InDigitalWorks.com - UNOTHORIZED DOMAIN NAME TRANSFER - PLS HELP!

by 105 replies
My name is GoranZinic. Some of you know me as the owner of Indigitalworks.com.

On February 22nd, I became a victim of huge Internet fraud, which I would like to share with you.

Domain name IndigitalWorks.com and entire website have been hijacked and transferred by a scammer.

Indigitalworks.com is currently under control of scammer, who managed to transfer everything, including the domain and all the content.

His name is Ahmad Rashid Mohammed, based on the current IndigitalWorks.com WHOIS.

On the first day of the fraud, InDigitalWorks was redirected to 7plr.com, so they are probably involved too.

I have contacted Onlinenic.com (my registrar) but they were very uncooperative and unwilling to help.

In the last few months my Gmail has been hacked several times. After the domain has been transferred I found out that all my online accounts have been hijacked... Twitter, Facebook, Hosting and many others, including Onlinenic.com.

Onlinenic checked the log files and said that domain has been transferred from IP 65.49.14.89, which wasn't my IP. This didn’t solve anything... even if Onlinenic account has been hijacked, they can’t do anything (or don't want to). They refuse to investigate any further or offer any kind of help. Onlinenic is great when you need to buy a domain and send them money, but when you have a problem, they don’t want to listen. If you care about your business, you should AVOID ONLINENIC. Hope this post will urge you to protect your own domains and your business.

After I asked them about the details of the person who owns the domain now, I received the following answer:

“Regarding the information you're asking for, you can refer to http://who.is/whois/indigitalworks.com/

And that’s all… The Whois to which they referred has incomplete information, which is in direct violations to ICANN policies. Not just they refuse to help, but they don’t want to tell the information of the domain name owner. Although OnlineNIC is under ICANN, they don't follow their policies. Be aware of this if you’re using, or planning to use their services.

Since they refuse to investigate such obvious fraud, I have no other choice but to suspect that Onlinenic.com, or some of their employees, could be involved in this act of unauthorized domain transfer.

I have contacted some lawyers in Dubai, the country where the hacker is from, based on the WHOIS information and come to the conclusion that I will need to hire a private investigator first to see if this person even exists, before taking any legal steps.

Does anyone have any suggestions? I and a team of many dedicated freelancers have worked very hard over the past five years to build this site. Without them IndigitalWorks.com would never have succeeded. We’re all working hard on creating a new site, but all our efforts were wiped out in one day.

I know there are warriors here who have lots of knowledge about Internet thieves, and I hope that some of you can help.

Thank you,
Goran

P.S. I also hope that my situation will help you to better protect your business before it’s too late.

---------------------------------------------------
UPDATE:

I apologize to all InDigitalWorks members for not warning them on time about this issue. Scammer has deleted our members database, right after he transferred a domain...

New website is finally setup and we’ve managed to restore the database. Due to huge number of products, it took little longer than we thought. We will continue to do business like nothing happened (although it will be hard). Website will be updated with new products every day, same as it was indigitalworks.com.

Until we resolve this issue our new temporarily URL is www.idplr.com.

Thank you,
Goran
#main internet marketing discussion forum #domain #indigitalworkscom #pls #transfer #unothorized
  • Profile picture of the author wizzard74
    Did you set up domain locking or anything like that to prevent the transfer from happening?
  • Profile picture of the author Goran Zinic
    No.. unfortunately. I really wasn't aware that stealing a domain is so simple...
  • Profile picture of the author rosetrees
    I assume you have proof of all this. Start by contacting their payment processor to get their account closed.

    You might consider contacting google to see if they will de-index the site until you can get it back.

    OnlineNIC are still listed as the registrar. A strongly worded attorney's letter to them might help.

