New Domain Renewal Scam Steals Your Credit Card With A Tempting $3 Price And An ICANN Logo

noAn internet maze of several (some hidden) domain names across different registrars, with or without whois privacy, 2 countries, stolen credit card numbers and ICANN. And this only part of what this scam is about.

I got an email yesterday with the subject “ EXPIRATION!”. The renewal price is very low at $3 for a .com that it is very tempting for people that don’t know much about domain names, registrars and renewals.

The email comes from “INTERNET DOMAIN REGISTRATION” and the email address: The domain name spells “domain” with 2 “i”s and 2 “n”s. But “” is not even registered.

The actually mistyped the email address as their scam website is located at with 2 “i”s and 1 “n” in “domain”. The domain was registered at a Chinese registrar by someone from China on the 18th of September 2014 that doesn’t even make an effort to hide their whois details:

Registrant Name: liang wang
Registrant Organization: Wang Liang
Registrant Street: Shang Hai Shi Xu Hui Qu Tian Dong Lu 2887Hao
Registrant City: Shang Hai Shi
Registrant State/Province: SH
Registrant Postal Code: 200000
Registrant Country: cn
Registrant Phone: 02166586654
Registrant Fax: 02166586654
Registrant Email:

Here is the text of the email message for the scam:


As a courtesy to the domain name holder the INTERNET DOMAIN REGISTRATION CORPORATION is hereby notifying you that this is your FINAL NOTICE to submit your renewal registration for:
Failure to complete your domain name renewal registration by the expiration date may result in CANCELLATION of your domain, therefore making it difficult for your customers to locate your website on the Internet.

Attn: Digital Domains MEPE
This important FINAL NOTICE is to inform you to submit your renewal registration for the domain name with the INTERNET DOMAIN REGISTRATION CORPORATION by paying the outstanding renewal registration amount.
Failure to complete your domain name renewal registration by 09/30/2014 may result in the cancellation of this domain.
Your payment includes the domain renewal registration for for 1 year. It is your obligation to pay the amount stated above by 09/30/2014 for renewal of your registration for the domain name
This notice serves as the last reminder for domain name
And here is a screenshot (click on the image to enlarge):
What makes it so stupid is that the domain doesn’t expire for another 7 months from now although they say this: “This Domain Registration notification for will expire on 09/30/2014.”.

Their script is so bad that it can only parse domain names, emails and addresses but not expiration dates. Better luck next time scammers.

But it only gets better from here. If you visit you arrive at a website that says “© 2014 Internet Corporation For Assigned Names and Numbers.” at the bottom and has an actual ICANN logo at the top. It also has some headlines from real ICANN news on the News & Media section.

On the homepage you are presented with 5 ways to pay for your domain name renewal. It’s kinda of funny that you don’t need an account with them and you don’t even tell you what domain name you are renewing! They just want your credit card details and you are done. That easy. When I first saw the email I thought that this was a “Registry Of America” type of scam but I was wrong. They are only trying to take your credit card number and are using the whois data to seem more credible.


The scam website is pulling images and other files from the domain I checked the source files on was registered last November at Go Daddy and whois details are behind privacy. DESIGNLAB.CO has no website. had no whois privacy back in June 2014 and this was the owner:

Registrant Name:                             Mizanur Rahman
Registrant Address1:                         Kashim pur, Bagicha Bazar
Registrant Address2:                         Bishwanath
Registrant City:                             Sylhet
Registrant State/Province:                   Sylhet
Registrant Postal Code:                      3130
Registrant Country:                          Bangladesh
Registrant Country Code:                     BD
Registrant Phone Number:                     +880.1714101291
Registrant Email:                  

The same person owns the domain that is registered with Namesilo. is using the nameservers MEGHEWETT.BIZ that in turn uses the nameservers DNSOWL.COM. All 3 domains, MEGHEWETT.BIZ and DNSOWL.COM are registered with Namesilo. You do the math.


About Konstantinos Zournas

I studied Computer Engineering and Computer Science in London, UK and I am now living in Athens, Greece. I went online in 1995, started coding in 1996 and began buying domain names and creating websites in 2000. I started the blog in 2012.


  1. That’s the same one i got….

  2. Can we report this to anyone?

  3. our clients also had got the notice telling to renew the domains.i quickly identified it as scam. but now i am going to tweet this atricle to our followers. Thank you.

  4. Yeah i receive an email like this and i search in google and find this, thanks

  5. thanks for the post with deep details. I got the same message. I filled payment form with wrong info and it says payment successful! Lol

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.