graphic of a hacker in the matrix

How to Report a Fraudulent Website to a Registrar

Did you know that websites that include malware, phishing scams, or masquerade as real businesses can be reported by ordinary web users like you?

Here are some handy instructions on what to do when you come across suspicious domain names or websites.

Fake Site or Hacked SIte?

Fraudulent websites generally fall into two categories: fake sites have been created to install malware or perform other nefarious tasks, and sites that are real but have been hacked by someone trying to do the above. It’s important to start out by making this distinction if you can.

• Hacked Sites

If you visit a website regularly and one day it starts forwarding to a bad website, there’s a good chance that the website itself (or occasionally the domain name) has been hacked so it points elsewhere.

Hackers try to find vulnerabilities in popular website software that lets them forward traffic from the legitimate site to one that tries to install malware or get personal information. Alternately, they might gain access to a site at its usual domain and replace the content with their own.

• Fake Sites

Fake websites may look legitimate, but these sites have been built from the ground up to lure users into surrendering vital information or opening their systems up to malicious software (malware). Learn more tips on how to spot a fake site.

In either case, if you suspect a fake or hacked site, your first step is to determine who really owns the domain name.

Finding Out Who Owns the Domain Name

All domain name registrars offer a Whois service that lets you look up any domain’s owner and view certain technical details about the site. This handy guide can help you understand how to read a Whois record if you’ve never done it before.

In most cases, a domain name used for fraudulent purposes won’t have accurate information in the Whois record. If contact information is obviously fake (e.g., phone numbers that start with 555-), this can be helpful information when reporting the website. More on that later.

Domain Registrars and Hosting Providers

If you encounter a website with malicious content or malware, you need to reach out to the web hosting company and/or domain name registrar to report the site.

It’s important to understand the difference between a domain registrar and a domain hosting company. Domain name registrars act as “pointers” to websites but don’t always also host the actual content.

For example, people who register domain names with Namecheap can use other companies to host their content (although Namecheap provides both services). They tell Namecheap where to point their domain to reach their content. It’s helpful to think of the domain as the street address and the hosting provider as the actual house.

If the problem is with the content of the website, you need to report abuse to the hosting provider, as registrars typically cannot take action against content hosted elsewhere.

How to Find the Hosting Provider

Now you’re ready to collect some vital stats on the site itself so you can effectively make a report.

Examine the nameservers in the Whois record to find out where a website is hosted. Here’s an example:

Name Server: NS01.hostingcompanyname.TLD
Name Server: NS02.hostingcompanyname.TLD

Sometimes the nameservers will make it easy to determine where the website is being hosted. In other cases, the domain names might point to a service which subsequently points to the actual host.

If you can’t determine where a site is hosted using the nameservers, you can use a tool like to get more details.

When to Contact a Domain Registrar

If the domain name itself is being used for fraudulent purposes, such as phishing scams or impersonation, that’s when the domain registrar should be notified. You would also contact the registrar if you determined that some of the contact information in Whois for the owner is fake.

Finding the registrar is easy. Just look for this line in the Whois record:


Go to the registrar’s website and look for an abuse or contact link.

How to Report Abuse

Time to blow the whistle on the black hats. Once you know which company is hosting the site, or the registrar of the domain, go to that company’s website and look for a ‘report abuse or fraud’ link, usually found on a Contact page or in the footer. If all else fails, try emailing abuse@ + the company’s main website address (, e.g.)

Be sure to include as many of the details you’ve collected as possible, including (but not limited to):

  • Specific information describing why you believe the site is fraudulent or malicious
  • URLs of offending content (if not on the homepage)
  • Screenshots
  • full email headers and content for fraudulent or abusive emails
  • Specific details on which Whois information is inaccurate

Why a Company May Not Take Action

While reputable companies rely on ordinary citizens to bring abuse to their attention, they cannot take action against every single site reported to them.

