GoDaddy – providing a safe haven for scammers and cyber criminals

GoDaddy - providing a safe haven for scammers and cyber criminals


You’ve most likely heard of “GoDaddy” – they’re arguably one of the largest domain registrars and hosting providers in the world. Managing over 61 million domains names, over 5,000 employees globally and annual revenues of over $1.6 billion (USD).

All reputable hosting providers have published Terms of Service set out for what is and what isn’t allowed on their services, and have clear reporting routes that you can use to flag up harmful/dangerous content you come across on their services.

GoDaddy is no exception and claim to “take abuse of [their] services very seriously

GoDaddy take abuse of their services very seriously

Whilst many hosting providers only provide a simple abuse@… email address for reporting abuse, GoDaddy have gone a step further and setup a dedicated “Abuse Report Center” where anyone can easily report illegal activity, the exploitation of children, spam, phishing and malware, etc you encounter on websites they host.

GoDaddy - Abuse Report Center

All looks good so far!

In my experience, reputable hosting providers are generally swift to act (and either suspend or terminate the offending website) when you flag up harmful/dangerous content hosted on their networks to their attention.

…but do GoDaddy take action against any of the sites flagged up to them through their “Abuse Report Center”?

It appears not!

Here’s a couple of examples of live scam/phising websites currently hosted by GoDaddy:

monktech-dot-us

monktech(dot)us masquerade as official “customer services” and “technical support” portals for Gmail, Facebook, Hotmail, Microsoft, and Kindle, and purport to be able to help you recover/reset your password of the aforementioned services. This is a scam! This company doesn’t provide official customer service/technical support for these companies – they are simply after one thing; your personal login information! …this is known as “phising”, something prohibited by GoDaddy.

hotmailpasswordreset-dot-com

hotmailpasswordreset(dot)com purport to be a “Hotmail Helpline” which “provides support for troubleshooting hotmail related issues like password recovery, hacked accounts or any other serious issues“. Again, this is also a scam! This company doesn’t provide official customer service/technical support for Hotmail, and again are after one thing; your juicy personal login information!

Both of these domains were registered through and are hosted by GoDaddy:

GoDaddy Hosting Scam Sites

Neither of these dangerous scam sites should remain online, as whilst they do unsuspecting users could potentially fall victim to their respective scams.

  • monktech(dot)us was reported to GoDaddy through their “Abuse Report Center” on 21st October 2016 (and again on 8th November 2016)
  • hotmailpasswordreset(dot)com was reported to GoDaddy through their “Abuse Report Center” on 12th December 2016

However at time of writing (22nd December 2016), both scam sites remain online, and GoDaddy have failed to act upon (or even to respond to!) these abuse reports.

Are GoDaddy unwilling to shut down such scam sites as these, and allow them to continue, simply so as not to lose revenue from the scammers behind them who pay GoDaddy to host them?

If GoDaddy can be this complacent about clearly obvious phising/scam sites such as these two examples, and continue to host them, it does make you wonder just how many other sites like these two they’re knowingly hosting? It also makes you wonder that if 2 months after first reporting one of these sites no action has yet been taken… what would happen in the event of a report of something more serious; exploitation of children – would GoDaddy allow these sites to continue online too?!

What are your experiences of submitting abuse reports to hosting providers like GoDaddy?

As a footnote; websites/services offering you help with “account/password recovery” for websites/services other than their own are scams. If you need to recover your account/reset your password for a particular service/site, you should always go directly to the site/service in question and follow instructions there.

UPDATE: 31st July 2017

Over 7 months since I first reported the two scam/phishing sites highlighted in this post, they both remain online and continue to be hosted by GoDaddy. Meanwhile, similar scam/phishing sites are popping up all the time – and guess what, they’re hosted by GoDaddy too!

Here’s another one that’s recently appeared, emailhelpers(dot)us:

GoDaddy hosting for scammers
GoDaddy hosting for criminals

I’ve reported this one to GoDaddy today… but don’t hold out much hope that they’ll take any action!

UPDATE: 3rd August 2017

Here’s another one that I’ve just become aware of and reported to GoDaddy, anytimesoftcare(dot)com(dot)au:

anytimesoftcare dot com dot au
anytimesoftcare hosted by godaddy
0 0 votes
Article Rating
Subscribe
Notify of
guest
15 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments