Whoisguard: A proxy for crime targeting the USA from the USA?
Background:
A domain proxy is a system whereby a domain owner, the registrant, hides his or her details for a domain registration behind a registrar or reseller’s proxy. The proxy owner substitutes his own details for those of the registrant, the domain owner.
This is a great shield for legitimate users wishing to protect their privacy, but also attracts malicious registrants using fake registration details. The malicious registrant is hidden behind the proxy and not open to scrutiny and many times endangers the privacy of innocent consumers, if not allowing them to be defrauded or harmed in other ways. Much has been posted for and against proxies. It’s our belief that the proxy protection system is needed, but that it should be done in a responsible way where the rights of innocent parties will not be impacted upon.
Namecheap and Whoisguard:
Namecheap is an American registrar. Their affiliated company for providing proxy protection is Whoisguard. For a while now Namecheap has been in the shadows and a registrar behind bad events impacting innocent consumers. In 2010 it was Heihachi and the German fake shopkeeper gang, described at the time as one of largest cyber crimes in Germany by the media. At the time there was fears that Heihachi might very well affect the stability of the internet with constant DDoS attacks, malware and other bad events originating from this quarter. At the time the registrar responsible was eNom with the reseller being Namecheap. Heihachi was made a sub-reseller and despite providing fake registration details themselves, even providing proxy services to the malicious clients which included bot herders, carders, malware distribution websites openly, the the attackers they were harboring. The ITSEc community “regarded Heihachi as an outfit run ‘by criminals for criminals’ in the same mould as the criminal Estdomains.“. Namecheap and eNom refused to address this issue. The criminals had found an ideal layer of isolation.
http://heihachi-worms.blogspot.com/2010/12/hehachi-anonops-wikileaks-and-spamhaus.html
http://heihachi-worms.blogspot.com/2010/12/domains-found-on-wikileaksinfo-ip.html
http://heihachi-worms.blogspot.com/2012/08/heihachi-rip-internet-trust-rip.html
This saga ended up in the German and Austrian courts with the perpetrators being arrested and subsequently found guilty. The reseller owner of Heihachi already had a criminal record.
This was little comfort for the victims of the crimes committed who lost their money forever. This was never looked at at registrar or ICANN level. The guilty parties were exactly as mentioned to Namecheap and eNom at the time. No lessons were learnt. Are we were doomed to see history repeat? Roll forward seven years and decide for yourself.
Note: eNom has since been bought by Tucows. Namecheap now finally seems to be using their own status as registrars to act as sponsoring registrar. The new eNom has made extremely encouraging and promising efforts at stopping abuse of their services.
The USA: Pet Scam Epidemic?
Many people nationwide get scammed by people running bogus operations out of foreign countries, posing as USA or Canadian dog breeders selling adorable little puppies.
Sue McConnell, president and CEO of the Greater Cleveland Better Business Bureau, said Carr’s situation is typical. The BBB recently has been fielding a lot of inquiries about puppy scams.
This is an extract from a recent article at http://www.cleveland.com/business/index.ssf/2017/02/beware_of_internet_puppy_scams_1.html. This article describes how a victim was defrauded in a pet scam In the report we hear how the victim tried purchasing a Maltese puppy from http://www.smartwhitemaltese.com. After paying for the puppy, the puppy was sent via a fictitious courier. The courier now claimed the crate was too small, requesting the victim rent a larger crate. This is a typical pet scam in two phases. Other excuses for trying to get victim to make further payments might be needed vaccinations, a sick pet and fictitious vet bills – there are many excuses which can be used. This is the common Cameroonian pet scam.
Did I say Cameroonian? Yes, and these scammers are turning the USA into their personal piggy bank – with the assistance of certain US based domain registrars!
When speaking of West African cyber crime, everybody nods, thinking of spam emails received, promising fabulous riches such as lotto winnings, promises of rewards from a corrupt bank official, solicitations to assist in investing millions of dollars, help a dying widow … the classical 419 scams.
