Namecheap, you are hurting the internet!
The above chart is live and updated daily. As of today around 38% of the domains reported to us since we began recording on 8/23/17 are sponsored by NameCheap INC. These domains are allowed to continue to scam consumers long after they are reported. An example of this is “ecojetexpress.us” which has been reported repeatedly by both petscams.com and victims who have lost money. When victims of this scam filed an abuse report NameCheap did not “take reasonable and prompt steps to investigate”. Instead they forwarded the abuse report with the victims information to the criminal.
5 months later, ecojetexpress.us was still online scamming new victims.
A little bit of background?
Firstly we need to know what a website is. At its simplest, a website comprises of a domain name, Website.com, and the files that make up the content of the website. These files are kept on a server or “hosting”. The domain name, in this case Website.com, is linked to the hosting. When you go to www.Website.com you will arrive at the correct hosting.
You can think of it as your SIM card and your cell phone. The SIM card contains the number which links to the cell phone so that you can receive a phone call to that number.
If you lose your cellphone you can always use your SIM card with another phone and to the caller there is no noticeable change.
How scammers use this
Domain names are registered with a Domain Name Registrar. Scammers register a scam domain with a Domain Name Registrar and use a separate company to host the scam website. By looking at the WHOIS (registration details) of a domain you can find the email which you need to send an abuse report to shut down a scam website. Petscams.com never attempts to shut down the website hosting as the scammer can recreate the website on another hosting in minutes and continue to scam.
By doing this, the scammer can continue to scam people even if the website hosting is shutdown repeatedly.
AA419.org is an online group of volunteers who protect the consumer by finding Scam Websites and shutting them down by filing abuse reports. They actively work with registrars to shut down criminal domains.
How do Domain Name Registrars facilitate scammers?
Many Domain Name Registrars do an excellent job. The Endurance Group, Tucows, GoDaddy and Internet.bs can be counted amongst companies that protect consumers by taking swift action to investigate domains registered by criminals with the intention of scamming consumers. For the purpose of this article we are going to focus on another Domain Name Registrar who actively supports online criminals by providing them with a safe haven. Over one third of the websites reported on PetScams are sponsored by Namecheap INC.
Namecheap INC
I think it is worth repeating. Over ONE THIRD of the websites reported as pet scam websites are sponsored by one company. Petscams.com has had over 4,000 scam websites reported since April 2017.
Namecheap is governed by ICANN Registrar Accreditation Agreement 2013 which states that Namecheap must:
take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.
However, Namecheap sometimes takes months to respond to abuse reports with:
….Namecheap acts as the registrar only. It means that our ability to investigate the matter is limited since the content transmitted via the website is not located on our server. Please also note that we do not own the reported domain names, we are simply the company the domain name was registered with. Considering the aforementioned points, we recommend that you contact the hosting provider, who would be in a better position to validate your claims and take the appropriate action.
Additionally, if you believe you are a victim of an Internet crime, or if you are aware of an attempted crime, you can file a complaint through Internet Crime Complaint Center at https://complaint.ic3.gov , who are in the best position to fully investigate any such issue across any/all service providers.
This can be surmised as “We sponsor the domain but we refuse to look at the website. We are only concerned with the domain name. Tell someone else”
This is neither “prompt” or “appropriate” and if was true would negate the need for the obligatory abuse contact email as per ICANN.
Multiple accounts
As scammers have found a safe haven with Namecheap INC they will register multiple domains without fear of being shut down. Some domains can eventually be suspended after a prolonged campaign but the scammer will simply buy a new domain using the same account and continue scamming. Namecheap does not recognise that an account with 300 domains, 100 of which have been suspended, belongs to a scammer. Each domain required a concerted effort and multiple abuse reports in order to shut them down.
An example of one such scammer is [email protected] which has registered 92 domains to use in Pet Scams in less than a year. Some have been suspended while others have been allowed to continue including which was reported on April 20th 2017 here and is still allowed to scam consumers.
Namecheap’s Poor Excuses – “Please Send Abuse Reports to the Host”
To demonstrate how Namecheap is blatantly disregarding the ICANN Registrar Accreditation Agreement (2013) by not actively investigating reports of abuse, the following registrant that owned 182 fake pet and shipping websites was reported to the company by a concerned citizen in 2019. Note the completely false information used to register the domains:
Registrant Name: Morgan Lorga
Registrant Organization: Anonymouse Host
Registrant Street: Down street Rus
Registrant City: welmshi
Registrant State/Province: North West
Registrant Postal Code: 101000
Registrant Country: RU
Registrant Phone: +7.675552377
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registrant Application Purpose: P1
Registrant Nexus Category: C11
A first question can be deduced from this data: “why does Namecheap not check whether the person registering the domains exists, or for that matter whether the registrant city exists?”
This is how Namecheap responded to these blatant pet scam domains with innacurate registrant data:
“….Namecheap acts as the registrar only. It means that our ability to investigate the matter is limited since the content transmitted via the website is not located on our server. Please also note that we do not own the reported domain names, we are simply the company the domain name was registered with. Considering the aforementioned points, we recommend that you contact the hosting provider, who would be in a better position to validate your claims and take the appropriate action.”
Furthermore…
“Additionally, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the reported domain names. Examples would be a bounced email or postal mail returned due to an invalid address. If you have a bounced email, please copy and paste it to your reply. In the case of returned postal mail, please scan it converting into a PDF file and send to us via email.”
Namecheap decided to not take any reasonable method of investigation and decided that whatever content was available on the website was not their responsibility, despite the fact that it is their obligation to investigate abuse reports. It would also have taken a 2 minute check to see whether the city of “Welshmi” exists, however, they instead decide that the reporting party has to send a postal mail demonstrating the invalid city.
This leads to a second question: “why don’t you just report it to the host as Namecheap recommended?” There are currently no regulations guiding who can host a website which means that the fraudsters themselves, or close acquaintances that are more tech-savvy, often host the fraudulent websites. An example of one rogue web host can be found here.
Namecheap is happy to take victims reinvested cash used by fraudsters to register more fake websites with, no questions asked.