    Look up Brian Kindsvater. He's a fellow Warrior and internet attorney. He's the one to give you proper advise.
  • Profile picture of the author vivi62
    does this mean he has payment details of all your customers as he could try to use them frauduently also,you may also be able to get them to help you in your quest to get your site back if they are also at risk.
    regards
    vivi62
    • Profile picture of the author Goran Zinic
      Originally Posted by vivi62 View Post

      does this mean he has payment details of all your customers as he could try to use them frauduently also,you may also be able to get them to help you in your quest to get your site back if they are also at risk.
      regards
      vivi62
      No. There's nothing to worry about. Indigitalworks never stored any kind of payment details.
  • Profile picture of the author Des Lau
    Wow, scary stuff, really hope you get your site back and karma brings what's coming for that scum!
    • Profile picture of the author The Real Deal
      Hi Goran,

      Let me first tell you how sorry I am to hear about what has happened to you. I know your website well and I can only imagine that this is a huge blow for you...

      The first thing you need to understand is that this is not the right forum to get help. No offense to the people on WF, they are awesome, but if you want to try and get help with this you need to speak with professional domainers. The best forum for this when it comes to .com domains is IMO: Welcome to DNF.com

      Although you might get some good advice from a forum, (and no harm in making a post), I would strongly suggest that you get a US attorney involved ASAP. I would recommend John Berryhill. You can find his contact details here: John Berryhill
      Although I have never hired him personally I have followed him on DNforum for years and he seems very knowledgeable.

      I have around 2300 domain names and I have in the past gone through the same thing you are now experiencing, and I can give you some information from what I gathered at the time, (but I can't promise that it is still accurate). Unfortunately it is not good news.

      I noticed from the Whois history of indigitalworks.com that you from Croatia. I therefore assume that you don't have a US trademark registered for Indigitalworks? That would make the recover process far easier as you could simply initiate a UDRP dispute (Uniform Domain Name Dispute Resolution Policy). However, in the absence of a trademark this will unfortunately be very hard, despite the fact that you are victim of a fraud. You might want to have a quick look at this thread: Using the UDRP to Recover Stolen Names

      Your best bet IMO is to either try to work with the registrar, or alternatively get John Berryhill or another lawyer specialized in domains to threaten the registrar with a lawsuit, (assuming they are based in the US). I am not a lawyer but I would think that if you present the registrar with indisputable proof that you are the legitimate owner, you could make a strong argument that they will be liable for the losses that you incur if they refuse to assist in the recovery.

      You mention that the registrar is being uncooperative, and it is so unfortunate that people don't seem to understand the importance of holding valuable domains in locked account with an ICANN approved registrar that you can really trust. There are many people, (myself included) that have lost domain names through Godaddy and still people here recommend them to newbies so they can save a couple of bucks... They do this based on the fact that so far everything has worked fine for them with Godaddy, but ignoring the huge number of people who have had terrible experiences with them. Anyway, I didn't mean to go off on a rant, this thread is not about Godaddy! :rolleyes:

      I haven't looked into your registrar to see if they are even ICANN approved, but if you feel that you can't afford an attorney your next best option would be to contact ICANN directly and ask them for advice on what to do.

      If you were living in the US I would also advice that you immediately report it to the Internet Fraud Complaint Center at the FBI, Internet Crime Complaint Center (IC3) | Home but I don't think that is feasible for you. However, you should probably still report it to your local police department in Croatia.

      You should also try to gather all possible information you can that proves you are the legitimate owner of the domain name. This will come in handy in the future as you will have to prove your claim regardless which route you take.

      I really wish I could give you some more definite advice that would help you get the domain back quickly, but all I can say is don't give up!

      I wish you the best of luck!
  • Profile picture of the author sbucciarel
    Banned
    Without a lawyer or some help from the registrar, it might be difficult to get it back. It was unlocked and you were most likely hacked so the transfer appears normal to the registrar. John Berryhill is a very sharp IP lawyer and kindsvater also, and he frequents this forum. I don't know if they can handle a case based in Croatia or not, but you might get some advice.
  • Profile picture of the author onegoodman
    Domain registrar probably would n't be able to provide you much help.

    If this guy is putting these information on who.is and you can confirm its correct, you will need to hire a lawyer in Dubai.

    You have emails and receipts paying for that domain and prove your ownership for the domain.

    If your computer still infected and the information is going forward to him. I would suggest to contact a computer forensic agency (it will cost you $$$$$)

    Upon my knowledge UAE, has rules for online crimes. If you can prove he did steal you domain, you can get your domain back and get him locked up for online crime.