But West African fraud is much wider. A distinct set of scams that originated in the Cameroon exists, totally different to the 419 scams mentioned previously and much overlooked at all levels. The entry level scam targeting ordinary internet users is the infamous pet scam. Here images of pets will be stolen and offered for sale as if belonging to the advertiser. However the scammers are master forgers and go to extreme lengths to convince the victims these pets are real. They will advertise on the classified, Facebook, Twitter and other legitimate websites. In many cases they will even have there own pet website where they advertise these pets. For most , this content will be stolen from a legitimate website. Sometimes even a whole complete website is stolen! Consider http://tibetanmastiffspuppies.us/
What a lovely website, but buyer beware! This is a Cameroonian pet scam website.
The owners of http://www.chinesetibetanmastiff.eu in Czechoslovakia went to great efforts to offer their puppies on a professional website. However their property was trivially stolen by a pet scammer, then republished at http://tibetanmastiffspuppies.us/
The scammer made minor changes, including this change:
We currently have coupons from our shipping”GET 45 DAYS MONEY BACK GUARANTEE WITH EVERY PUPPY. EACH PUPPY COST $2000 BUT 2 PUPPIES COST $3500 ENJOY OUR BONUS!!!”
**** Call Or Text: (301) 685-1709*****
**** Free Shipping Is Available*****
We currently have coupons from our shipping agent to ship 3 puppies at no extra cost, so if you purchase your puppy while this coupons are still available and valid, we will be able to ship your puppy for free. Otherwise shipping will cost an addition $289.
We see fabulous promises trying to belay the potential buyers fear. Also promises of free shipping etc via their shipping agent (part of the scam). Also a bit of pressure tactics, we only have three coupons available. In reality there are no puppies, there is no shipping agent, only misery for the potential buyer and financial loss.
Let’s return to the article at http://www.cleveland.com/business/index.ssf/2017/02/beware_of_internet_puppy_scams_1.html
Tips from the BBB to avoid a puppy scam:
- Always visit the breeder. Responsible breeders and rescue groups will be more than happy to offer you a tour.
- Search for website warning signs. The reason fake breeder websites look real is because the content is typically stolen from another site. Look for duplicate sites by copying a line from the website into a search engine and looking for identical wording elsewhere on the Internet. Also, search for the domain name on “WHOIS Lookup.” Make sure the site is hosted in the country where the breeders claim to be located.
- Pick your puppy up at the kennel. Don’t rely on the breeder to ship the puppy.
- Check references. Talk to others who have purchased pets from this breeder and the veterinarian the breeder works with.
- Pay with check or credit card. If a breeder pressures you to pay by wire transfer or prepaid debit card, it is probably a scam.
This would be excellent advice, were it not for the fact that registrars have proxies and some knowingly shield the thieves. Yes, you read it right, some registrars actually shield these pet scammers. Smartwhitemaltese.com mentioned in the article is an example of a domain registered via a US based registrar and protected via their affiliated proxy Whoisguard:
Domain Name: SMARTWHITEMALTESE.COM
Registry Domain ID: 2076964446_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2016-11-25T12:17:32.00Z
Creation Date: 2016-11-25T20:17:31.00Z
Registrar Registration Expiration Date: 2017-11-25T20:17:31.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Reseller: NAMECHEAP.COM
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: WHOISGUARD PROTECTED
Registrant Organization: WHOISGUARD, INC.
Registrant Street: P.O. BOX 0823-03411
Registrant City: PANAMA
Registrant State/Province: PANAMA
Registrant Postal Code: 0
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: D28C328F76F64FF18AE100C351927E26.PROTECT@WHOISGUARD.COM
Make sure the site is hosted in the country where the breeders claim to be located:
Many pet scams are hosted in America, while the pet scammer pretends to be in America. Yet the perpetrators find themselves far removed from US shores using US telephone numbers abusing VOIP and like providers to establish a fake US presence. Fact: Thieves lie.
smartwhitemaltese.com mentioned is a good example. This scam claimed to be a breeder in Ohio and was hosted at Namecheap in the USA:
- IP 68.65.120.217 = AS22612 = Namecheap, Inc.
Pay with check or credit card. If a breeder pressures you to pay by wire transfer or prepaid debit card, it is probably a scam.
