(2 votes, average: 5.00 out of 5)
Loading...A notorious hacker disguised as an “SEO specialist”… several successful online pharmacies that allegedly lost millions after their domains, rankings, and entire businesses were wiped out… and one privacy-focused registrar that helped a single vendor survive while others disappeared. The stage is set for a fascinating cybercrime story — and we can’t wait to tell you about it.
Whether you are a biohacker, productivity hunter, or a fan of nootropics, we’re willing to bet you own a domain name. Hell, you may already run a successful online business… or you’re on your way there 😉
With permission from our friends and the owners of the ModafinilXL family of online pharmacies, we are publishing this fascinating story about how their ‘innocent’ SEO business partner turned out to be a serial fraudster and scammer.
But this intricate web was cast much further. Ever wondered why popular modafinil vendors ModafinilCat and AfinilExpress suddenly closed down? Why domain buymoda.org and its owner, Moda Mike went off the radar? Or why owners of modafinilcat.com who sold prescription drugs for BTC and became crypto millionaires after the crypto bull rally are no longer in business?
Put on your detective hats and we’ll show you how one small-time hacker who had big plans connects them all! And while we’re at it, we’ll give you a “common hacking techniques 101” refresher, plus tips on how to protect your online business from scammers and opportunists looking to exploit you, so you don’t have to learn the hard way like these companies did.
For Those Limited on Time — The Short Takeaway
Transfer your domains to a privacy-first, abuse-resistant registrar trusted by businesses operating in sensitive industries. ModafinilXL and other established moda vendors found their safe haven with Trustname.com
- ICANN-accredited registrar (IANA ID 4318)
- EU-based privacy protections (GDPR + more)
- Crypto payments accepted (175+ payment methods)
- No KYC required — anonymous and bulletproof domain registration
- Manual abuse review process — forget automatic takedowns and random suspensions
- Built for standard projects, as well as high-risk and privacy-sensitive ones (crypto, gambling, adult, online pharmacy, cannabis, free speech, SEO networks, and more)
- Flat renewals with no surprise pricing games
Move your domains to Trustname before someone else moves them for (from) you.
Limited Time Offer for Webmasters
P.S. Get 50% OFF all domain registrations and transfers at Trustname until May 10, 2026 using promo code MODA50. Thinking about moving away from mainstream registrars like GoDaddy, Namecheap, or Network Solutions? See the full benefits of transferring your domain to Trustname.
Now, let’s get back to our long story.
Modafinil vendors shutting down – an unsettling trend
When modafinil vendors ModafinilCat, AfinilExpress, Rapidfinil, DuckDose, and BuyModa.org mysteriously went dark, millions of customers suddenly didn’t know where to get their next prescriptions.
We had all seen this plot in the movies before – the shady guy (and maybe his friends) creates a business, carries out marketing campaigns to build trust and attract investors and unknowing customers, and then poof… they disappear into thin air.
With these modafinil vendors, it was easy to think – were these companies running illegal businesses? Were they selling smart drugs, cashed out, and gotten away with it? Contributors on Quora certainly thought so… Selling drugs online sounds shady in some way right? Maybe the DEA or FBI shut them down?
Modafinilcat.com was a particularly interesting case. In 2016, the bulk of the vendor’s sales were made in Bitcoin – 1 BTC was around $400 then.
Then in the several years following, the crypto bull markets multiplied their earnings hundreds of times over, literally. So were they suddenly satisfied with their earnings and closed their site voluntarily?
Over the last 10 years, Afinil Express, BuyModa, and other pharmacies like Eufinil and Modaup have shut down. Eufinil closing its doors was pretty understandable – they had complications with the Covid crisis, but the others?
ModafinilXL is still the most trusted modafinil supplier and the only major modafinil seller to have survived 10 years in the market, and not only survived but strengthened its position in the market. ModafinilXL has recently launched its sister online pharmacies for patients in the United States (ModafinilUSA), the United Kingdom (UK.Moda), Australia (Modafinil.AU), and the EU (Afinil.EU).
The other market players, on the contrary, closed for unknown reasons and many even lost total control of their domains.
