InDigitalWorks.com - UNOTHORIZED DOMAIN NAME TRANSFER - PLS HELP!

Profile picture of the author Goran Zinic by Goran Zinic Posted: 02/24/2012
My name is GoranZinic. Some of you know me as the owner of Indigitalworks.com.

On February 22nd, I became a victim of huge Internet fraud, which I would like to share with you.

Domain name IndigitalWorks.com and entire website have been hijacked and transferred by a scammer.

Indigitalworks.com is currently under control of scammer, who managed to transfer everything, including the domain and all the content.

His name is Ahmad Rashid Mohammed, based on the current IndigitalWorks.com WHOIS.

On the first day of the fraud, InDigitalWorks was redirected to 7plr.com, so they are probably involved too.

I have contacted Onlinenic.com (my registrar) but they were very uncooperative and unwilling to help.

In the last few months my Gmail has been hacked several times. After the domain has been transferred I found out that all my online accounts have been hijacked... Twitter, Facebook, Hosting and many others, including Onlinenic.com.

Onlinenic checked the log files and said that domain has been transferred from IP 65.49.14.89, which wasn't my IP. This didn’t solve anything... even if Onlinenic account has been hijacked, they can’t do anything (or don't want to). They refuse to investigate any further or offer any kind of help. Onlinenic is great when you need to buy a domain and send them money, but when you have a problem, they don’t want to listen. If you care about your business, you should AVOID ONLINENIC. Hope this post will urge you to protect your own domains and your business.

After I asked them about the details of the person who owns the domain now, I received the following answer:

“Regarding the information you're asking for, you can refer to http://who.is/whois/indigitalworks.com/

And that’s all… The Whois to which they referred has incomplete information, which is in direct violations to ICANN policies. Not just they refuse to help, but they don’t want to tell the information of the domain name owner. Although OnlineNIC is under ICANN, they don't follow their policies. Be aware of this if you’re using, or planning to use their services.

Since they refuse to investigate such obvious fraud, I have no other choice but to suspect that Onlinenic.com, or some of their employees, could be involved in this act of unauthorized domain transfer.

I have contacted some lawyers in Dubai, the country where the hacker is from, based on the WHOIS information and come to the conclusion that I will need to hire a private investigator first to see if this person even exists, before taking any legal steps.

Does anyone have any suggestions? I and a team of many dedicated freelancers have worked very hard over the past five years to build this site. Without them IndigitalWorks.com would never have succeeded. We’re all working hard on creating a new site, but all our efforts were wiped out in one day.

I know there are warriors here who have lots of knowledge about Internet thieves, and I hope that some of you can help.

Thank you,
Goran

P.S. I also hope that my situation will help you to better protect your business before it’s too late.

---------------------------------------------------
UPDATE:

I apologize to all InDigitalWorks members for not warning them on time about this issue. Scammer has deleted our members database, right after he transferred a domain...

New website is finally setup and we’ve managed to restore the database. Due to huge number of products, it took little longer than we thought. We will continue to do business like nothing happened (although it will be hard). Website will be updated with new products every day, same as it was indigitalworks.com.

Until we resolve this issue our new temporarily URL is www.idplr.com.

Thank you,
Goran
#domain #indigitalworkscom #pls #transfer #unothorized

  • Profile picture of the author wizzard74
    wizzard74
    Did you set up domain locking or anything like that to prevent the transfer from happening?
  • Profile picture of the author Goran Zinic
    Goran Zinic
    No.. unfortunately. I really wasn't aware that stealing a domain is so simple...
  • Profile picture of the author rosetrees
    rosetrees
    I assume you have proof of all this. Start by contacting their payment processor to get their account closed.

    You might consider contacting google to see if they will de-index the site until you can get it back.

    OnlineNIC are still listed as the registrar. A strongly worded attorney's letter to them might help.

