Back in November of 2017, we wrote about the provider NameCheap.com - and the difficultly we had encountered in getting them to do anything about a website that they hosted, which we had repeatedly been spammed with links for. The focus of that article was merely on their lack of any response to the abuse reports we had sent to them, after (at the time) more an week. But when we finally DID receive a reply, their response was more ridiculous than we could have possibly expected.
First, some additional details that we weren't yet aware of at the time of the previous post on this topic: it turns out that the GetMyBusinessFundedNow[dot]com domain name is using something that many providers refer to as a "masked redirect" - in other words, they're using a full-page frame or iframe to display the content of another spam website (findbusinessfunding365.com). To anyone familiar with spammers & their common tactics, the reason for this should be obvious: it puts their spamming operations at less risk from abuse complaints - even if getmybusinessfundednow.com is suspended, the actual spam support content is still present on findbusinessfunding365.com, and probably unaffected because it's hosted by a different provider (Unified Layer, yet another provider who appear to turn a blind eye to spam complaints). In many ways, this is just a slight variation of the spammer tactic of using free URL-shortening services to redirect to their spam URLs, while hiding the actual sites & making them harder to report.
It also turned out that these same (by all appearances) spammers are using several other Namecheap-hosted domains in the same way: as masked redirects to/embeds of findbusinessfunding365.com. So far, the ones we've directly observed are:
However, when we reported those spam-support sites to Namecheap, they repeatedly insisted that they had no responsibility for the issue, because the actual content of the spam website was hosted elsewhere, and just embedded using an iframe/frame - despite the fact that they most certainly were (and still are) hosting the actual links being advertised by the spam EMails. Amazingly, they even claimed that they weren't actually providing hosting for getmybusinessfundednow.com and the other domains, despite the fact that they all resolve to an IP address that they are responsible for. Their sole justification seems to be that their spammer customers don't have a hosting service, but only domain registration service (with the masked-redirect-via-frames provided as part of that service) - which is ridiculous, because an iframe/frame only works if it's inside an HTML document, and that requires hosting by definition. Even if it's an extremely limited, purpose-specific form of hosting, it's still hosting - so by all appearances, that response was nothing more than a flimsy excuse for Namecheap to knowingly continue providing service to spammers.
The one kinda-sorta exception was PROBUSINESSFUNDING.COM: initially they claimed that they had resolved the problem by suspsending the domain's registration:
But when I happened to check it about a month & a half later, I noticed that the domain was still active & still resolving to NameCheap's webservers. Foolishly, I took them at their intiailly word & didn't think to check if the site was actually down - so I don't know if their claim to have suspended the site was complete BS, or if they did suspend it and then un-suspsended it later. Though incidentally, the reason I thought to check if the domain was actually suspended was that almost the exact same thing happened with yet another spam support URL hosted by NameCheap (loanbrokersinternational.com): they claimed they had suspended the offending account, but the site was still active when I checked less than a day later... that one is a slightly different situation, though, as that particular site is hosted directly on their servers, rather than embedded using a frame/"masked redirect". We'll be writing a separate post to detail that incident.
To top it off, it seems like many (if not most) of the Namecheap support staff we interacted with had serious difficulty understanding basic aspects of their own job - and/or had serious difficulties with basic reading comprehension. In just a single support/abuse ticket, here's a list of the nonsensical objections that we received fro Namecheap staff, and the basic details that we had to explain to them:
Even eliciting those lame excuses/red-herrings from Namecheap has been like pulling teeth: we've consistently noticed a pattern where they won't reply to a support/abuse ticket for days/weeks at at time - but publicly shame them about it on Twitter, and suddenly the ticket gets a response within an hour or two. It's almost as if Namecheap is more concerned with giving the public appearance they're responsive to those issues, than actually doing ANYTHING effective to address them. At the very least, it doesn't do much to dispell that impression when, of the 6 most recent abuse complaints we sent to them, 5 of them are stll open more than a month later & have received no response from NameCheap - while the 6th was closed without the issue having been resolved (the aforementioned loanbrokersinternational.com site, which is still active on their servers as of the time of this writing).
It also turned that this was not an isolated issue - or a new one either. A recent article published by Brian Krebs, one of the comments linked to blog post from 2015, which details almost the exact same issue: same spammer tactic (using domains hosted by/registered with Namecheap to embed content from separate stes via frames/masked redirects), and the exact same run-around from Namecheap's support staff (repeatedly claiming that the spam sites weren't hosted by them, when they clearly were) - the only difference seems to be that those spammers were hawking weight lose products instead of business loans. So that issue has been ongoing for at least 3 years now, and Namecheap is well-aware of it. While the KrebsOnSecurity article wasn't about that particular issue, it did mention NameCheap as one of the top registrars for TLDs (domain name extensions) that are favoured by spammers and spammers; the article also includes a quote from Namecheap's CEO, Richard Kirkendall, where (among other things) he accuses Krebs - a noted tech security ressearcher/journalist - of making "irresponsible assumptions." Kirkendall (or at least someone claiming to be him) then jumped into the article's comments, and didn't exactly inspire confidence in the company's willingness to address spam issues - particularly when he referred to people who oppose spamming as "nazis."
And as far as Namecheap's failure to address the use of their services by spammers, this is not even the only incident that we have experienced. In fact, the main reason for posting this update is that we've witnessed several further examples of even more absurd failures by Namecheap to address spam complaints, and it seemed that we should post an update on the first incident before moving onto the other, even more ridiculous ones. Stay tuned for those details!
Hosting and domain registration for your personal, business, or non-profit website.
Web design and development, eCommerce, creative services for new and traditional media.
Linux and Windows web hosting plans start at just $7.95/mo.