A hint…
No, it wasn’t the FBI… not the DEA… and these brands were definitely not running illegal businesses.
Behind the serial closures of the largest nootropic stores and the largest cyber attack ModafinilXL ever experienced taking down their website for 3 months, was just one person.
Our villain is a modest guy from Pakistan – a well-known cyber criminal, hacker, fraudster, and employee of domain registrar, Paknic – who uses hundreds of different names to stay anonymous. But today, we’re shining the spotlight on him and putting a face to the silhouette – not to his pleasure we assume – so you don’t fall victim to his tricks.
‘Small Pharma’ – a prime target for bad actors
Before we get to unveiling our crimelord, let’s create some context. Many of these modafinil pharmacies didn’t exactly ‘crash suddenly’. There were a ton of signs indicating something was amiss.
First, many of them were constantly moving between registrars and even changing their domains completely after investing heavily in marketing and branding. Why you ask? In this digital age, there is no shortage of scammers looking to exploit successful businesses. And these modafinil vendors were a prime target.
How? Regulatory issues, close attention from the FDA and LegitScript, the general sentiment of brands selling modafinil as operating in a grey area, plus the obvious pressure from Big Pharma, meant any fraud cases involving these modafinil vendors would more often than not, be given less priority.
With security agencies who are meant to protect businesses turning a blind eye to modafinil vendors under attack, hackers and bad actors could now have a field day with:
- sophisticated Level 7 DDOS attacks – using a network of devices to overwhelm the traffic handling capacity of a website;
- phishing attacks – masquerading as a reputable company in order to steal sensitive information from their customers – usernames, passwords, credit card info, etc;
- phishing letters – sending scam messages with a demand to urgently reset passwords by clicking a fake link;
- complaints to payment processors and credit card issuing companies like Paypal, Visa, AmEx, & MC to prevent online customers from making payments for their prescription drugs;
- fake complaints to regulatory agencies like the FDA in the US and similar agencies in other countries to ban these modafinil vendors from operating in their regions;
- fake complaints to the USPS and US Customs Service to impound packages of modafinil sent to patients, claiming they weren’t prescribed;
- and most interestingly – False Abuse reports to domain registrars and hosting companies in charge of these modafinil vendors’ domains and websites.
“Why didn’t they sue?” – answers from ModafinilXL
“As a ‘grey area’ business and an online pharmacy, we cannot simply hire a lawyer in the US and go to court. Online pharmacies are normally globally distributed and outside US jurisdiction.
What’s more? Since most of these fake and deceitful complaints are sent from hundreds of emails that look legit but are actually from scammers trying to bully successful companies to pay them ransoms, legitimate online pharmacies have to move the earth to prove to domain name registrars that the complaints received have no basis.
What makes it worse? Large registrars with many customers don’t even bother investigating these reports to find out whether they are legit – for them, it is easier to just get rid of the ‘problematic domain’ and de-list it from their platform.”
Scammers use this knowledge to their advantage when threatening brands. And sadly, online businesses are forced to comply because they know all it takes is sending enough complaints from enough emails, and they’ll have the domain registrars on their side.
And now… drumroll… it’s time for the main event. One hacker was responsible for or at least affiliated with most of the modafinil giants suddenly going dark. We’ll now discuss exactly how he pulled this off… from ModafinilXL’s POV.
The blackhat SEO specialist
It all started with a courtesy message:
When ModafinilXL first launched in 2016, the company received an email from an ‘SEO specialist’ who offered his services and promised to take the brand’s website to the first position on Google for Modafinil-related searches.
He took it a step further – he claimed that his SEO team was currently managing the ModafinilXL.co domain name and was generating 3000 customers per month. If only ModafinilXL.com would work with him, then they’d send all the traffic their domain was getting to the brand.
The ‘SEO specialist’ promised heaven and earth, and guaranteed that the brand will be ranking as the number 1 result on Google in just 3 months – ModafinilXL took the bait.
After 12 months of work, however, with no results, ModafinilXL had had enough. If anything, their rankings on Google had worsened and it was decided that they were going to end their partnership with the mystery SEO specialist and his team.
