Domain Services ( A Terrible Scam

Published February 18, 2021
Comments: 0

NOTE: The best way to fight alleged scams is to provide potential evidence they are a scam, so if you have had any experiences with companies like this or this “company,” leave a comment below or contact me through social media (or my contact form.)

UPDATE: Name Cheap, Moniker Online Services, and the host of this alleged scam Host Key have been notified of this alleged scam. They have done NOTHING to stop it. I am confident in my opinion that any investigation into this would reveal it as a scam, as it has historically been determined. I have notified them repeatedly via social media and the proper abuse forms and I have gotten almost no response. They refuse to do anything about this alleged scam, and I can only surmise they don’t care that their services are being used to allegedly scam people. Despicable.

The Gist Of It

You do NOT have to register your domain with a “search engine registration” company to be listed on most major search engines. There is no such actual service. Search engines do NOT rely on these companies for information whatsoever (to my knowledge) as they go to great lengths to develop their own software that finds and indexes sites.

As stated, be wary of any “search engine” (not necessarily a directory) that requires you to have to pay to be listed. As well, be VERY wary of ANY site that asks for a SIGNATURE. Your mileage may vary.

For the record, this is personal advice, not legal advice, and is not intended as legal advice, business advice, nor SEO advice.

The Scam – Small Business And Website Operators Beware!

The scam is simple. I know personally of an individual who, unfortunately, was conned out of a fair amount of revenue due to this scam and (other) scammers. Subsequent (other) individual(s) came along who took advantage of the situation with knowledge of the current scam ecosystem.

The idea is this: you open a business or simply a website (it’s better for them if it’s a business and more potentially at stake). You’ve registered the domain name, you’ve set up the hosting service, and you’re good. Or you’ve paid someone else to do it, and you don’t know how it works. You wonder about social media, yellow page-like listings (if it’s a small business, particularly if you are older), and search engines. How do you get on those dang things?

Suddenly, you receive an e-mail directly at your new domain name, or more likely these days (due to anti-spam laws), you receive a notification from an online contact form (which happens to not have spam filters on it). It reads something like this (this is from one of my own sites as an example):

Name: Barbra PeakEmail: [my email]

Domain Notice Expiry ON: Feb 18, 2021

We have actually not received a payment from you.
We've tried to call you yet were incapable to contact you.

Check Out:
For info and to post a discretionary payment for your domain website services.

Time: February 18, 2021 at 12:47 PM
IP Address:
Contact Form URL: [my website]
Sent by an unverified visitor to your site. 

Oh, noes! What do you do!? Well, you might click on the link to see what they’re talking about. After all, you apparently owe them something! “I thought they said my domain registration would last a year,” you think to yourself. Once you click on the link, you are presented with the following:

The Main Page Of A Disgusting Example Of A Website

And you get particularly nervous when this pops up on your screen:

A Repulsive And Misleading Pop-up On An Absolutely Bullshit Site

One of two things happens at this point: you either don’t read it in your panic that your domain is going to expire, or you do read it and realize this is a domain search engine registration “service.” If you aren’t already desperately filling out the form below to save your domain from the former, the latter pushes you to wonder if this is one of those website set-up steps that you (or your contractor) forgot to do. Either way, you may be inclined to fill out the form. Before you do that, though, here is some advice:


There are several reasons for this, which I will outline below. The number one reason is that this is a bogus service in my personal opinion and experience. As far as I know, it’s not even really a service. I doubt they do anything, mostly because search engines no longer have “registrations” like in the earlier days of the internet.

Registering on Google with Search Console is literally FREE.

~ Me, here on this post.

Google, for example, now has YOU register your website personally and easily with their search engine using their Search Console and Webmaster Tools. It’s literally FREE, and even if someone else did it for you, the prices they are charging are obscenely high. You don’t even HAVE to register. Search engines use what are called “spiders” to crawl the web and find sites. Eventually, it will find and index yours; it always does.

Never Sign Your Written Signature Online, Particularly To Any Random Site!

Secondly, but MOST IMPORTANTLY, giving out your information not only compromises your website security but SIGNING YOUR NAME in the box is REALLY INSECURE. If you were to sign your name in the box with the signature you use in business, this signature image could then be copied and used by anyone. It could easily end up being sold on the Dark Web, and with it, people can easily forge your signature on all sorts of bogus contracts and checks.

