• Home
  • About Us
  • Contact
  • Advertise
  • Awards
  • Privacy Policy
  • Twitter
  • Facebook
  • RSS
TheDomains.com

Why Hasn’t Godaddy Filed UDRP On Phishing Domains?

December 28, 2014 by Michael Berkens

Domaingang.com has been reporting on many domain names that have been involved in phishing attacks on Godaddy which have resulted in domain names being stolen out of Godaddy accounts.

Unlike most phishing attacks where someone uses a domain controlled by the phisher, to actually send the  customers to which wind up appearing in the URL bar,  recent attacks actually use domain names containing the register’s name, but are owned by third parties just like the one’s Godaddy recently warned its customers about.

As reported by DomainGang.com here are a few:

account-godaddy.com

godaddy-account.com

service-godaddy.com

services-godaddy.com

support-godaddy.com

Take the domain name support-godaddy.com.

It was first registered back in 2006  by a John Bazely of the UK where it remained registered until February 19, 2008 when it expired and was deleted.  The domain remained unregistered until just several weeks ago on December 3rd of this year.

Why didn’t Godaddy register this domain in the 6 years that it was available?

service-godaddy.com and services-godaddy.com, which was just registered at the Chinese domain registrar eName Technology Co.,Ltd on June 3rd 2014.

Six months certainly is enough time to file a UDRP.

account-godaddy.com was registered on December 3rd of this year as well as godaddy-account.com

Hell three weeks is long enough to file a UDRP.

Godaddy like most major brands need to be on the look out for direct domain registrations and at least track what is being done with the domains.  Are they just being parked or are they being used to mirror Godaddy.com site?

Once Godaddy or any other registrar gets a report of a domain containing its name being used for phishing then its the registrars responsibility to get those domain name shut down, by filing a UDRP, ASAP

 

 

Filed Under: Domain Registrars, Godaddy

About Michael Berkens

Michael Berkens, Esq. is the founder and Editor-in-Chief of TheDomains.com. Michael is also the co-founder of Worldwide Media Inc. which sold around 70K domain to Godaddy.com in December 2015 and now owns around 8K domain names . Michael was also one of the 5 Judges selected for the the Verisign 30th Anniversary .Com contest.

« Tip For The New Year: Don’t Buy Domains When You’re High: This Guy Did & Spent Over $5K
Using Gmail to Sell/Negotiate Offers On Domains To Chinese Buyers? They Are Not Getting Them »

Comments

  1. jose says

    December 28, 2014 at 12:16 pm

    it’s cheaper to look the other way

  2. Acro says

    December 28, 2014 at 12:18 pm

    Large organizations such as GoDaddy deal with plenty of bureaucracy already. I’ve recently reported these particular domains to GoDaddy as related to a series of documented domain theft incidents and I believe they will consider some action.

    Of course, the usual tinfoil hat theorists might say it’s GoDaddy’s plan to have their own customers lose their domains to a Chinese conman’s phishing emails.

  3. BullS says

    December 28, 2014 at 2:53 pm

    Ain’t surprise one day all your domains at godaddy will be siphoned off to the Chinese’s servers.

  4. ikehook says

    December 28, 2014 at 6:44 pm

    Also why wouldn’t they send out security notices? I got around 6 emails all stating that I needed to confirm my Whois for ICANN. It seemed like the normal BS so I clicked the link and almost signed in, except that Chrome didn’t autofill my user name. The Phishing site was identical. So I forwarded one of them to my account rep, he said Yeah that’s a phishing site, Yeah no kidding, Why the hell wouldn’t you send out notices to make people aware this was happening?

    • Acro says

      December 28, 2014 at 7:16 pm

      You mean, send out a few million emails that themselves can be spoofed as phishing attempts?