Now in 2017, ModafinilXL was already incredibly popular through word-of-mouth advertising and direct referrals. By simply providing a super product, the brand was already the favorite among biohackers and an entire generation of Silicon Valley entrepreneurs, startup-ers, students, and night-shift workers.
For the next five years, ModafinilXL continued to provide top-notch customer service and set a new standard in the industry by offering 3-day domestic shipping to customers from the US, UK, Europe, and Australia, the first of its kind.
A 5-year grudge
Then, it happened. ModafinilXL was hit with a massive DDoS attack in June 2021.
From the horse’s mouth: “Cloudflare’s DDoS protection service was unable to help us because the hacker had previously made sure that Cloudflare blacklisted the ModafinilXL.com domain and other sites selling Modafinil and other prescription drugs online.”
ModafinilXL was practically defenseless against a botnet of hundreds of thousands of devices overwhelming the site’s bandwidth or traffic-handling capacity. How long? For two whole months. The brand could no longer receive orders from customers – their website remained unavailable and visitors were served the “Webpage not available” response:
ModafinilXL – held at ransom
Initially, the hacker demanded a payment of $5000 monthly if ModafinilXL wanted their website restored. However, once he saw how effective his DDoS attack was, he felt he had the leverage to demand for far more.
To stop the DDoS attack, the hacker bumped up the ransom to a shocking $150,000 in cryptocurrency – 30 BTC at the time – or to put it in context, the price of a decent luxury mansion in Silicon Valley at today’s BTC price. Naturally, ModafinilXL did not have that amount to spare and refused to pay him.
ModafinilXL shares:
“Then a flicker of hope – a few days later, we were bombarded with offers by mail from a dozen different cybersecurity experts offering to monitor and neutralize the attack. Their fees were much more modest and we were getting decent offers around $3,000 to solve the problem.”
“We had an election and decided to hire one. But we couldn’t catch a break. The first ‘expert’ we hired took the payment and vanished. The second hire just couldn’t solve the problem.”
“Meanwhile, our customers still couldn’t place their orders and replenish their supplies. Many of them were people living with ADHD and given the problems with healthcare in the United States, this interruption in service was incredibly disheartening. We were now in the third month of zero service and our customers were waiting eagerly.”
Rock vs hard place
“After several hires and botched attempts by cybersecurity experts to help us, we finally gave in and had no choice but to pay the hacker. We managed to negotiate the ransom down from $150,000 to $20,000, which we settled in bitcoins, and gave him the condition that he never returned again.”
And as you can guess, he was gone like the wind… but only for a while. Paying him turned out to be ModadinilXL’s biggest mistake – after all, all detective stories say that you should never negotiate with extortionists, but to be fair, the brand had no choice.
And like a predator that’s tasted human blood will attack a person again with renewed vigor, it happened again:
This time, ModafinilXL started getting messages from a different email address, however, the same brazen demands made using extremely poor grammar, similar lingo, and that desperate urgency gave him away easily as the same hacker they had just paid 6 months before:
After his 6-month hiatus, he tried using the old DDoS tricks but they no longer worked as the brand had taken care of that.
But then, he suddenly attacked from an unexpected front. This time their domain registrar was receiving fake complaints every week from different anonymous users claiming to be buyers of their products and alleging that they were selling dummy pills to them. The complaints kept coming in until ModafinilXL’s domain registrar asked them to transfer the domain to another registrar.
While they were trying to figure a way out, what they didn’t realize was the same hacker was attacking other modafinil vendors – he had found his groove and was having a field day with brands like BuyModa.org, and HSP.
One of the most brazen fake complaints made to the company’s registrar at time claimed that the complainant’s wife bought modafinil from their website and ‘almost died’:
But it didn’t end there. After migrating their domain to several registrars, there he was once again, threatening that he and his team will continue bombarding their new registrar, Epik to close down their domain name:
ModafinilXL was being attacked on all fronts across all platforms they were using to support their website and customer access – similar complaints were made to their hosting company at the time, email distribution company, the link-shortening service they were using, and other related services.
Eventually, ModafinilXL was added to five spam lists and all antivirus databases – at a point, their clients could not even receive updates on their current orders.