    Look up Brian Kindsvater. He's a fellow Warrior and internet attorney. He's the one to give you proper advise.
  • Profile picture of the author vivi62
    vivi62
    does this mean he has payment details of all your customers as he could try to use them frauduently also,you may also be able to get them to help you in your quest to get your site back if they are also at risk.
    regards
    vivi62
  • Profile picture of the author Des Lau
    Des Lau
    Wow, scary stuff, really hope you get your site back and karma brings what's coming for that scum!
  • Profile picture of the author The Real Deal
    The Real Deal
    Hi Goran,

    Let me first tell you how sorry I am to hear about what has happened to you. I know your website well and I can only imagine that this is a huge blow for you...

    The first thing you need to understand is that this is not the right forum to get help. No offense to the people on WF, they are awesome, but if you want to try and get help with this you need to speak with professional domainers. The best forum for this when it comes to .com domains is IMO: Welcome to DNF.com

    Although you might get some good advice from a forum, (and no harm in making a post), I would strongly suggest that you get a US attorney involved ASAP. I would recommend John Berryhill. You can find his contact details here: John Berryhill
    Although I have never hired him personally I have followed him on DNforum for years and he seems very knowledgeable.

    I have around 2300 domain names and I have in the past gone through the same thing you are now experiencing, and I can give you some information from what I gathered at the time, (but I can't promise that it is still accurate). Unfortunately it is not good news.

    I noticed from the Whois history of indigitalworks.com that you from Croatia. I therefore assume that you don't have a US trademark registered for Indigitalworks? That would make the recover process far easier as you could simply initiate a UDRP dispute (Uniform Domain Name Dispute Resolution Policy). However, in the absence of a trademark this will unfortunately be very hard, despite the fact that you are victim of a fraud. You might want to have a quick look at this thread: Using the UDRP to Recover Stolen Names

    Your best bet IMO is to either try to work with the registrar, or alternatively get John Berryhill or another lawyer specialized in domains to threaten the registrar with a lawsuit, (assuming they are based in the US). I am not a lawyer but I would think that if you present the registrar with indisputable proof that you are the legitimate owner, you could make a strong argument that they will be liable for the losses that you incur if they refuse to assist in the recovery.

    You mention that the registrar is being uncooperative, and it is so unfortunate that people don't seem to understand the importance of holding valuable domains in locked account with an ICANN approved registrar that you can really trust. There are many people, (myself included) that have lost domain names through Godaddy and still people here recommend them to newbies so they can save a couple of bucks... They do this based on the fact that so far everything has worked fine for them with Godaddy, but ignoring the huge number of people who have had terrible experiences with them. Anyway, I didn't mean to go off on a rant, this thread is not about Godaddy! :rolleyes:

    I haven't looked into your registrar to see if they are even ICANN approved, but if you feel that you can't afford an attorney your next best option would be to contact ICANN directly and ask them for advice on what to do.

    If you were living in the US I would also advice that you immediately report it to the Internet Fraud Complaint Center at the FBI, Internet Crime Complaint Center (IC3) | Home but I don't think that is feasible for you. However, you should probably still report it to your local police department in Croatia.

    You should also try to gather all possible information you can that proves you are the legitimate owner of the domain name. This will come in handy in the future as you will have to prove your claim regardless which route you take.

    I really wish I could give you some more definite advice that would help you get the domain back quickly, but all I can say is don't give up!

    I wish you the best of luck!
  • Profile picture of the author sbucciarel
    sbucciarel
    Without a lawyer or some help from the registrar, it might be difficult to get it back. It was unlocked and you were most likely hacked so the transfer appears normal to the registrar. John Berryhill is a very sharp IP lawyer and kindsvater also, and he frequents this forum. I don't know if they can handle a case based in Croatia or not, but you might get some advice.
  • Profile picture of the author The Real Deal
    The Real Deal
    I just did some quick research on Onlinenic Inc and although they are a large registrar they do indeed have a bad reputation...

    Apparently they are based in China and a lot of people are having problems dealing with them. Here are a selection of posts:

    onlinenic.com refuses to send me login codes

    OnlineNIC.com anyone else have problems???

