First off, sorry you’re stuck dealing with this scammer piggybacking on your business’s domain to run a fraud scheme—total low move. Here’s a step-by-step breakdown of how you can uncover the real domain owner to support your police report:

• Start with the domain registrar (even if WHOIS is hidden)
  The fake contact info uses dns-protect.net, which is a privacy proxy service, but every domain is registered through an actual registrar (think GoDaddy, Namecheap, Cloudflare Registrar, etc.). To find the registrar:

  1. Run a WHOIS lookup on the scam domain (most free WHOIS tools will show the registrar even if owner details are redacted).
  2. Locate the registrar’s abuse team contact info (usually listed on their website under "Abuse" or "Legal").
  3. Send them a detailed report: include screenshots of the fake site, evidence of user fraud (like transfer records), proof of your business domain’s similarity, and a request to disclose the real owner’s information under their anti-abuse policies. Most reputable registrars will comply when presented with clear evidence of illegal activity.

• Reach out to the hosting provider
  Scam sites need a host to be online. Here’s how to find them:

  1. Use the command nslookup <scam-domain> in your terminal (or an online IP lookup tool) to get the domain’s IP address.
  2. Do an IP WHOIS lookup to find the hosting company associated with that IP.
  3. Contact their abuse team with the same evidence you used for the registrar—hosts are required to address illegal activity on their servers, and they may have direct access to the real owner’s account details.

• Escalate to ICANN if registrars/hosts drag their feet
  ICANN is the global governing body for domain names. If the registrar isn’t cooperating, file an abuse report through ICANN’s official system. They have the authority to force registrars to disclose real owner information when there’s proven fraud or illegal use. You can also look into filing a UDRP (Uniform Domain-Name Dispute-Resolution Policy) claim—while it’s typically for cybersquatting cases, clear evidence of fraud will strengthen your case and push the registrar to act.

• Bring in local law enforcement
  This is often the most reliable path if other steps fail. File a formal police report detailing the fraud, then ask your department to issue a subpoena to the registrar or hosting provider. Companies are legally obligated to comply with law enforcement subpoenas for illegal activity, so this will force them to hand over the real owner’s details.

• Dig for small traces on the scam site
  Scan the fake restaurant site for any accidental clues: do they have a hidden contact email, a payment processor account ID, or social media links? Even tiny details can lead you (or law enforcement) to the scammer. For example, if they’re using a specific payment service, report the fraud to that service—they may be able to trace the account to its owner.

Pro Tip #

Save every piece of evidence you have: screenshots of the scam site, user testimonials of fraud, transaction records, and all communications with registrars/hosts. This will make every step of the process smoother and more credible.

内容的提问来源于stack exchange，提问作者Taleb