It’s probably a better idea to bypass any website where the breeder can’t be verified. Unfortunately it’s not uncommon to see pet scammers resorting to phishing. They actively request you to pay via a credit card, likewise the fake courier. Once the scammers have your credit card details, they will abuse it for purchases online and have the goods shipped to mules and like. If in doubt, run!
Not much is publicly known about this shady world, but recently a Cameroonian man was arrested in Charlotte for his part in pet scams: http://www.wsoctv.com/news/local/charlotte-man-was-money-mule-in-fake-puppy-scam-affidavit-says/473343091
Other sources have stated America is in the grips of a pet scam epidemic. In reality the news is bleaker: the USA is in the grips of the Cameroonian cyber-scam epidemic which goes much wider than mere pets. Cannabis and drug scams are common co-scams item associated with the pet scam. See http://blog.aa419.org/2016/12/22/web-com-wrong-excuse/
Namecheap / Whoisguard protected scams
Namecheap is the leading* registrar in the world used to sponsor domains used in advance fee fraud. More worrying is that this is not of concern to them and they are quite willing to profit from the domain sales, even up-selling by adding their associated Whoisguard proxy protection in place to protect the identity of the domain owner. Then they self blind to legitimate complaints leaving a wake of victims unable to enforce their rights while trivially losing their privacy.
We’ve already seen how the domain smartwhitemaltese.com is protected via Whoisguard. As per the ICANN RAA, Whoisguard is the “Registered Name Holder” of smartwhitemaltese.com and shall accept liability for any harm dome with it, unless they reveal the hidden licensee details of it within seven day after receiving a well founded report of actionable harm. This is the exact wording of the ICANN RAA, Section 3.7.7.3:
3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it discloses the current contact information provided by the licensee and the identity of the licensee within seven (7) days to a party providing the Registered Name Holder reasonable evidence of actionable harm.
… and …
3.7.7.9 The Registered Name Holder shall represent that, to the best of the Registered Name Holder’s knowledge and belief, neither the registration of the Registered Name nor the manner in which it is directly or indirectly used infringes the legal rights of any third party.
We will shortly see how it plays out in reality.
I’ve also showed domain tibetanmastiffspuppies.us used for stolen content to host another pet scam. Thankfully no proxy protection is allowed on .US domains in this case. Let’s see how the relevant domain registration looks:
Domain Name: TIBETANMASTIFFSPUPPIES.US
Domain ID: D58651860-US
Sponsoring Registrar: NAMECHEAP, INC.
Sponsoring Registrar IANA ID: 1068
Registrar URL (registration services): http://www.namecheap.com
Domain Status: clientTransferProhibited
Registrant ID: EE5CFE0KGTD8QG5T
Registrant Name: melida sin
Registrant Organization: personla
Registrant Address1: 8100 Loisdale Road
Registrant City: Springfield
Registrant State/Province: virginia
Registrant Postal Code: 237
Registrant Country: Cameroon
Registrant Country Code: CM
Registrant Phone Number: +1.9703685478
Registrant Email: melidasin6@gmail.com
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Quite a feat to change countries halfway through a domain registration. We need to ask how this domain was ever registered. It shows a total breakdown of any form of authentication and/or checks. Just for fun: we mentioned the Cameroonian family of scams is distinct from 419. Consider the domain gentlepressltd.com used for a commodities scam, claiming to sell biodiesel and vegetable oils.
Registrant Name: melida sin
Registrant Organization: melida sin
Registrant Street: azire new church
Registrant City: congo
Registrant State/Province: brazavile
Registrant Postal Code: 237
Registrant Country: CM
Registrant Phone: +237.970368547
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: melidasin6@gmail.com
But back on track. Dare we mention “Melida Sin” is also trashing another .US domain to scam American consumers, sponsored via US registrar Namecheap? http://charlescavalierpuppies.us/ and hosted in the USA?
Yet it’s these very same malicious registrants that also make their way into the .com, .net and other registries that allows proxy protections, causing much harm. Any sane reader may assume that Namecheap would revoke such a registration if they became aware of the a domain. After all, a registrar is a custodian of trust? Apparently not.