    This is costy, but i see the website ranked 18k worldwide in alexa, so i do assume it make some good $$$$$
    • Profile picture of the author Goran Zinic
      Originally Posted by onegoodman View Post

      Domain registrar probably would n't be able to provide you much help.

      If this guy is putting these information on who.is and you can confirm its correct, you will need to hire a lawyer in Dubai.

      You have emails and receipts paying for that domain and prove your ownership for the domain.

      If your computer still infected and the information is going forward to him. I would suggest to contact a computer forensic agency (it will cost you $$$$$)

      Upon my knowledge UAE, has rules for online crimes. If you can prove he did steal you domain, you can get your domain back and get him locked up for online crime.

      This is costy, but i see the website ranked 18k worldwide in alexa, so i do assume it make some good $$$$$
      Thank you for info about computer forensics. I don't use any of my laptops any more... I will wait for some other solutions to come up before taking these steps.
  • Profile picture of the author Alastair McDermott
    Looks like they got into your hosting control panel beforehand, or are damned fast - your previous links are not 404'ing, all content seems correct (I didn't see your site before) so these guys are sophisticated.

    I'd agree with the suggestion of talking to domainers & lawyers. Maybe private investigators too, depending on your budget. One thing to be aware of - they are smart - might even be reading this thread - don't give away too much about what your plan of action is.

    Update: You could ask the host to take it down on the basis of it being copyrighted materials

    Hosting: Hetzner Online AG host the domain indigitalworks.com
    IP Address: 176.9.108.206
    Name Servers: ns1.7plr.com, ns2.7plr.com
    • Profile picture of the author bcbr8r
      Goran, really sad to hear what happened. As a customer I know your site very well.

      Originally Posted by AMcDermott View Post


      Hosting: Hetzner Online AG host the domain indigitalworks.com
      IP Address: 176.9.108.206
      Name Servers: ns1.7plr.com, ns2.7plr.com
      Hetzner Online AG is a german based hoster located in Gunzehausen

      Stuttgarter Str. 1
      91710 Gunzenhausen
      Deutschland

      Tel.: 09831/610061*
      Fax: 09831/610062

      If you contact them and explain them what happened I'm sure they will help you and shut down or freeze the hosting account.

      If this not helps you may file that case to the german police and they can investigate that further.

      I'm from Germany and can help you with that if you want.

      In the end the bad guys will go to another hoster, but they have lot's of work with that and they should see a big crowd is following them and they can't escape that easy.

      Best wishes & fingers crossed!
  • Profile picture of the author digitaldownloadguy
    So what is the status of your website currently? It appears to be up and operating but is still registered to someone in Dubai? You may want to make an effort to let your customers know that it is either safe or still dangerous to access your site. Since last post was on Thursday and in that post it stated it would be up and operating the next day. After reading about this I did go to your website and was redirected to a host gator cpanel login page which is based in the States. Something smells very fishy about this. Sounds like someone may have just taken their customers money and ran with it??? Claiming domain name highjacking to some fake name in Dubai and then laughing all the way to the bank. There was a time when the domain was being redirected to 7plr.com. Bottom line worry about your customers first then get the legal issues under wraps.
    • Profile picture of the author Goran Zinic
      Originally Posted by digitaldownloadguy View Post

      So what is the status of your website currently? It appears to be up and operating but is still registered to someone in Dubai? You may want to make an effort to let your customers know that it is either safe or still dangerous to access your site. Since last post was on Thursday and in that post it stated it would be up and operating the next day. After reading about this I did go to your website and was redirected to a host gator cpanel login page which is based in the States. Something smells very fishy about this. Sounds like someone may have just taken their customers money and ran with it??? Claiming domain name highjacking to some fake name in Dubai and then laughing all the way to the bank. There was a time when the domain was being redirected to 7plr.com. Bottom line worry about your customers first then get the legal issues under wraps.
      Unfortunately, it's the same as on the beginning of my post. While I was posting on facebook I didn't knew they stole the whole website... I found this later when I saw it installed on their server. This has made things more complicated...
  • Profile picture of the author Goran Zinic
    Thank you for all the information’s you provided. Some posts were very useful. I can't disclose which currently. If anyone has some more info to share, I would be very grateful... Thanks
  • Profile picture of the author GerryMedia
    Hi Goran!