Depending on the size of the company, domain registrars and hosting providers may receive hundreds of abuse reports every week. Reviewing and analyzing each report takes time.

In some cases, there is insufficient information to warrant removing the site. Sometimes the reported content does not meet the company’s criteria for removal. In other cases, the company is not the provider of the content in question and therefore cannot take action.

Companies also must abide by their countries’ laws governing online content and fraud, as well as tenets around free speech. In many cases, if a company determines that content is not illegal or harmful, the website may remain online.

Regardless of the reasons companies may or may not act, it’s up to all of us who browse the Internet, check email, or use social media to remain vigilant against fraudulent and abusive websites. Together, we can make the web a safer place.

How to Report a Fraudulent Site to Namecheap

NameCheap takes fraud very seriously, and we do everything we can to keep the internet safe for everyone.

If you find out a website is fake, or have any other concerns about a domain registered with Namecheap or hosted on our servers, please refer to our documentation on reporting fraud and abuse for the steps you need to take to report the website to us. You may also submit a ticket to our Legal & Abuse team using this form (be sure to select either hosting legal and abuse or domains legal and abuse under ‘department’).

If you have any questions, you’re also welcome to contact our customer support team. 

10 thoughts on “How to Report a Fraudulent Website to a Registrar”

  1. Thank you for taking this issue seriously and dealing with it so quickly. I am sure the Twitter community very much appreciates it, I certainly do.

  2. As a retired cop, I applaud tough enforcement on criminals. However, I want to be assured that NameCheap doesn’t become another GoDaddy.

    I am moving all my domains to NameCheap because of the horror stories I have heard in the Internet Marketing forums regarding GoDaddy. There have been two incidents that I personally know of, where a domain was suspended because a spammer was using the Clickbank affiliate link of a legit marketer.

    I would like assurances that the Abuse Department is preventing just that — abuse — and your employees have the investigative skills, discretion and smarts to make proper decisions.

    It is amazing to me that GoDaddy investigators acted on a complaint without calling the admin contacts. Anyone can use an affiliate link to spam.


    Jason Cain

    1. Godaddy refuses to delete a website they know are doing illegal activities, it is unbelivable they keep this sites

  3. It’s great to be tough on fraud, but be sure to keep a balance or this will set a dangerous precedent. As a hosting provider, my company does its best to secure our servers, however there have been a number of instances where a client will upload an insecure script that later gets exploited, resulting in a phishing page being hosted on their domain. We’ve had a case where our network provider, a large dedicated server company out of Texas, left us a voicemail at 3am(!) about a domain being compromised in this way, and pulled the plug on the entire server a few hours later because it was not removed within an hour. They lost our business and hopefully have reformed their abuse policies by now but it speaks volumes to the importance of having a SANE abuse policy that doesn’t penalize one of the more unreported victims of phishing attacks, the domain owner.

  4. Jason,

    We have teams who investigate fraud and legal issues specifically. As we are not eager to tip off fraudsters on how they can trick the system, I’d rather not go into the specific process of what goes into our investigations.

    In the specific instance you mentioned, if we were hosting it, we’d definitely investigate. However, as we do not look at the content of a site unless we are hosting it, the mere hosting of a domain at NameCheap would not warrant an investigation.

  5. thank you for the information, I think that’s where those link to a page-that looked like twitter-came from.

    let’s make the internet safe for everyone, for sure!

  6. @JasonCain , it is our policy to thouroughly investigate all complaints and protect our clients from false reports. We know there are people out there that take advanatage of overzealous registrars. I can assure you, we are here to protect our legitimate clients and you are the priority over everything else.

    Thanks for putting your trust in our services.


    Richard Kirkendall

  7. This Site IS Showing illegal Streams And Fraud People Money.

    I will Not Stop Until This Site Is Shutdown

  8. This company [redacted] will continue to email you. Look them up on whois and the owner has several scam websites.
    Owned by these guys, [redacted]

Comments are closed.