The following is posted with the permission of the complainant, a legitimate dog breeder whose website at http://www.jemfrenchbulldogs.com/ was stolen, contact details and all, then republished under the domain name frenchiesfriendly.com. Soon after the real dog breeder and website owner started receiving calls from upset fraud victims who never received their puppies, threatening and harassing her, while she is as much a victim as anybody else defrauded. It is for this reason she also published an alert on her website about frenchiesfriendly.com:
And this is the stolen scam website (contact details since updated):
The owner obviously has rights; the rights to report, the rights to complain and defend not only her property and her privacy. Enter Namecheap and Whoisguard. Currently the domain registration says:
Domain name: frenchiesfriendly.com
Registry Domain ID: 2091842546_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2017-01-21T14:00:36.00Z
Creation Date: 2017-01-21T13:49:12.00Z
Registrar Registration Expiration Date: 2018-01-21T13:49:12.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code:
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: 76e83655797642a6ac062b2661b0138d.protect@whoisguard.com
The real owner contacted Whoisguard (remember ICANN RAA 3.7.7.3 and 3.7.7.9? WhoisGuard is the registrant ):
From: (owner) <(owner email)>
Date: February 23, 2017 at 2:11:47 PM EST
To: support@mail.whoisguard.com
Subject: ATTENTIONHello
I, (owner name) the owner of jemfrenchbulldogs.com needs
to have the suspension the privacy protection for the following domain,http://www.frenchiesfriendly.com/
[snapshot]
IP Address: 46.105.47.126
This domain is scamming people pretending to own dogs for sale and it stole my identity and everything on my site.The site is fraudulent and it’s causing a problem for me (owner name) the owner of JEM French bulldogs. The site has stolen all my text and images as well as copyrighted photography.
<http://www.jemfrenchbulldogs.com/>
http://frenchiesfriendly.com/about-us/index.html
Please get back to me as soon as possible
(owner name)
Here is the response of WhoisGuard:
From: WhoisGuard Support <support@mail.whoisguard.com>
Date: February 28, 2017 at 1:05:18 PM EST
To: (owner) <(owner email)>
Subject: Re: ATTENTION(Owner name),
Please be advised that WhoisGuard does not own, manage, administer, host
or provide registration services to the Domain and corresponding
website, but simply provides anonymous privacy protection services to
the domain registrant. We are not a hosting company, not the registrar,
and we are not associated in any way with the website. WhoisGuard
serves no function as an intermediary of these types of disputes,
neither is WhoisGuard typically in a position to adequately investigate
such claims and pass judgment on the relative merits involved. The
website is not under our control. We do not have the ability or
authorization to remove or delete anything from the website; we cannot
shut-down the site nor disable the domain. This is totally out of our
realm. You may want to consider filing a complaint with ICANN, or you
may contact the hosting company. To find out who the hosting company is
please visit the following website: http://www.whoishostingthis.com/.Regards,
WhoisGuard Support
Naturally this statement is factually incorrect and WhoisGuard should know better, being a sister company to Namecheap. As such Artists Against 419 intervened, clarifying on 2017-03-02, replying to WhoisGuard, cc’ing Namecheap and the APWG, also bcc’ing numerous other interested parties :
Hello WhoisGuard
I’m following this incident. Further I’m also bcc’ing certain interested parties.
I find your response (included below) totally inappropriate and in conflict with your stated terms of service.
> anonymous privacy protection
A domain should not be anonymous, you should have the registrant details recorded. An anonymous domain registration is the .com gTLD would be in violation of stated ICANN policies and not allow for accountability.neither is WhoisGuard typically in a position to adequately investigate such claims and pass judgment on the relative merits involved.
You need no capacity to investigate, simply the capacity to read. Going to the page at http://frenchiesfriendly.com/available-puppies/index.html and view the source code, then you will find:
<!– Mirrored from www.jemfrenchbulldogs.com/available-puppies/ by HTTrack Website Copier/3.x [XR&CO’2014], Sat, 21 Jan 2017 18:35:10 GMT –>
You will notice that frenchiesfriendly.com is the domain under your protection, that (owner name) is the owner of jemfrenchbulldogs.com and the person contacting you about the malicious domain infringing on her rights. This becomes important later below.
Furthermore, as a domain proxy you should be adequately familiar with domain registration dates.