Despite countless appeals to the registrars they were using, the company was never vindicated. Since brands like ModafinilXL target an international audience, an international pharmacy cannot obtain a ‘worldwide license’, but the registrars didn’t care – they kept asking for paperwork and licenses, and if the company couldn’t provide them, their domains will be de-listed.
Another blackout for ModafinilXL
With one particular registrar, ModafinilXL was on the verge of closing and completely losing access to the domain. They had migrated their domain once again to the Swedish registrar, NAMEISP and like clockwork, the complaints started pouring in.
On June 12, the registrar decided to side with the extortionist and completely shut out ModafinilXL’s access to their domain name modafinilxl.com – customers could no longer access the website to replenish supplies and it was completely unavailable for almost 3 months.
ModafinilXL shares:
“By default, the mediating party (domain registrars in this case) tends to side with the complainant, and we were always on the defense. Many registrars also suggested we take the case to court, but only after delisting our domains.
With NameISP, we spent a lot of time and effort trying to prove our case to the domain registrar and even attached several screenshots with ransom requests. Meanwhile, the surprises never ceased – the hacker boldly claimed he was responsible for taking down buymoda.org:
After long negotiations with NameISP, we were finally given access to the domain back with the condition that we transferred it to another registrar. We were finally back.”
From registrar to registrar we hopped
By the time ModafinilXL was leaving NameISP, the brand had transferred the domain name between 18 registrars. They had used US-based GoDaddy, Namecheap, Openprovider, NameBright, Network Solutions, Name.com, internetbs, register.eu, combell, and a bunch of offshore providers.
ModafinilXL had also used Chinese registrars – Phoenix, Cnobin, and NiceNIC, Malaysian ilovewww – and Russian Reg.ru (a registrar that used to be considered bulletproof for webmasters). Continuing the list, Njalla, Vietnamese Matbao, Rebel from Canada, founded by an online pharmacy business owner, known as a lifesaver for online pharmacies (their experience proved otherwise), and Epik (the US-based provider) did not protect them either.
After the NameISP saga, the company eventually moved to Pakistani provider, Paknic, which gave mediocre service at best but actually helped them identify the hacker.
They even got a scam email from the ‘supposed CEO’ of Paknic offering to protect their domain for a $5k payment. But they missed a very subtle clue there, initially.
ModafinilXL’s big break – Trustname
ModafinilXL.com got its big break when they discovered Trustname – a truly bulletproof domain registrar from a tiny European country called Estonia. While other registrars crumbled under the pressure from this notorious hacker, only Trustname decided to remain neutral and give ModafinilXL a heads-up whenever a fake abuse report was made.
A major slip up
With so many moving parts in this scam engine, the hacker eventually made a small error that allowed him to be exposed. While at Paknic, ModafinilXL had an account with a very specific and unique email address, not used anywhere else online and completely different from the ones on the brand’s WHOIS records.
The scammer previously contacted the company from publicly available addresses that were linked to their website. Then one day, it happened. The company received one of his typical ransom demands to this specific, completely private email address only linked to Paknic.
This only meant one thing – he had access to Paknic’s admin backend and found this specific email there, since the company had never used this specific email address anywhere online. With that lead, they were able to eventually find out that their phantom scammer was an employee at Paknic!
A disturbingly intricate web
Modafinil shares:
“We conducted further internal investigation that lasted for six months and were finally able to identify the IP addresses of some of the devices he was using – this, however, only led to more shocking discoveries.
The hacker was the same person who was our advertising partner, SEO promotion specialist, payment acceptance consultant, and our current contractor for guest posting and advertising.
He was also the same person behind a company that had offered their service as a payment processor for high-risk merchants and charged $24,000 to join their platform.
We once had an affiliate partner who begged us to hire him, complaining that his children were sick and he had nothing to eat. Guess who that was? Our star hacker! Keep in mind that he had already received $20,000 in BTC, just a year before.
With this discovery, we eventually reached out to some of the major market players who suddenly went dark including ModafinilCat and AfinilExpress, and recently Modafinil Mike™ – owner of buymoda.org who had lost access to his domain.