    Verizon awarded $33 million judgement against registrar OnlineNIC

    The only good news is that they are an ICANN accredited registrar, so technically they should follow ICANN rules...but obviously it seems that they don't. However, since they have apparently been in trouble with ICANN in the past, see this announcement: ICANN | Advisory: OnlineNIC Transfer Issues Resolved they may become more helpful if you explain to them that unless they assist in recovering your domain name you will get a lawyer who will bring a formal complaint to ICANN. Not sure how much that would help, but it could be worth a try...

    Another worrying thing I noticed is that they are also the registrar for the domain name 7plr.com and I agree this looks highly suspicious. My first thought was that the thief might just have re-directed the domain name to another PLR company with an affiliate program, but it doesn't look like 7plr.com has an affiliate program. The domain name is also registered in the Arab Emirates just like the thief that stole it, which is unlikely to be a coincidence!
  • Profile picture of the author onegoodman
    onegoodman
    Domain registrar probably would n't be able to provide you much help.

    If this guy is putting these information on who.is and you can confirm its correct, you will need to hire a lawyer in Dubai.

    You have emails and receipts paying for that domain and prove your ownership for the domain.

    If your computer still infected and the information is going forward to him. I would suggest to contact a computer forensic agency (it will cost you $$$$$)

    Upon my knowledge UAE, has rules for online crimes. If you can prove he did steal you domain, you can get your domain back and get him locked up for online crime.

    This is costy, but i see the website ranked 18k worldwide in alexa, so i do assume it make some good $$$$$
  • Profile picture of the author Alastair McDermott
    Alastair McDermott
    Looks like they got into your hosting control panel beforehand, or are damned fast - your previous links are not 404'ing, all content seems correct (I didn't see your site before) so these guys are sophisticated.

    I'd agree with the suggestion of talking to domainers & lawyers. Maybe private investigators too, depending on your budget. One thing to be aware of - they are smart - might even be reading this thread - don't give away too much about what your plan of action is.

    Update: You could ask the host to take it down on the basis of it being copyrighted materials

    Hosting: Hetzner Online AG host the domain indigitalworks.com
    IP Address: 176.9.108.206
    Name Servers: ns1.7plr.com, ns2.7plr.com
  • Profile picture of the author digitaldownloadguy
    digitaldownloadguy
    So what is the status of your website currently? It appears to be up and operating but is still registered to someone in Dubai? You may want to make an effort to let your customers know that it is either safe or still dangerous to access your site. Since last post was on Thursday and in that post it stated it would be up and operating the next day. After reading about this I did go to your website and was redirected to a host gator cpanel login page which is based in the States. Something smells very fishy about this. Sounds like someone may have just taken their customers money and ran with it??? Claiming domain name highjacking to some fake name in Dubai and then laughing all the way to the bank. There was a time when the domain was being redirected to 7plr.com. Bottom line worry about your customers first then get the legal issues under wraps.
  • Profile picture of the author Goran Zinic
    Goran Zinic
    Originally Posted by vivi62 View Post
    does this mean he has payment details of all your customers as he could try to use them frauduently also,you may also be able to get them to help you in your quest to get your site back if they are also at risk.
    regards
    vivi62
    No. There's nothing to worry about. Indigitalworks never stored any kind of payment details.
  • Profile picture of the author Goran Zinic
    Goran Zinic
    Originally Posted by onegoodman View Post
    Domain registrar probably would n't be able to provide you much help.

    If this guy is putting these information on who.is and you can confirm its correct, you will need to hire a lawyer in Dubai.

    You have emails and receipts paying for that domain and prove your ownership for the domain.

    If your computer still infected and the information is going forward to him. I would suggest to contact a computer forensic agency (it will cost you $$$$$)

    Upon my knowledge UAE, has rules for online crimes. If you can prove he did steal you domain, you can get your domain back and get him locked up for online crime.

