We had ours removed almost a year ago, and it has stayed down, although someone still owns the domain. I’m curious if anyone has had luck in buying the domain back. I figured the scammers would ask for a crazy amount of money for it, so we didn’t even try.
Topic summary
A Shopify store owner discovered their entire product catalog (6000+ products, images, descriptions) was scraped and duplicated on a fraudulent domain they don’t control. The scam site appears designed to harvest customer credit card data by offering deep discounts and requesting payment authorization.
Resolution Process:
- Running a WHOIS lookup to identify the domain registrar
- Contacting the registrar’s abuse email (PublicDomainRegistry.com or Web Commerce Communication Ltd. were common)
- Filing reports with Cloudflare, ICANN, and Google
- Most successful approach: emailing the registrar’s abuse contact resulted in takedown within 24-48 hours
Key Findings:
- This is a widespread, recurring problem affecting multiple merchants
- The same scammers (often registered in Malaysia/Wilayah Persekutuan) repeatedly create new domains
- Shopify cannot help if the fraudulent site isn’t hosted on their platform
- Right-click prevention code offers minimal protection as scraping tools bypass it easily
- Legal action is typically impractical due to international jurisdictions
Ongoing Challenges:
- Sites reappear under different domains after takedown
- Merchants express frustration that Shopify doesn’t implement stronger native protections
- Buying up similar domains is expensive and ultimately futile
- The .shop domain registry shows limited responsiveness to abuse reports
Participants recommend monitoring Google searches for duplicate sites and immediately reporting new instances to registrars.