Although no contract ever surfaced, this is what happened to my friend. They vaguely remember signing something on the internet but couldn’t remember what exactly. When multiple scammers came calling, they often claimed they had a contract they could produce with their signature on it, and often that was enough to convince my friend to pay. After they refused to pay, the contracts also never seemed to appear. With this signature box, though, they COULD, and that’s REALLY BAD.

These e-mails/contact form submissions are fishing for people that fit this profile. They word it consistently (and if you doubt the consistency see below) in their “cold pitch” to make it sound like you are already in a contract with them or already owe them some form of compensation. Unless you got roped into paying, YOU DON’T, and if you DID get roped in, STOP PAYING and DEMAND accountability. If they’re not rendering any real services, that means they’ve scammed you. On top of that, you have the right to CANCEL any subscription at ANY time. If collectors call you, and the amounts keep changing, the terms seem loose, and they are intimidating, they are potentially breaking the law (by harassing you and scamming you), and you owe them nothing.

My Response To These Potential Scammers

I filled out their contact form with the following:

I got an e-mail from my contact form from your company that stated, "We have actually not received a payment from you."

The reason you haven't received payment is that I never actually signed up for your service, and never will. This is a really offensive way of saying I haven't purchased your service and is incredibly misleading.

It's so misleading, in fact, that a friend of mine who runs a business with a website thought they had to fill out and submit the corresponding form to be listed in search engines (you are fully aware they do not) and because of that ended up being scammed by multiple companies claiming they had performed "services" they had never performed. They ended up paying several of them because they thought they had to since they filled out this form.

That's all this form and website is: a gateway for ignorant people to "pass through" so that others, and possibly yourself, can claim that they're owed ridiculous amounts of money for services that almost never were actually rendered.

It's disgusting, deceitful, misleading, predatory, and in my opinion is either illegal somewhere in some fashion, or should be. I will be reporting these e-mails, and this website to authorities and publicizing your operation so that others are not similarly scammed.

The Lowdowns And The Nitty Gritty Details

This particular operation is running under the following domain names:

Domain Names Registered With Namecheap Inc (Report Abuse)

Domain Names Registered With Moniker Online Services LLC (Contact)

I couldn’t find an abuse reporting form on Moniker’s website, however I was able to find the following contact information regarding abuse for the company: phone +49.68949396850. That’s an international number, but they have a toll-free number for general use (U.S. and Canada) listed on their website at (844) 760-0251.

Associated Domain Names Registered With [numbers] LLC (Contact)

Here’s where things start to get really strange, and a rabbit hole begins to emerge.

I will document this rabbit hole as I learn more about it. In the meantime, these are domain names that I found to be associated with this potential scam enterprise possibly. The three I list here redirect the user’s browser through various means to a various number of redirect services, many of which land you on pages that try to trick you into downloading viruses and trojans. They also log IP addresses, so if you try enough times on the same IP address, they’ll potentially become tame and redirect you to a parked domain site (thus eluding the potential that you can capture evidence.) I have not linked to them directly for that purpose. I do not recommend visiting these domain names.


As an example of the “rabbit hole,” I found that forwarded me to a (owned by URL, which then forwarded me to another domain (with query parameter): (which is also registered with Namecheap Inc). This domain name was hosted on a server with the IP address, and although difficult, I was able to track down that as being operated under the domain name as well as being hosted with OVHcloud (their U.S. Report Abuse form).

However, while this is ancillary support for making a case that all of this is a big scam, it’s not really on the topic of this post. I digress, so I shall return to Domain Services.

Who Are Domain Services?

All of these currently operating domain names (not with DropCatch) currently claim to be operated under the same entity name of “Domain Services” (in fact, all of the domains point to the same server IP, see below.)

If you happen to fill out the form (NOT with your own or any legitimate information) you will eventually get the following payment information screen:

As you can see their current mailing address is:

Domain Services
1342 Military Rd
Suite# 4347
Niagara Falls, New York 14304
United States
Google Map

It appears that “Domain Services” rents/rented a mailbox from CBI USA Mailbox Rental at this address. I have contacted them on their Facebook page about this situation. Their contact e-mail address is

Here are some other articles/posts that have previously addressed this scam:

  • posts about this very potential scam in September of 2020. A commenter notes it as “shut down” as they reported to it to the FBI and the links are broken, but as you can see this result is not the case.
  • posts about this potential scam here.
  • posts questions the potential scam domain names here, and here.
  • Lambros posts about a very similar scam, showing that one potential scammer operating under this model has already made off with approximately $585,967 in Bitcoin.
  • published an article detailing a very similar scam as well.
  • KuduWebsites posts about a very similar scam involving domain services.
  • also comments on another similar scam.

