You’ve most likely heard of “GoDaddy” – they’re arguably one of the largest domain registrars and hosting providers in the world. Managing over 61 million domains names, over 5,000 employees globally and annual revenues of over $1.6 billion (USD).
All reputable hosting providers have published Terms of Service set out for what is and what isn’t allowed on their services, and have clear reporting routes that you can use to flag up harmful/dangerous content you come across on their services.
GoDaddy is no exception and claim to “take abuse of [their] services very seriously”
Whilst many hosting providers only provide a simple abuse@… email address for reporting abuse, GoDaddy have gone a step further and setup a dedicated “Abuse Report Center” where anyone can easily report illegal activity, the exploitation of children, spam, phishing and malware, etc you encounter on websites they host.
All looks good so far!
In my experience, reputable hosting providers are generally swift to act (and either suspend or terminate the offending website) when you flag up harmful/dangerous content hosted on their networks to their attention.
…but do GoDaddy take action against any of the sites flagged up to them through their “Abuse Report Center”?
It appears not!
Here’s a couple of examples of live scam/phising websites currently hosted by GoDaddy:
monktech(dot)us masquerade as official “customer services” and “technical support” portals for Gmail, Facebook, Hotmail, Microsoft, and Kindle, and purport to be able to help you recover/reset your password of the aforementioned services. This is a scam! This company doesn’t provide official customer service/technical support for these companies – they are simply after one thing; your personal login information! …this is known as “phising”, something prohibited by GoDaddy.
hotmailpasswordreset(dot)com purport to be a “Hotmail Helpline” which “provides support for troubleshooting hotmail related issues like password recovery, hacked accounts or any other serious issues“. Again, this is also a scam! This company doesn’t provide official customer service/technical support for Hotmail, and again are after one thing; your juicy personal login information!
Both of these domains were registered through and are hosted by GoDaddy:
Neither of these dangerous scam sites should remain online, as whilst they do unsuspecting users could potentially fall victim to their respective scams.
- monktech(dot)us was reported to GoDaddy through their “Abuse Report Center” on 21st October 2016 (and again on 8th November 2016)
- hotmailpasswordreset(dot)com was reported to GoDaddy through their “Abuse Report Center” on 12th December 2016
However at time of writing (22nd December 2016), both scam sites remain online, and GoDaddy have failed to act upon (or even to respond to!) these abuse reports.
Are GoDaddy unwilling to shut down such scam sites as these, and allow them to continue, simply so as not to loose revenue from the scammers behind them who pay GoDaddy to host them?
If GoDaddy can be this complacent about clearly obvious phising/scam sites such as these two examples, and continue to host them, it does make you wonder just how many other sites like these two they’re knowingly hosting? It also makes you wonder that if 2 months after first reporting one of these sites no action has yet been taken… what would happen in the event of a report of something more serious; exploitation of children – would GoDaddy allow these sites to continue online too?!
What are your experiences of submitting abuse reports to hosting providers like GoDaddy?
As a footnote; websites/services offering you help with “account/password recovery” for websites/services other than their own are scams. If you need to recover your account/reset your password for a particular service/site, you should always go directly to the site/service in question and follow instructions there.
UPDATE: 31st July 2017
Over 7 months since I first reported the two scam/phishing sites highlighted in this post, they both remain online and continue to be hosted by GoDaddy. Meanwhile, similar scam/phishing sites are popping up all the time – and guess what, they’re hosted by GoDaddy too!
Here’s another one that’s recently appeared, emailhelpers(dot)us:
I’ve reported this one to GoDaddy today… but don’t hold out much hope that they’ll take any action!
UPDATE: 3rd August 2017
Here’s another one that I’ve just become aware of and reported to GoDaddy, anytimesoftcare(dot)com(dot)au:
InfoSec Guy 
Getting lots of those fake invoice emails from GoDaddys IP ranges today. Google somehow linked me here. Anyway I just wanted to point out that today is July 26th 2017 and both the websites you cite are still up! I guess its a waste of time asking godaddy to stop the crap coming from their servers.
LikeLike
Please add maximus.digital as a scam, fraudulent, ponzi scheme suspended this week from thcservers and hosterbox but still operating on godaddy.
LikeLike
Here is another godaddy hosted scam site:
stocktradeinvest.com
So, as of Feb 2018 all the other sites mentioned in this post are still up, namely:
monktech.us
hotmailpasswordreset.com
emailhelpers.us
maximus.digital
Godaddy obviously prefer to take the cash rather than protect the Internet.
Social media action is the next step to get godaddy to respond.
Jo
LikeLike
Well, today I tried to report a wire phishing attempt where the originating email came from a godaddy email (have the logs showing it came from a godaddy server) – after sitting on the phone to their abuse queue I ended up transferred to their sales support. Apparently calling their abuse dept is not possible (even though they have a number and queue in place). Tried emailing abuse@godaddy.dom – got a standard email back to use their reporting site – which doesn’t have the correct option to report. Tried emailing their spam email – got the same email back as for abuse…in short they claim they want you to report but in reality they don’t seem to give a crap!
LikeLike