    I have a huge cache of domain names and your story alarmed me, since I use gmail too.I actually will not use gmail anymore for my business accounts. I can't imagine such a thing can happen to a big website like indigitalworks. From what I perceive of your site, it's a major player in the PLR field.

    So you think it's not even safe to visit indigitalworks.com now? I won't trust an hijacked website run by hackers and thieves.

    All the best in your quest for justice... I'm watching this thread.
    • Profile picture of the author Goran Zinic
      Originally Posted by GerryMedia View Post

      Hi Goran!

      I have a huge cache of domain names and your story alarmed me, since I use gmail too.I actually will not use gmail anymore for my business accounts. I can't imagine such a thing can happen to a big website like indigitalworks. From what I perceive of your site, it's a major player in the PLR field.

      So you think it's not even safe to visit indigitalworks.com now? I won't trust an hijacked website run by hackers and thieves.

      All the best in your quest for justice... I'm watching this thread.
      I suggest you not to store any kind of such data in Gmail!

      Indigitalworks.com is still not under my control, it's run by thieves currently. I wouldn't say it's unsafe to visit but I suggest you not to do anything more than that, like signing up.
  • Profile picture of the author ginngoh
    Hi Zinc

    I m one of yr lifetime membership for last 2 years.

    Everytime visited your site - knows how much efforts u been putting in and your are indeed keeping up the site so regularly...

    Pls keep it up and let us know if u do transfer your site to another domain though we hope u r able to get back the domain.

    Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
    • Profile picture of the author The Real Deal
      Originally Posted by ginngoh View Post

      Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
      About a week and a half ago I gave my recommendation on where I believe it is safe to hold your domain names: http://www.warriorforum.com/main-int...ml#post5639588

      The registrar that I recommend in that thread is based in Australia, which I believe can be an advantage in many legal situations. However, if you prefer to have a US based registrar I would recommend Moniker

      Apart from holding your domain name with an ICANN accredited and highly reputable registrar that you can trust you need to lock down your most valuable domains. By this I don't mean that they should simply be "locked" from being transferred, (which I am sure everyone does)!

      What I am referring to is that you should use some form "executive lock" that allows you to have two or three security questions that have to be correctly answered before any DNS changes or transfers of your domains can take place. That way, even if a hacker takes over your email account and computer he will never be able to either change the DNS of your domains or transfer them to another account.

      The registrar I recommended in the thread I linked to above goes even further. For high-value domain names, (or domains that host a valauble business like I am sure indigitalworks was/is) they allow you to set-up several security questions that you have to answer correctly to their management team over the phone (after identifying yourself) before any changes will be approved on those domains. This does add some hassle when you need to make changes but IMO it's a small price to pay when you are dealing with a 6 or 7-figure business...
    • Profile picture of the author Goran Zinic
      Originally Posted by ginngoh View Post

      Hi Zinc

      I m one of yr lifetime membership for last 2 years.

      Everytime visited your site - knows how much efforts u been putting in and your are indeed keeping up the site so regularly...

      Pls keep it up and let us know if u do transfer your site to another domain though we hope u r able to get back the domain.
      Thanks. I will announce immediately after we setup a new site... It should be very soon.
    • Profile picture of the author wvdploeg
      Originally Posted by ginngoh View Post


      Warriors - is there anyone there could at least give a words on which domain providers who are reliable, especially in situation like this ?
      Well, I would suggest: Always take a domain provider in your own country... since there is a big question about jurisdiction if the provider is in China, the thief in Dubai, ICANN in the USA and the original owner in Croatia...

      If the provider and the owner are in the same country, communication is much easier... and when you plan to sue them, you both talk the same legal language...
  • Profile picture of the author Lenny Winkle
    I realize this puts you in a terrible spot and wish you the best of luck. I'm also very curious to hear what you recommend for your customers?