    This is costy, but i see the website ranked 18k worldwide in alexa, so i do assume it make some good $$$$$
    Thank you for info about computer forensics. I don't use any of my laptops any more... I will wait for some other solutions to come up before taking these steps.
  • Profile picture of the author Goran Zinic
    Goran Zinic
    Originally Posted by digitaldownloadguy View Post
    So what is the status of your website currently? It appears to be up and operating but is still registered to someone in Dubai? You may want to make an effort to let your customers know that it is either safe or still dangerous to access your site. Since last post was on Thursday and in that post it stated it would be up and operating the next day. After reading about this I did go to your website and was redirected to a host gator cpanel login page which is based in the States. Something smells very fishy about this. Sounds like someone may have just taken their customers money and ran with it??? Claiming domain name highjacking to some fake name in Dubai and then laughing all the way to the bank. There was a time when the domain was being redirected to 7plr.com. Bottom line worry about your customers first then get the legal issues under wraps.
    Unfortunately, it's the same as on the beginning of my post. While I was posting on facebook I didn't knew they stole the whole website... I found this later when I saw it installed on their server. This has made things more complicated...
  • Profile picture of the author Goran Zinic
    Goran Zinic
    Thank you for all the information’s you provided. Some posts were very useful. I can't disclose which currently. If anyone has some more info to share, I would be very grateful... Thanks
  • Profile picture of the author GerryMedia
    GerryMedia
    Hi Goran!

    I have a huge cache of domain names and your story alarmed me, since I use gmail too.I actually will not use gmail anymore for my business accounts. I can't imagine such a thing can happen to a big website like indigitalworks. From what I perceive of your site, it's a major player in the PLR field.

    So you think it's not even safe to visit indigitalworks.com now? I won't trust an hijacked website run by hackers and thieves.

    All the best in your quest for justice... I'm watching this thread.
  • Profile picture of the author ginngoh
    ginngoh
    Hi Zinc

    I m one of yr lifetime membership for last 2 years.

    Everytime visited your site - knows how much efforts u been putting in and your are indeed keeping up the site so regularly...

    Pls keep it up and let us know if u do transfer your site to another domain though we hope u r able to get back the domain.

    Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
  • Profile picture of the author Lenny Winkle
    Lenny Winkle
    I realize this puts you in a terrible spot and wish you the best of luck. I'm also very curious to hear what you recommend for your customers?

    I signed up a little over a month ago and now it looks as if my subscription is worthless. What do you recommend? How will you take care of your customers?
  • Profile picture of the author YouJelly
    YouJelly
    i feel you bro, it is very unlikely you are going to see your domain again.
    truth is truth.
    all bull**** aside, most of the options here are lame.
    your best option is to hijack it back, its gonna cost you.
    btw the name he used is an alias.
    its not his first hijack (given by his email which is also dummy mail, he used it before).

    how you gonna hijack it? start learning about the deep web.
    download "TORa" and start reading about the dark web. im not going to link you to places and dont ask for, what you looking for is there.

    btw, a small tip before paying any one on the deep web, ask them first to transfer it on thier name(obviously they will use an alias,same goes for ip and isp ) or a name you both agreed upon once he hijacked it, afterwards pay him or let him first transfer it on ur name, learn how to secure it more.

    where you hosting at btw? is it shared? dedicated?
  • Profile picture of the author The Real Deal
    The Real Deal
    Originally Posted by ginngoh View Post
    Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
    About a week and a half ago I gave my recommendation on where I believe it is safe to hold your domain names: http://www.warriorforum.com/main-int...ml#post5639588

    The registrar that I recommend in that thread is based in Australia, which I believe can be an advantage in many legal situations. However, if you prefer to have a US based registrar I would recommend Moniker

    Apart from holding your domain name with an ICANN accredited and highly reputable registrar that you can trust you need to lock down your most valuable domains. By this I don't mean that they should simply be "locked" from being transferred, (which I am sure everyone does)!

    What I am referring to is that you should use some form "executive lock" that allows you to have two or three security questions that have to be correctly answered before any DNS changes or transfers of your domains can take place. That way, even if a hacker takes over your email account and computer he will never be able to either change the DNS of your domains or transfer them to another account.

    The registrar I recommended in the thread I linked to above goes even further. For high-value domain names, (or domains that host a valauble business like I am sure indigitalworks was/is) they allow you to set-up several security questions that you have to answer correctly to their management team over the phone (after identifying yourself) before any changes will be approved on those domains. This does add some hassle when you need to make changes but IMO it's a small price to pay when you are dealing with a 6 or 7-figure business...

Related discussions