How did you find the registrar to email from the Whosis report? The same thing just happened to our site, and I’m trying to figure out what to do. I did run the report and filed a report with Cloudflare, and I’m in the queue to talk to GoDaddy support right now. Ugh, so frustrating! Any advice you can offer would be great! Were you successful in getting the other site down? Thanks!
Topic summary
A Shopify store owner discovered their entire product catalog (6000+ products, images, descriptions) was scraped and duplicated on a fraudulent domain they don’t control. The scam site appears designed to harvest customer credit card data by offering deep discounts and requesting payment authorization.
Resolution Process:
- Running a WHOIS lookup to identify the domain registrar
- Contacting the registrar’s abuse email (PublicDomainRegistry.com or Web Commerce Communication Ltd. were common)
- Filing reports with Cloudflare, ICANN, and Google
- Most successful approach: emailing the registrar’s abuse contact resulted in takedown within 24-48 hours
Key Findings:
- This is a widespread, recurring problem affecting multiple merchants
- The same scammers (often registered in Malaysia/Wilayah Persekutuan) repeatedly create new domains
- Shopify cannot help if the fraudulent site isn’t hosted on their platform
- Right-click prevention code offers minimal protection as scraping tools bypass it easily
- Legal action is typically impractical due to international jurisdictions
Ongoing Challenges:
- Sites reappear under different domains after takedown
- Merchants express frustration that Shopify doesn’t implement stronger native protections
- Buying up similar domains is expensive and ultimately futile
- The .shop domain registry shows limited responsiveness to abuse reports
Participants recommend monitoring Google searches for duplicate sites and immediately reporting new instances to registrars.