    I signed up a little over a month ago and now it looks as if my subscription is worthless. What do you recommend? How will you take care of your customers?
    • Profile picture of the author Goran Zinic
      Originally Posted by Lenny Winkle View Post

      I realize this puts you in a terrible spot and wish you the best of luck. I'm also very curious to hear what you recommend for your customers?

      I signed up a little over a month ago and now it looks as if my subscription is worthless. What do you recommend? How will you take care of your customers?
      Regarding your purchase, there's nothing to worry about. If you want I will provide you a full refund. Just let me know.

      New InDigitalWorks site, but on different domain, will be setup soon so members will have access. We will also continue to run this site and supply it with new products, there won't be any difference..
  • Profile picture of the author YouJelly
    i feel you bro, it is very unlikely you are going to see your domain again.
    truth is truth.
    all bull**** aside, most of the options here are lame.
    your best option is to hijack it back, its gonna cost you.
    btw the name he used is an alias.
    its not his first hijack (given by his email which is also dummy mail, he used it before).

    how you gonna hijack it? start learning about the deep web.
    download "TORa" and start reading about the dark web. im not going to link you to places and dont ask for, what you looking for is there.

    btw, a small tip before paying any one on the deep web, ask them first to transfer it on thier name(obviously they will use an alias,same goes for ip and isp ) or a name you both agreed upon once he hijacked it, afterwards pay him or let him first transfer it on ur name, learn how to secure it more.

    where you hosting at btw? is it shared? dedicated?
  • Profile picture of the author andynathan
    Let me know when you start up again. I was on the site Friday and there were some irregularities that stopped me from purchasing a membership. Had no clue about this at the time. Interested when you get things running again.
    • Profile picture of the author Goran Zinic
      Originally Posted by andynathan View Post

      Let me know when you start up again. I was on the site Friday and there were some irregularities that stopped me from purchasing a membership. Had no clue about this at the time. Interested when you get things running again.
      Hi Andy, I will announce a new domain on this thread... Thanks
  • Profile picture of the author kasher9
    Has the scammer locked the domain? If he hasn't, you can transfer it back, all these domain registrars are just about their own pockets and don't consider customer service at all. Unfortunately, they won't be much of help, I've had similar problems before, best thing to do is get a lawyer who works in corporate law and ask them to send a letter to the registrar, the only issue is if he hasn't hacked your account then you may be in a sticky situation because you don't have a case - you left it open to transfer dude... You need to contact law enforcement so that they can investigate the hacking side of things.
  • Profile picture of the author JohnSp
    Sorry to hear that, sir.

    Alright, you have an IP Address in your hands. It's 65.49.14.89

    I traced it and this guy used a proxy. (Obviously a hacker would try to hide his tracks)

    The ISP of this proxy is "Hurricane Electric". Proof: http://www.ip-adress.com/ip_tracer/65.49.14.89

    So you can contact them and see what you can do from there. Like if you will send them legal papers about your case they will most likely give the information you want.

    E.G. You can ask OnlineNIC the exact date + time the person did login and transferred your account. Then ask proxy's ISP (Hurricane Electric) for the IP address that used the proxy 65.49.14.89 at <date/time goes here>.

    Or just ask for the IP address that used the proxy and connected to OnlineNIC's website.

    If you have a new IP address on your hands now you should do your research (trace it etc) because it's most likely that it will be a proxy aswell.

    Good luck buddy.

    EDIT: I gotta go now, I added you on Skype though to speak later and help a bit.

    See ya.
  • Profile picture of the author AnnaM
    Banned
    [DELETED]
  • Profile picture of the author AnnaM
    Banned
    [DELETED]
  • Profile picture of the author Lloyd Buchinski
    The ip you mentioned seems to be an anonymous proxy.

    View information about 65.49.14.89 - Free IP Lookup

    That might give you something to work with. Not many people would use one for a legitimate purchase.

    Also, not the "OBFUSCATED IPs 1093733977 18273603161." Unfortunately they don't include the dots in them, so there is more than one possibility for each, but if all the digits match something that you manage to track down that might help too.

Next Topics on Trending Feed