This article is written by the Department of Technology, a grassroots advocacy organization dedicated to promoting the establishment of an independent Department of Technology at all levels of government: federal, state, county, and local. The organization advocates for the creation of elected leaders of technology at the state, county, and local levels, and proposes that at the federal level, the position of Secretary of Technology be appointed by the U.S. President and confirmed by the Senate. The Department of Technology aims to prioritize technological advancement, innovation, and policy in a manner that supports the growth and well-being of all citizens.

Several news outlets in March 2025, have reported that the website “dogequest”, and its variants like dogeque.st has been involved in the unauthorized disclosure of personal information belonging to Tesla owners, Tesla charging stations, and dealerships. The intent behind this activity appears to be malicious, targeting both individuals and businesses by exposing their public and private contact details.

Forensic Audit and Domain Analysis

A forensic audit of dogeque.st was conducted by the Department of Transportation (DOT) to trace the origins and administrative control of the domain. The domain utilizes the .st extension, which is the official country code for São Tomé and Príncipe and is managed by http://www.nic.st. The website’s SSL certificate was issued by Cloudflare, a San Francisco-based company, which provides security and hosting services.

Further investigation revealed that the domain was registered through Sarek, a Finnish domain registrar. Sarek operates under the legal entity Sarek Oy, located at Urho Kekkosen katu 4-6 E, 00100 Helsinki, Finland. The company’s registration number is FO 3090388-4 (VAT-ID FI30903884). The domain dogeque.st was created on March 17, 2025, with an expiration date of March 17, 2026.

Takedown Request and Website Resurgence
On March 20, 2025, an official request was submitted via email to Sarek, urging the registrar to take down the website to prevent further criminal activity. The request was acknowledged, and a support ticket (#387233) was issued. Following this request, dogeque.st was temporarily taken offline for several hours. However, by March 21, 2025, the website was back online and fully operational.

Discovery of Mirror Website on Tor Network

Furthermore, our forensic audit discovered that there is a mirror website of http://www.dogeque.st on the Tor network. Tor (an acronym for The Onion Router) is a network that masks online traffic, providing anonymity for users accessing websites and servers through this platform. The Tor browser is an open-source tool managed by volunteers, utilizing onion routing to obscure user identities and locations. While Tor is used for privacy protection, it is also widely exploited for illicit activities, including cybercrime and illicit solicitation for hire. The existence of a mirror website on the Tor network suggests an intent to evade law enforcement and continue operations even if the main domain is taken down.

Connections to Offshore Entities

The investigation extended to entities operating in Saint Kitts and Nevis, a small Caribbean nation known for its offshore business registrations. One such entity is Njalla Okta LLC, a domain registrant organization that lists “Host Master” as its registrant name. The company is registered at the Arthur L. Evelyn Building in Charlestown (KN0802), Saint Kitts and Nevis, with a contact phone number of +1.628.251.1337 and an email address of whois@njal.la. Njalla Okta LLC appears to function as a privacy or proxy registration service, shielding the identities of actual domain owners.

The company is also associated with the .la domain extension, which is the country code for Laos. It claims to be operated by njalla.srl, a firm based in Costa Rica. Notably, the websites www.njal.la and www.njalla.srl redirect to each other, further obscuring ownership details.

Njalla was founded in April 2017 by Peter Sunde Kolmisoppi, a Swedish entrepreneur and politician best known as a co-founder and former spokesperson of The Pirate Bay, a BitTorrent search engine. Sunde is also active in the Pirate Party of Finland and identifies as a socialist. He has Norwegian and Finnish ancestry. Through Njalla, Sunde provides privacy-focused domain registration, hosting, and VPN services.

Links to the Panama Papers

Further analysis uncovered that the Arthur L. Evelyn Building address, linked to Njalla Okta LLC, was mentioned in the Panama Papers. These leaked documents exposed over 214,000 offshore entities used by individuals and corporations to hide assets and evade taxes through a complex web of secretive offshore companies. This connection raises concerns about the true nature of Njalla Okta LLC’s operations and its role in shielding malicious actors behind dogeque.st.

Files are also shared on a website called Protomaps, which can be found at www.protomaps.com. The platform has a Bluesky social media account but does not have an X (formally Twitter) account therefore potentially demonstrating political bias and preferences. For the domain name registrant contact, the listed phone number is +354.4212434. The mailing address is Kalkofnsvegur 2, Reykjavik, Capital Region, 101, Iceland. Namecheap, Inc., the domain name registrar, is a US-based company. Contact Us. Namecheap, Inc. 4600 East Washington Street Suite 300. Phoenix, AZ 85034. USA.

Our Recommendations
To effectively take down dogeque.st and its related entities, the following legal actions are recommended:

Domain Registrar Takedown Requests

Submit formal legal complaints to Sarek Oy, the domain registrar, citing violations of privacy laws and illegal activities.
Escalate the request through Finnish legal channels if the registrar fails to comply.

Hosting and CDN Providers

File abuse complaints with Cloudflare, the SSL certificate provider, to revoke security services.
Investigate the website’s hosting provider and issue takedown requests if the provider has policies against doxing or malicious content.

São Tomé and Príncipe Authorities
Engage São Tomé and Príncipe’s domain authority (www.nic.st) to request the suspension of the domain based on illegal activities.

International Cybercrime Coordination

Report the case to INTERPOL and Europol to investigate cross-border cybercrimes involving offshore entities.
Work with the U.S. Department of Justice (DOJ) and the FBI’s Cyber Crimes Division for international enforcement.

Potential Legal Action Against Offshore Entities

Investigate Njalla Okta LLC and other associated offshore registrars for potential legal action.
Coordinate with Saint Kitts and Nevis authorities to request information on registrants.

Tor Network Countermeasures

Work with cybersecurity agencies to track and disrupt the mirror site on Tor.
Request law enforcement collaboration to identify and take down the server hosting the mirror website.
Data Protection and Privacy Law Enforcement

Leverage GDPR (if any European citizens are affected) to request takedown actions.
Utilize U.S. privacy laws and state-level doxing legislation to file legal cases.

Summary

The website dogeque.st has been implicated in the doxing of Tesla owners and dealerships, leveraging offshore domain registration services and privacy shields to obscure its administrators’ identities. Despite an official takedown request, the site was reinstated within a day, highlighting the challenges of combating cyber harassment facilitated by opaque domain registrars. The discovery of a mirror website on the Tor network further complicates law enforcement efforts, as it indicates an intent to persist despite takedown attempts. The connections between dogeque.st, Njalla Okta LLC, and the Panama Papers warrant further scrutiny by law enforcement and cybersecurity agencies to prevent continued misuse of these services for harmful activities.

A future Department of Technology (DoT), as outlined above, would play a crucial role in detecting, preventing, and prosecuting online doxing activities that target Tesla car owners and dealerships. By leveraging advanced technologies, dedicated resources, and a collaborative approach with law enforcement agencies, the DoT would work proactively to identify and mitigate doxing threats before they escalate. In partnership with cybersecurity experts, the DoT would implement robust security measures and public awareness campaigns to protect individuals and businesses. Furthermore, it would ensure that those responsible for such harmful actions are held accountable to the fullest extent of the law, safeguarding the privacy, safety, and well-being of all affected parties.

More information coming soon!