They had all been victims of a hacker who used the same strategy of reporting their domains to their registrars to destroy their reputations. And unlike us, they weren’t as lucky. As soon as these brands lost access to their domains, they were hijacked by domain squatters and dishonest competitors, officially grinding their businesses to a halt.”
Lessons learned – the Trustname difference
If you own an online business or manage a portfolio of domain names, it is extremely important to assign your domain to a domain name registrar you can trust. Big doesn’t always mean good – in fact, most large US-based registrars (such as GoDaddy, Namecheap, Dynadot, Namesilo, and others) ignore appeals and rarely side with the client.
You want a domain registrar that’s committed to their clients or at least maintains a neutral stand, and is intentional about protecting your brand and privacy.
ModafinilXL advices: “For almost a year now, our friends at Trustname have kept our website, blog, and partner store sites online, even when fake complaints rained down. Their commitment to siding with the client is simply unmatched and they adhere to the principle of the presumption of innocence for businesses who trust them.
ModafinilXL recommends Trustname
“After the ordeal we have been through, we’ll continue to sing Trustname’s praises for coming to our rescue and advertise their services. And that’s why if you are looking for a reliable registrar for your domain needs, Trustname has a special offer for you:
Trustname aka “the truly bulletproof domain registrar” as they’re so fondly called by their users is providing every webmaster reading this with a 50% discount on their first domain name purchase, transfer, and renewal.
This exclusive offer means you can get your new .com for as low as $7.49 and renew your current .com domain for $6.49 for 1 year and without any additional conditions. You’ll never find these rates anywhere else!
In sharp contrast, renewals at registrars like GoDaddy start at $21.99 – that’s triple the price of what Trustname is offering.
Hurry though, because this promotion only lasts for a week until May 10, 2026! With each domain registration/renewal, you get a bunch of free addons including proprietary two-layer protection, premium 100% Uptime DNS, a free SSL certificate, and a free email address.
To enjoy this offer, use the promo code MODA50 on checkout!”
Our little secret
You’re getting this newsletter because we knew that you have managed domains in the past or currently have domains in your portfolio. How did we know this?
Try using this WHOIS reverse lookup tool and fill in your email there – you will be surprised by the results. Reverse WHOIS lookup tools like this allow anyone on the internet to find the domain names you manage by simply filling in the registrant’s (you in this case) name, address, telephone number, email address or physical address.
Trustname makes it impossible for bad actors (or anyone for that matter) to find your sensitive data this way. Unlike most other registrars with just one layer of domain protection, Trustname uses a proprietary two-factor privacy protection to keep your personal data hidden from the internet.
With Trustname’s domain protection, you are already several steps ahead of whoever may have ill intentions towards your brand – they won’t know who owns your domain and if they are targeting you in particular, they won’t know which domain assets you manage.
A hacker’s resolve
ModafinilXL shares:
“After we found a safe haven with Trustname, the most reliable registrar for our portfolio of domains who ignored these fake reports and even gave us a heads-up each time they were filed, the hacker did not stop.
Recently, he began launching phishing sites targeting the ModafinilXL keyword. The scammer started creating sites including modafinilXL[.]RU and ModafinilXL[.]CO in an attempt to steal customer traffic and obtain their sensitive information – these are not our sites!
Our only website address is ModafinilXL.com with the ‘.com’ domain extension and we are not associated with any of these country code top-level domains (ccTLDs) such as .RU, .TO, or .CO.”
As if that wasn’t enough, the scammer changed tactics and started creating fake professional emails linked to these phishing sites – e.g: admin@modafinilxl[.]co and unsuccessfully tried to steal the payment info of some of ModafinilXL.com clients.
“The scammer then tried to gain the trust of the payment gateways servicing us by sending fake emails impersonating us, in order to request links to reset our passwords and gain unauthorized access to our account, but thankfully without success.”
Unveiling the phantom hacker
Let’s welcome to the stage, the phantom scammer and extortionist, no other person than Imran Khan, disguised as an ‘SEO specialist’ based in Dubai. Imran is originally from humble roots in Pakistan and was the agent behind the domain takedowns of ModafinilCat, BuyModa, and AfinilExpress.
