Unauthorized domain pointer?

Posted on 2005-04-25
1 Ratings
Last Modified: 2013-11-18
I have a website that I have developed for photo scanning and DVD slideshow services, I was looking through my statistics this morning, and while looking through referring URLs I noticed this website: When I went to the website, I was shocked to see that it was what seemed to be a pointer or alias to my website. All of the functionality works so I don't think it could be a copy unless they copied all of my database tables, changed the scripts that call them, etc.

Does anyone know why someone would do this? Could it be a mistake?
Question by:PLavelle
    LVL 3

    Expert Comment

    It probably isn't a mistake.  I've heard of people doing this for a variety of reasons; most of which are not virtuous.  Sometimes it is a lazy person who liked your site and basically lifted it from you.  Other times it is somebody who is trying to trick people into believing it is your site and scam information off of your users.

    Either way, I would watch it and possibly send their ISP a letter of complaint.
    LVL 29

    Expert Comment

    >Does anyone know why someone would do this? Could it be a mistake?

    It is clearly no mistake and all your customers are at risk of identity theft.

    You need to run, don't walk to your ISP and attorney.  You can block their ip after the investigation.
    LVL 33

    Expert Comment

    Agreed.  This is much more than a case of someone copying your design.  In addition to the above, you should consider reporting this to the major search engines (Google, Yahoo, MSN) as mirror sites with duplicate content can harm your rankings.  With Google (for example), you can either file a Trademark Complaint ( or a spam report ( or both.  In either case, be sure to make it very clear that the other site is an unauthorized copy of your site.

    You can do the same with Yahoo ( or MSN (

    Author Comment

    Thanks for the help guys. I wrote some code to redirect to my real web site if the domain name does not contain I'll try those links that you provided as well, humeniuk.

    I contacted my hosting company,, and they said that there wasn't anything they could do. I have emailed all of the people I could find in the whois record about the problem, but no one has responded yet. I don't have any sensitive information in my database so my customers are not in any danger.
    LVL 33

    Expert Comment

    Keep it posted as to how it goes.

    Author Comment

    Unforunately, the problem was never corrected, and the domain still points to my IP address. I redirect to a page that displays "unauthorized request" if the request is coming from that domain. I have tried to contact everyone I could find but no one has responded.
    LVL 29

    Expert Comment

    I would have to agree the question has been abandoned, regardless of your current situation.

    Your questions was: Does anyone know why someone would do this? Could it be a mistake?

    1. They do it to commit fraud
    2. It is no mistake.

    Further advice beyond the scope of the original question was given and there has been no indication from you what you have or have not specifically done to address the issue.

    I would say your question was answered, however had you continued to participate the experts here would likely have helped further with the benefit of their experience.

    You have to participate as well.


    Author Comment

    What? There was clear indication from me as to what I specifically did to address the issue. The post on "Date: 04/26/2005 06:42AM PDT" stated exactly what I did. I continued to participate as much as I could, but nothing else at this point could be done. If you read my last post and had any other ideas, you should have posted them. Otherwise, I was waiting for a response from someone to my emails.

    So what would you have recommended, Rod?
    LVL 33

    Accepted Solution

    Sorry to see this isn't resolved.  A little more digging:

    Here's the server header for (via

    Header (Length = 393):
    HTTP/1.1 302 Found
    Connection: close
    Date: Thu, 26 May 2005 19:10:05 GMT
    Server: Microsoft-IIS/6.0
    MicrosoftOfficeWebServer: 5.0_Pub
    X-Powered-By: ASP.NET
    X-AspNet-Version: 1.1.4322
    Set-Cookie: ASP.NET_SessionId=s0rf2d45sxd5pde3cyldp4ar; path=/
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Content-Length: 158

    Content (Length = 158):
    <html><head><title>Object moved</title></head><body>
    <h2>Object moved to <a href=''>here</a>.</h2>

    So basically, there is now a 302 (temporary) redirect set up on this domain to your 'unauthorized.htm' page - not quite the same thing as before.

    The other interesting element is that both domains resolve to the same IP.  You can do an IP lookup here - perhaps this  will give you some additional contact info that you can use to pursue this.

    Here's an except from WhoIs lookup for that domain:

        Domain Name:

            Paul Thomas

        Registrant's Address:
            28 Clonmel Close
            RG4 5BF

        Registrant's Agent:
            Parbin Ltd t/a Get Surfed (Metronet) [Tag = GETSURFED]

        Name servers listed in order:
         (the registrant's agent) is a broadband ISP.

    7 Jardine House
    Harrovian Business Village
    Bessborough Road
    Middx HA1 3EX


    Tel: 087 0284 0284
    Tel: 020 7043 8202
    Mon-Fri 9am - 6pm

    Metronet also offers domain names through

    Their web page says 'try our url masking - it's different!'.  URL masking would provide the previous effect, ie. your website showing up under their domain name.

    You can read more about that here -

    Included there:
    "Also, with all URL masking, full Analog-generated logs are now available from your control panel. These logs are updated weekly, are accessible at any time, and include hit-graphs, and statistics by domain suffix, referrer, etc."

    Is someone trying to get info on your prospective customers by setting up a masked version of your site?  Perhaps this will give you a few more avenues to follow up with if you haven't uncovered these things yourself.

    Author Comment

    Still no response from anyone. Points to humeniuk for the most helpful response.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now