Domain name: frenchiesfriendly.com
Registry Domain ID: 2091842546_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Creation Date: 2017-01-21T13:49:12.00Zvs
Domain Name: JEMFRENCHBULLDOGS.COM
Domain ID: 1853307757_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2016-10-29T15:03:25Z
Creation Date: 2014-04-04T01:41:41ZAs such the claimed legitimate domain jemfrenchbulldogs.com predates the domain frenchiesfriendly.com you are giving protection.
You can also easily verify that the content now used on the website associated with frenchiesfriendly.com, the domain you are protecting was in fact taken from jemfrenchbulldogs.com :
https://web.archive.org/web/20160331170254/http://www.jemfrenchbulldogs.com/ – note the date, 2016/03/31 – before the domain frenchiesfriendly.com was even registered.
Note the email address clearly visible on the original: jemfrenchbulldogs (at ) gmail.com – the party using that email is the one originally bringing this matter to your attention (owner name).
As such there no no room to doubt any claims made by (owner name). All the evidence is self substantiating and no investigation is needed.
You have all the needed evidence to decide on this issue. Such usage and abuse of privacy is a violation of your own polices as on your own website at http://www.whoisguard.com/legal-tos.asp
In addition, you are the registrant as per definitions in the ICANN RAA, despite of what you say. The ICANN RAA 2013, Sect 3.7.7.3 (https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en) clearly states:
3.7.7.3 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it discloses the current contact information provided by the licensee and the identity of the licensee within seven (7) days to a party providing the Registered Name Holder reasonable evidence of actionable harm.
We also need to accept that this is a malicious domain and as much part of the issue here, since without a domain, the abuse would not have existed to the extent it does. This article by Michal @ LegitScript may be enlightening (note point #2) which is the exact avenue you are trying to escape down: https://www.legitscript.com/blog/2017/02/top-3-excuses-registrars-use-that-help-enable-rogue-pharmacies/
As such you have no excuse for not revealing the identity of the hidden registrant, unless you wish to accept liability for the harm? Please be as kind as to advise on your decision promptly. Doing anything else would just be putting innocent consumers in harm’s way and at the risk of losing their privacy, as is already the case with (owner name), who is being contacted by victims to frenchiesfriendly.com and called a scammer etc.
Just in case you are considering it – this is not a UDRP issue either. The specific type of case described here was discussed in certain ICANN working groups. Such relief is totally inappropriate and does not scale.
Simply having the hosting suspend sees these domains hopping from hoster to hoster. Currently we see resellers in offshore jurisdictions hosting fraudulent websites ignoring any abuse reports, using your protection. This pattern is rapidly increasing.
I have sought the permission of (owner name) to share her story publicly, and if such is given, I will be publishing about this specific incident, showing how a registrar and their proxy services can deprive innocent victims of privacy etc.
Kind regards,
(Artists Against 419 Reporter)
Artists Against 419
http://www.aa419.org————————
WHOIS Info:
===========Datestamp: 17/02/28 23:34:52 UTC
Domain Name: FRENCHIESFRIENDLY.COM
Registrar: NAMECHEAP INC. Sponsoring Registrar IANA ID: 1068
(snip … whois details of FRENCHIESFRIENDLY.COM)
No reply was ever forthcoming from WhoisGuard and the malicious domain is still scamming with the stolen content. However Namecheap was quick to respond (ticket #CWG-996-86193), passing the buck, despite being the registrar and as is the norm for them.
Hello,
Thank you for the informing us on your communication with WhoisGuard.
We would like to notice that the frenchiesfriendly.com domain name is hosted with another company. Please address the issue to them so that they can remove the reported content. Please find the contact details of the hosting company below: http://whois.domaintools.com/46.105.47.126
In case we receive a request from a law enforcement authority of the United States, we will assist them in their investigation.
If we receive a US Court Order regarding the domain, we will comply with any decision stated therein.Please contact us back if you have any questions.
Another response was received shortly after, still passing the buck, although more friendly and not the template reply above seen many times before from NameCheap:
Dear (aa419 reporter name)
Thank you for copying Namecheap on your note.
