Hey all, long time no see. Just stoppin in to ask a quick question.

Recently a friend of mine's website was hit with a successful XSS cookie theft. He did the usual thing those 1337 h4xZ0rZ like to do. (deface the site, change everyone's password etc.) Now, I have a pretty good idea of where he had his cookie catcher (or whatever you want to call it), the cgi script that handles of the incoming +document.cookie information. Problem is he registered with GodDaddy.com but used domainsbyproxy.com as his registrant information. So, My question is; Who should I get in contact with ? Would it be the registrar or the domainsbyproxy guys ? Thanks in advance.