      They did warn about this in September: https://garage.godaddy.com/godaddy/godaddy-customers-beware-email-phishing-attempts/

  5. HireDomains says

    December 28, 2014 at 8:37 pm

    Well I forwarded on a phishing email sent to me and stated it was my belief this was an attempt to get to the domain 6462.com, i never click on links and was of the belief my name was safe. Godaddy failed to respond to my email, I asked for the fraud to be recorded, they failed to offer me a two step verification login. After being a loyal customer for a number of years. Two weeks later the domain was stolen, now they say i have to subpoena them to see who had access to my account, they have not answered the question of why didn’t I receive an email alerting me of the transfer ?? Money and Power corrupt, As far as i am concerned Godaddy are corrupt. The way they treat their customers is disgusting !

  6. Louise says

    December 29, 2014 at 2:11 am

    Nice reporting! Here is a reward, a video of a cool performance by a rising artist:

    • Louise says

      December 31, 2014 at 2:55 pm

      I could take a lesson: jesse j is working like the rent is due! 🙂

  7. Louise says

    January 1, 2015 at 9:15 pm

    The missing piece is Godaddy-Support.com not on acro’s list. Here is the creation date:

    Godaddy-Support.com
    Creation Date: 2014-03-09T14:56:03Z

    eNomSupport.com was registered by the same entity, 3 seconds earlier:

    eNomSupport.com
    Creation Date: 2014-03-09T14:56:00Z

    Acro, it’s hard to email you. The form on Acroplex.net lost my comment, when I didn’t enter the # right. It’s hard to type in the privacy email on your whois.

    There are lively blogs in Chinese and German, where services-enom have done some phishing among Registrants. One site warns:
    8、不要点击假冒enom的邮件,这种高访邮件往往让你输入enom账号和密码,真的enom邮件是不会让你登录的。 name-services.com是enom公司的,而最近黑客的高仿域名services-enom.com,居然是在国内易名注册的,但是很多人上当

    He means, don’t be fooled by phishing url services-enom.com, when it is name-services.com that is the enom confirmation email.

    Name-services.com is parked and under privacy. Can eNom be any more confusing, when it sends out its confirmation emails?

    A reference site states:

    Same IP Websites Analysis
    The server IP address of Enomsupport.com is 122.10.117.128, we have found 2 websites hosted on this server.
    You also from here to view more websites.
    Rank
    Domain
    Primary Traffic
    n/a
    name-serivce.com
    n/a
    godaddy-support.com

    Funny coincidence! Name-service.com was hosted at the same IP address as Godaddy-Support.com & enomSupport.com, when this record was made.

    Also, it said

    Server Location: Guangzhou, China

    The Registrant is based in New Zealand, but the name servers are in China: f1g1ns1.dnspod.net

  8. Louise says

    January 1, 2015 at 10:09 pm

    So, name-serives.com is the authentic enom confirmation domain name?

    which is parked and under privacy?

    Why is name-services.com listed as the name servers for

    account-securities.org

    ? And don’t click anything if you go there! Looks malware-ridden. Account-securities.org registered November 28th, 2014:

    http://whois.domaintools.com/account-securities.org

    by Andre Gotteland, at gotteland@europe.com . Gotteland. I gotta land, too.

    Who is Europe.com? It is owned by World Media Group, LLC, going by World.com. Registered at Register.com, famous for Web.com hosting site. Here are some domains it offers: accountant.com alumni.com autobody.com calendar.com chemist.com choir.com comic.com confession.com consultant.com couple.com diploma.com dublin.com engineer.com fact.com faq.com fashionstore.com fight.com guaranteed.com instruction.com myself.com journalist.com luckynumber.com partner.com politician.com scientist.comteacher.com wires.com

    The finest collection I ever heard of!

    So, Andre Gotteland at gotteland@europe.com owns:

    Account-Securities.org

    which has servers on enom servers:

    name-servers.com

    yet, it redirects to a site which states:

    This website has been reported as unsafe
    account-securities.org

    We recommend that you do not continue to this website.
    Go to my home page instead

    This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information.

    More information

    “Personal or financial information.”

    Stands to reason, because account-secuities.COM is owned by none other than BAC.com.

    But, it looks like a site that will download something maliscious.