Of Course It’s On Social Media

I’ve decided that one way to help combat this potential scam is to make people, and the companies that are enabling it, very much aware of the problem. Here are the results of this endeavor.

Hosting A Potential Scam; Meet

When I first came across this potential scam the website was being hosted on DediPath servers. It’s NO LONGER hosted on DediPath because they did the right thing and terminated their service (or at least nulled the ip address.) HEre is a tweet showing the end result of that exchange:

Please congratulate DediPath for doing the right thing.

Now the potential scam is located at: which seems to be hosted by HostKey. I have now contacted them. Here is HostKey’s information: Facebook, Twitter.

They quickly hopped on to another hosting service, HostKey. I also contacted them on Twitter:

And again:

And again:

And again:

And still I have yet to receive a reply. HostKey’s latest Tweet at the time of this writing is:

Yeah, they sure are. Maybe a little too safe?

Giving A Potential Scam A Platform; Meet NameCheap And Moniker

But Asher, I hear you say, what about their domain name?

Well, their domain name is registered with the Namecheap company. Here is their information: Facebook, Twitter. They are also protected by WhoisGuard Inc (they don’t seem to have social media accounts.) I have also contacted Namecheap on Twitter as well:

Eventually the Tweet thread produced this result:

But are they though? This eventually happened:

I did just that. This is what I got in reply in my e-mail:


Thank you for the report.

We have thoroughly investigated your allegation to the extent of our capabilities, but we were unable to validate your claim. 

The issue would need to be addressed through the hosting provider to see if their terms of service have been violated. We have no way to police these issues as we do not control the hosting company in this instance. 

You are welcome to find the contact details of the company that owns the IP address currently assigned to the domain name below:

If you consider the website owner is using our services in a bad faith, please report the issue to authorities for a proper investigation to be held [ed - emphasis added]. We will assist them in any way we can. Also, if you believe you are the victim of an internet crime, or if you are aware of an attempted crime, you can file a complaint through the Internet Crime Complaint Center at 

Please let us know in case of any questions.

Den M.
Shift Leader
Legal & Abuse Department
Namecheap, Inc. 

Ticket Details

Ticket ID: *************
Department: Fraud / Phishing
Type: Domains L&A
Status: Abuse not confirmed

Priority: High

Yeah. Well, I feel a bit like this guy about all of that:

I’m going to personally be checking out the Namecheap Terms of Service… in the meantime, that is definitely one domain name registration company I would not do business with.

As written above, Moniker (Facebook, Twitter) is the registrar of a number of the domains involved in this enterprise. I have notified Moniker as well:

And again:

And again:

And again:

Here they are on the 3rd:

Maybe having to perform emergency maintenance for a possibly avoidable crisis just overwhelmed them and they couldn’t get back to me? Maybe?

I didn’t really think so either.

Miscellanea; Security Certificates And Web Analytics

These devious individuals also employ a couple of other services to which most usually pay no attention. They serve their site over HTTPS (using Apache server software). This means that a certificate authority somewhere had to issue them a legitimate certificate, in essence, lending their name to the credibility of the site. Just who was this organization? What are the details of their Secure Socket Layers certificate? Well, their certificate reads a bit something like this:

% echo | openssl s_client -showcerts -servername -connect 2>/dev/null | openssl x509 -inform pem -noout -text

         Version: 3 (0x2)
         Serial Number:
     Signature Algorithm: sha256WithRSAEncryption
         Issuer: C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority
             Not Before: Mar  4 00:00:00 2021 GMT
             Not After : Jun  2 23:59:59 2021 GMT
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Authority Key Identifier: 
             X509v3 Subject Key Identifier:
             X509v3 Key Usage: critical
                 Digital Signature, Key Encipherment
             X509v3 Basic Constraints: critical
             X509v3 Extended Key Usage:
                 TLS Web Server Authentication, TLS Web Client Authentication
             X509v3 Certificate Policies:

             X509v3 CRL Distribution Points:
                 Full Name:

             Authority Information Access:
                 CA Issuers - URI:
                 OCSP - URI:

                 ......v.}>.....Uh$....R.y+..x...j.h.~".....w.,.......G0E. !..y.....N..d.+..=..f.5..V..}..B.!..f^m^.o.o..3.J..'?T......n...M^lO.=a.N/XM.....w.,.o.....F0D. 3....-.?..m..7F8v...........Ra.N. ....D...Z3..X.fq/!.V..:.....E.K.
             X509v3 Subject Alternative Name:
    Signature Algorithm: sha256WithRSAEncryption

I wonder if their CPanel vendor knows what they’re using their software for, which of course is managing the hosting configurations for a potential scam.

