Joe Nobody declares victory

The conclusion of last week’s thrilling story about cryptocurrency scammers and service providers. Who did come to the aid of Joe Nobody, and who conveniently turned a blind eye to my abuse reports. Welcome to the good, the bad, and Namecheap.

TL;DR

In short, within 48 hours after I sent the first abuse report, the phishing website was rendered useless, thanks to actions taken by some of the notified service providers. Based on my previous experiences with sending abuse reports to service providers, I’ll admit that this was not the outcome I expected.

The good, the bad, and Namecheap

Let’s give credit to the companies that put human resources on the case and throw a little shade on the others.

Namecheap abuse desk

The Namecheap security engineer in charge of investigating abuse reports.

Bluehost (email service)

Bluehost was the first service provider to act on my report. I received a follow-up from them within hours. Bluehost had correctly identified the issue from the email headers I provided and informed me they had taken necessary action to prevent further abuse (spam).

Well done Bluehost!

Sectigo Limited (SSL certificate issuer)

Sectigo Limited sent me their reply the next day. They had finished their investigation and had concluded that the domain coinbase.com.compliance.esospro[.]net) was indeed involved in malicious activity. The certificate was revoked as confirmed by the Certificate Transparency (CT) logs.

Well done Sectigo!

PixelMe (redirection service)

PixelMe never replied to or acknowledged the abuse report. Their short link service will still try to redirect any visitor to the now-defunct malicious domain.

Not impressed.

Namecheap (domain registrar and web hosting)

Other than an automatic e-mail confirmation, I have no idea if Namecheap ever investigated the abuse report. They do state that they have a large volume of complaints and will only reply if they need more information. Apparently, their ticket system is not even able to send an update by email when the ticket gets resolved. How convenient.

The DNS record for coinbase.com.compliance.esospro[.]net has been removed, but it’s unclear if Namecheap intervened, or if the scammer simply removed the domain record after the SSL certificate was revoked. While I monitored the domain, Namecheap did not take any action toward the domain, or the malicious content hosted on their platform.

Not impressed.

Today I learned

Sometimes abuse reports can make a difference. I believe it was worth my time and effort to possibly contribute to saving a few naive people from losing their crypto wallet. I don’t presume to be the one responsible for taking down the scammer and their phishing page, but I like to believe I helped make a difference.