Hijacked domain

I noticed my domain had been hijacked.

My nameservers were updated to cloudflare a few days ago. I’m still working with my registrar to see how this was possible.

I noticed the name servers had been changed to cloudflare.

I had not been using cloudflare for this specific domain.

I attempted to register the domain in cloudflare and to my surprise I was able to add it to my domain.

I then noticed the configured A records pointing to a webhost in the Netherlands.

A few questions, how does one claim ownership for a domain in Cloudflare?

How was I able to assign the domain to my account if somebody else must have configured before me?

Could my account be compromised and somebody added the domain to my or an account, configured it and removed it but the configuration remained?

Just a note that the name servers changed (the female/male) from when it was hi-jacked to when I took over the domain in cloudflare.

Hijacking a domain would be a two-step process:

  1. A Cloudflare customer adds your domain to their account (this is the easy part).
  2. That same person hacks into your domain registrar and sets your domain to use the two Cloudflare name servers assigned to them. (This is the hard part, and your issue is with your domain registrar).

#1 is the easy part because it doesn’t take effect until the name servers have been switched over. There are many legitimate reasons to let someone add any domain to their account, but remember that it’s a useless effort unless they have domain access at the registrar.


But wouldn’t step 1 prevent me from adding the domain as well?

My registrar replied with “you have not been hacked, nothing to worry about, it was just a bug in our system” :joy:

1 Like

No, a bad actor taking step 1 does not prevent the legitimate domain owner from also taking step 1. The key, as @sdayman mentioned is that taking step 1 is useless unless you also have the ability to take step 2 and change nameservers.

And, big thank you for closing the loop with the detail from your registrar.


But if multiple users define the same domain with different ips… Which configuration is used?

I guess cloudflare is using multiple name servers but if several users end up on the same cloudflare name server… Who’s configuration wins?

Hi @DKTastic,

whichever account has the nameservers set at the domain’s registrar.

A lot of different combinations!

Being on the same nameserver pair is very uncommon, but not impossible. However, the same domain won’t be assigned the same two nameservers on two different accounts.

More info at:


Thank you all. I’m certain the main issue was with my registrar and not with cloudflare.


This topic was automatically closed after 30 days. New replies are no longer allowed.