They also use Google Analytics, as their Google Analytics code is: UA-164062919. That ID is linked to a total of fifteen domains (all of the domains listed above.) Not only is it possible that this website is in violation of Google’s Terms of Service in regards to their analytics, but that also means your data is being tracked by Google on their behalf. Their “privacy policy” is actually pretty explicit in all the intrusive things it will collect on you. However, I really doubt that it’s in line with all the requirements of various privacy laws particularly PIPEDA and the Privacy Act of Canada (considering their address rental.)

I’m pretty sure though when it comes down to it, Google Analytics wouldn’t exactly be keen on being associated with this site. As of now though, as long as that Google Analytics ID is valid (the status of which I am unaware and make no claim) they are.

More Contact Form Submissions

In case you might be thinking that that form submission from my site was a one off fluke thing, here the evidence I can provide you that says otherwise. I receive quite a bit of form submission spam, which I will also publish elsewhere, but here is the SAME potential scam mechanism contacting me multiple times (practically daily):

Name: Raul Casner

Email: [my email]



Domain Notice Expiry ON: Feb 21, 2021

We have actually not obtained a settlement from you.
We’ve tried to contact you yet were not able to contact you.

Check Out:

For information and also to post a discretionary payment for your domain website solutions.

022120212245503753688578798[my domain]

Time: February 21, 2021 at 8:45 PM
IP Address:
Contact Form URL: [my website]

Sent by an unverified visitor to your site.

If you go to the website URL shortener address you’ll see this warning:

That shortened link can be problematic. It does not comply with our Terms of Service and/or his redirect (source) has been reported as a suspicious link that may lead to dangerous/suspicious content.

This may be due to the URL:was reported by any black-list service

– was reported as a suspicious link
– has more than one redirect
– has been shortened more than once
– has been broken (404, etc.)
– was reported as potentially malicious / spam etc.
– has a content that we do not accept (porn, violence etc.)
– does not comply with our Terms of Service

And of course, the listed URL? of course.

For the record, I have never been in any kind of business relationship with this entity and never will. I do not have settlements against me, I have never agreed to any settlements, I know of no settlements. They are clearly implying I owe them a settlement, when in reality, I just haven’t purchased their “service.”

Here’s yet another contact form submission… but this time they’ve changed the domain name! I’ve listed it above as well.

Name: Tarah Cano
Email: [my email]
Domain Notice Expiry ON: Feb 23, 2021

We have not gotten a settlement from you.
We have actually attempted to call you yet were not able to contact you.

Browse Through:

For information and also to post a discretionary payment for your domain website service.


Time: February 23, 2021 at 2:11 PM
IP Address:
Contact Form URL: [my url]
Sent by an unverified visitor to your site.

And Another One…

Name: Sebastian Brinker
Email: [my e-mail]
Domain Notice Expiry ON: Feb 24, 2021

We have not gotten a settlement from you.
We've attempted to call you however were unable to contact you.

Browse Through:

For details as well as to make a discretionary payment for your domain website solutions.


Time: February 24, 2021 at 4:31 PM
IP Address:
Contact Form URL: [my url]
Sent by an unverified visitor to your site.

And Another One…

Name: Johnie Niall
Email: [my e-mail]
Domain Notice Expiry ON: Feb 25, 2021

We have not obtained a settlement from you.
We've tried to email you however were not able to contact you.


For info as well as to process a discretionary payment for your domain website service.


Time: February 25, 2021 at 1:38 PM
IP Address:
Contact Form URL: [my url]
Sent by an unverified visitor to your site.

And so on and so on and so on and so on…

I have published any assorted logos, trademarks, and company names for educational and commentary purposes only and not with intent to sell, impersonate, mislead, nor commit libel. There are no advertisements nor advertising services on this page/site that incur me any income personally whatsoever. It is also important that the reader understands that the information presented here has been aggregated from various public sources that are publicly available to anyone and that it is published solely for the purpose of reference, and not for any malicious purposes or intent. I advise the reader that any kind of harassment towards individuals and companies can be considered a crime. My intent in publishing this information is to provide relevant and valuable resources for victims of this potential scam and to raise awareness about these issues, and the individuals/companies who allow it to continue.

Leave a Reply

There are currently no comments. Why don't you kick things off?



Follow me on Twitter