Deserves his own outlaw flier don’t you think?
ModafinilXL’s investigations also revealed that this scammer is affiliated with the online pharmacy, Foxdose[.]com – so avoid them at all costs.
Once Imran sets his sights on you, he’ll follow you to the ends of the earth to extort you and if you don’t comply, he will only move on after he has completely destroyed your brand.
Imran’s arsenal of email addresses
One reason why Imran’s scam campaigns have been incredibly successful is the sheer number of email addresses he has in his arsenal to hide his identity and send hundreds (if not thousands) of seemingly independent complaints. These are some of the recent emails that ModafinilXL found that he had used:
- info@imranseo[…com]
- kabulkhan0307@[…com]
- portervivian094@[…com]
- lipslimpcerank1975@[…com]
- juscsonsjaduck1983@[…com]
- sukhdigital7961@[…com]
- stevenirvin974@[…com]
- patrickferrero1991@[…com]
- gerald09max@[…com]
- dpkrantz21@[…com]
- ikimranseo@[…com]
- ik3004@[…com]
It all starts with a courtesy email:
However, now you know enough to run the other way!
Oh we won’t stop at his social profiles. More deets on this unrelenting hacker:
Postal Address: Deans Trade Center FF407, Peshawar Pakistan
WhatsApp line: 00923355415180
ModafinilXL shares:
“In total, he used 15 fake names and email addresses to contact us, and not just the free ones but also premium emails. He also created a spoofing email legitscript[.]EMAIL from which the false abuse complaints were sent. By riding on the credibility of LegitScript, these complaints looked ‘legit’ and had the many registrars we used flee with their tails between their legs.
The above abuse report in question was sent from an email address masquerading as LegitScript LLC but actually originates from legitscript[.]EMAIL – a domain registered only a week ago under the name of IceNetworks Ltd., a Nigerian company. The official LegitScript LLC domain is legitscript.COM and this discrepancy helped us find more emails that he was using to send these fake abuse reports.”
Imran deserves another feature…
ModafinilXL shares:
“Our blackhat SEO specialist, Imran Khan is excellent at Negative SEO, and unless you want your site to consistently lose its rankings, risk losing your brand reputation, and be threatened to pay ransoms just to salvage your website, you should definitely steer clear of this professional crook.
Imran Khan runs a well-structured team of black hat SEOs based in Peshawar, Pakistan where he was born, that excels at destroying any reputation online. And now, we figured it’s time to destroy his own.”
Imran Khan’s $5,000 bounty
For any additional information about the scammer, ModafinilXL is offering a $5,000 reward, and intends to pass his details to the FBI, Interpol, and other relevant law enforcement agencies. Whatever info you share can save another unsuspecting business. If you have something to report, you can submit it right here catch-me-imran-khan@proton.me
Ha… the tale ends
And that concludes the legend of one of the most notorious scammers in 2024, Imran Khan, who’s still at large. Many business owners and webmasters underestimate the importance of their domains when it is in fact the single, most important part of their brand.
Scammers in today’s age are getting more cunning and whenever they can’t brute-force their access to your business accounts, they employ tactics like DDoS attacks and phishing. Then the worst of them all – attacking your brand’s reputation directly to ensure your business is blacklisted if you don’t pay a ransom.
Our star brand today was ModafinilXL, the leading modafinil vendor in the world who experienced these attacks first-hand and learned how much damage that complaints fabricated by bad actors can have to one’s brand image. Plus these scammers have the domain registrars on their side, so the odds are stacked against innocent companies who have dedicated years and huge budgets to market their brands.
After hopping between close to 19 registrars, ModafinilXL finally found a safe haven with Trustname. Their commitment is to our clients and they’ll never take any unsolicited action against your domain name. So whether you are an online business owner or domain investor, always make sure to go for a domain registrar like Trustname that’s committed to your privacy and will always advocate for you.
This year, we will continue to send out newsletters for different industries – this newsletter is dedicated to helping webmasters and domain managers protect their brands.
Ciao!
Author Details
Head Modafinil Researcher
MBBS, Doctor Of Medicine MD
Head Modafinil Researcher
