudflare account where the domain is registered and hold, the only way you’ll be able to regain access is by having access to the email address of the account.

These links may help, but they only work when logged out

If you know the email: https://dash.cloudflare.com/forgot-password
If you don’t know the email: https://dash.cloudflare.com/forgot-email
If you know the email and have 2FA issues, follow the process here: Two-factor authentication · Cloudflare Fundamentals docs

1 Like
9

Have submitted abuse reports under 18420781,72f2a9a8ab693b2e, 01368964.

Hopefully someone at Cloudflare sees this.

10

almost 24 hours later still no response from cloudflare which is pretty crazy given what’s gone on.

11

I’m sorry, but you’re not looking at this logically. Let me break it down for you.

  1. You purchased your domain with Register.com, meaning the domain is in their care, under the protection of your Register.com account – the only place where the domain can be unlocked and where the transfer authorization code can be retrieved from.

  2. Someone, somehow, managed to access your Register.com account, unlocked the domain, picked up the transfer authorization code from your account, and transferred it to Cloudflare (could be any other registrar, the destination is not that important here).

And you’re saying Cloudflare is somehow responsible for this and can return the domain back to your register.com account? Does Cloudflare even have any knowledge that you owned this domain?

This makes no sense at all.

Have you asked Register.com how the transfer occurred in the first place? How did whoever did the transfer even manage to access your Register.com account, unlock the domain, retrieve the authorization code and transfer the domain – all from your Register.com account?

You’re either not asking Register.com the right and hard questions, or you’re not talking to the right people. And you shouldn’t be regurgitating whatever they tell you when it makes absolutely no sense at all.

1 Like
12

This response is about who is hosting the site, and has nothing to do with the domain name itself.

Again, you’re either not asking Register.com the right questions… or you’re talking to someone who has no clue what they’re saying.

And for all we know, the domain may have expired and someone merely registered it!

1 Like
13

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.