You may have advised the complainant, (owner name), on this but the course of action that will remove the content at issue is the DMCA Takedown Notice. It was designed specifically for a copyright owner, such as in this case, to use in order to empower a service provider to take action against infringing content. (Owner name) can simply serve the notice on the hosting provider and tell that the entire site is a mirror copy of their own. They do not need to name the registrant of the domain (which may be different than the hosting customer’s name); they just need to reference the domain. This allows the provider, without investigation, to take action. Registration dates alone do not establish who owns the content. However, the DMCA Takedown Notice requires the complainant to attest that the content is theirs and the service provider may rely on this.
Action must happen at the hosting level or the content can be moved from one domain to another. The hosting provider is the only source that controls the content. Here, the hosting provider appears to be OVH and their abuse email address is: abuse@ovh.net.
There are a number of websites that do a good job of explaining how to enforce ones copyrights using the DMCA Takedown Notice. (Owner name) may also review the elements that we outline clearly on our site: https://www.namecheap.com/legal/general/copyright-trademark-policies.aspx
Finally, we do confirm that the information provided by WhoisGuard is accurate. They have no access to content, nor the ability to determine who had the content first. However, we do believe that DMCA Takedown will help (owner name) stop the alleged infringement.
Sincerely,
(Namecheap Staff Name)
This clearly shows that, despite evidence of harm being shown, ICANN RAA clause 3.7.7.9 just flew out the window. Harm is being done as we can see. Also trying to make this a purely DMCA issue is at best disingenuous – this is a fraud issue. Innocent trusting people are buying pets that do not exist, getting defrauded. Namecheap sister company WhoisGuard accepted responsibility for this domain, yet when the time came to take up responsibility, disavowed it.
As for contacting the network owner where the content is hosted, OVH, this was already attempted:
From: OVH Abuse <ticket+PMSJTXVGDF.3cdd8@abuse.ovh.net>
Date: February 24, 2017 at 12:40:32 AM EST
To: (Owner email)
Subject: [OVH Abuse] Your abuse report #PMSJTXVGDFHello,
Thank you for taking the time to contact the OVH Abuse Team, this
message confirms that we did receive your report, and created the Abuse
Ticket #PMSJTXVGDF to reference it.OVH conducts its activities in conformity with applicable laws, we
forbid any use of our products that don’t conform to our general terms
and conditions of services.It’s important to note that most of our services are rented “unmanaged”
to our customers. This means that we only have physical access to the
server and cannot access its content (no root, administrator, or user
access). We are technically unable to modify or delete content, or
making an abusive behavior stop by intervening directly on the server,
as it is not managed by us.We will however transmit the technical information of your report to the
customer managing the infrastructure concerned, and we will follow this
ticket to its resolution.
You’ll find at the end of this e-mail the technical details you’ve sent
us, for reference.Cordially,
The OVH Abuse Team.
So who do we pass the buck to next?
And this, ladies and gentlemen, is why the USA and the rest of the world has a pet scam problem. Literally thousands of these domains are registered annually, abusing the marks of anybody that may make them look more legitimate, even those of IPATA, AKC and the BBB, stealing credit card details, causing further secondary losses for banks and like.
The credibility of the internet is being undermined one malicious domain at a time.
We leave it to you to decide if Namecheap (and associated WhoisGuard) is really a champion of privacy as marketed on their website, or if this a company hell bent on profiting, even to the extent of protecting it’s products by facilitating fraud and further profiting from it by selling proxies, harming innocent users. Seven years ago Germany experienced the same issues the US is facing today, once again abusing the same US based channel for malicious domains. History repeats …
PS:
Namecheap has received reports of fraudulent websites where the victims were even visible, being deprived of there privacy since the websites were bogus, using Namecheap domains, yet receiving the same template “We are only a registrar” response. At least one such domain was suspend at registry level after drastic intervention and massively exposing victim details in an international fraud. All the other abused registrars were quick to mitigate, only Namecheap was obstructive as is usual. It’s our belief it’s for this reason we have seen a drastic growth of serial fraudsters running to the protection of Namecheap after being suspended by and booted from other registrars. Dirty, rotten, stolen money goes where it’s welcomed.
PPS:
If you have been defrauded by the website on domain name FRENCHIESFRIENDLY.COM from start of March 2017, you may have a legal claim against WhoisGuard. Please consult your lawyer or legal representative.