    It was registered in November, and ICANN has already banned it?

  9. Louise says

    January 1, 2015 at 10:35 pm

    Correction: account-services.com is owned by BAC.com

    Account-Securities.com
    Account-Securities.net
    Account-Securities.org
    Account-Securities.guru
    Account-Securities.co.uk

    all registered by Andre Gotteland of the UK at gotteland@europe.com

    browser seems to flag .com, .org and .guru as unsafe. account-securities.net and .co.uk don’t resolve for me.

    So, Acro.net and you tech experts, how can account-securities.com point to name-servers.com, and yet redirect to the flagged website? They were registered same day, on November 28th, 2014.

    Why did my research land on account-securities.com?

  10. Louise says

    January 1, 2015 at 10:58 pm

    It was an icloud phishing site, exposed by The Daily Scam dot com. Here is a png of the form it led the user to, if he clicked the link in an email:

    http://www.thedailyscam.com/wp-content/uploads/2014/12/7-Apple-account-phishing-site-4.png

    so, account-securities.com was registered through enom to phish for apple user ids.

  11. Louise says

    January 2, 2015 at 12:13 am

    Godaddy-Support.com
    &
    Name-Service.com

    hosted on dedicated ip address: 122.10.117.128

    a server in Hong Kong

    Also, ip address 122.10.117.128 is supposed to be the server for eNomSupport.com.

    http://www.statscrop.com/www/enomsupport.com

    http://reverseip.domaintools.com/search/?q=122.10.117.128

    It is a dedicated server of Pang International

    http://whois.domaintools.com/122.10.117.128

  12. Louise says

    January 2, 2015 at 12:15 am

    Godaddy-Support.com
    enomsupport.com
    name-service.com

    very special domains to be hosted on a dedicated ip address.

  13. Louise says

    January 2, 2015 at 12:23 am

    Why Hasn’t Godaddy File UDRP on Phishing Domains:

    account-godaddy.com
    godaddy-account.com
    service-godaddy.com
    services-godaddy.com
    support-godaddy.com
    AND
    godaddy-support.com?

    The 2nd question is:

    Why does the enom confirmation url in its security email

    name-servers.com

    have to be SO OBSCURE that it resolves to a parked page, and is registered under privacy?

    Why?
    Why?
    Why?
    Why?

  14. DaveZ says

    January 3, 2015 at 4:53 am

    Go Daddy will surely deal with those phishing names, albeit how — more so how to do so as cost-efficient and fast as possible — is probably the question they’re also asking themselves. Can the Uniform Rapid Suspension thing handle this issue aside from UDRP?

    I also wonder if Go Daddy tried to file a UDRP or so but got bogged down by the holidays in-between. Then again, it’s probably better for them to do something (e.g. file UDRP) and then mention it later rather than the other way around. We’ll see.

  15. Evans Gathaku says

    June 20, 2016 at 3:31 am

    Nice comment by Davez : ”

    Go Daddy will surely deal with those phishing names, albeit how — more so how to do so as cost-efficient and fast as possible — is probably the question they’re also asking themselves. Can the Uniform Rapid Suspension thing handle this issue aside from UDRP?

    I also wonder if Go Daddy tried to file a UDRP or so but got bogged down by the holidays in-between. Then again, it’s probably better for them to do something (e.g. file UDRP) and then mention it later rather than the other way around. We’ll see.”


Recent Articles

  • Sedo weekly domain name sales led by 1337.org
  • Sedo weekly domain name sales led by Superwin.com
  • Single-character .ee domain names now available

Recent Comments

  • John on X8Bet.com for $67,666?
  • Raymond Hackney on X8Bet.com for $67,666?
  • John on X8Bet.com for $67,666?
  • Jose on X8Bet.com for $67,666?
  • Raymond Hackney on Spaceship is getting ready to take off

Categories

Archives

Copyright ©2022 TheDomains.com — Published by Worldwide Media, Inc. — Site by Nuts and Bolts Media