Shutting down scam websites

Remember, you can always use Free Whois Lookup - Whois IP Search & Whois Domain Lookup | Whois.com to find a website’s registrar and hosting provider. The registrar is listed very near the top of the results when a domain is entered, and the nameservers (listed further down) will indicate the hosting provider.

To make it a bit easier to find the hosting provider, NameSilo (a domain registrar that is talked about later in this post) did give me this useful tool to find the name of the hosting company that provides hosting to a website: https://www.whoishostingthis.com/

For some reason, whoishostingthis.com doesn’t seem to recognize GoDaddy’s nameservers. They are domaincontrol.com (or maybe it was .net or something). If it can’t figure out what the hosting provider is from that tool, try using the WHOIS one.

This doesn’t provide the direct abuse contact, but you can always search for the company’s abuse email on Google, or use a generic contact form on their website. Also, as a last resort (keep in mind that this usually doesn’t work), you can just email abuse@[the company’s web domain] and see if that is a valid email.

Also, there are sometimes other ways to reach their abuse department faster. For example, NameCheap responds very quickly to abuse reports via Twitter.

That being said, contacting the host/registrar is not always needed. The reason is that some scammers use services like Github pages, a free website builder, etc. to host their site for free (or just some low price) on another company’s domain and use their resources. In cases like this, the scam site will be a subdomain of another legitimate business, like github.io in the case of Github Pages (github.com is the domain for the Github website, but Github Pages sites are hosted on a subdomain of github.io)

In these cases, simply contact the normal, legitimate business unknowingly hosting a scam. You will usually need to go to the legitimate business’s website and contact them there, either through a dedicated “report abuse” type link, or just their normal contact form. If you can’t find it there, try searching things like “(company name) report abuse” or “(company name) contact us” (replace the “company name” text with the actual company name, e.g. “Github Pages”)

Note that this list is not complete. I’m just adding based on my experience so far.

First: a note about Cloudflare

Cloudflare is not a hosting company. It is a security and performance company. To provide this service, it masks domain name servers.

If you see CloudFlare nameservers, reporting abuse to Cloudflare can forward your complaint to the website owner (unless reported under “General” or for child pornography, in which case forwarding to the owner is optional) and domain registrar/host. The success of this is a gamble (depends on what the registrar/host will do about it), but it’s worth a shot.

Cloudflare is sometimes a registrar, and in this case, you can report abuse to them as a registrar via [email protected]:

Also, there was a Discord scam going around using Cloudflare for its website. Cloudflare decided to suspend it, though:

I do not know how often this happens. A website teaching Nigerians how to scam is using Cloudflare to cover the actual hosting provider, and as far as I can tell, Cloudflare hasn’t done much (but maybe it’s just the hosting provider not doing anything?)

Responsible companies shutting down scam websites

Freenom

Freenom provides these top-level domains:

  • .ga
  • .tk
  • .ml
  • .cf
  • .gq

Freenom’s [email protected] email will almost always shut down tech support scams, phishing websites, malware websites, websites used for scam/spam emails, and other abuse of their service.

DigitalOcean

Although they take a while, DigitalOcean usually shuts down scam websites hosted via their platform.

Use the “Report Abuse” button here to report abuse: Contact DigitalOcean

The support.digitalocean.com domain doesn’t work for reporting abuse unless you have a DigitalOcean account.

NameCheap

Just like DigitalOcean, NameCheap takes a while, but they do usually shut down scam websites.

Edit: As @Cyberlytical suggested, NameCheap is much more responsive on Twitter. They got back to me in about an hour about a malware domain:

GitHub Pages

GitHub usually takes down scams hosted via their service, even if the website doesn’t use a github.io domain.

OnlineNIC.com

OnlineNIC.com suspended a domain that was being used to send out huge amounts of romance scam emails.

Weebly

Weebly is a free website builder service. In my experience, they have taken down phishing, drug deal, and spam websites.

Reg.ru

Russian laws make it very difficult for registrars and hosting providers to suspend domains, but I think that Reg.ru has some kind of god-like powers:

Also, they speak understandable English, even though the entire site is in Russian with no English option, so that’s nice.

[email protected] to send reports

Irresponsible companies

GoDaddy

GoDaddy does not take down anything, both as a registrar and hosting provider. I’ve found a child porn forum hosted and registered with GoDaddy, and GoDaddy didn’t even respond to the report.

WebNic

Their stupidity is immense:

  • Telling me to submit a fraud complaint via the system for disputing trademarks
  • Claiming that ICANN is responsible for abuse reports, and not them
  • Forgetting how to format emails altogether and making the weirdest typography errors

Sarek Oy and Njal.la

Exact same company, I’ll get to that in a second.

This is currently the registrar and hosting provider for a cybercrime forum, a website selling stolen accounts, and other things.

ICANN refused to accredit the company because the founder of it is one of the founders of The Pirate Bay. The founder tried to get mad at ICANN saying they don’t respect his views on democracy etc… no, they don’t respect his criminal behavior.

Njal.la claims to be a reseller of domains, it’s not, it exclusively “resells” Sarek Oy domains. Njal.la and Sarek Oy are founded and owned by one person, the exact same pirate bay person.

Both the abuse report form on Sarek Oy and Njal.la do nothing at all. Nothing. At. All. I don’t even get an autoresponder, just nothing.

Unsure

NameSilo

While they don’t take down most scam/malware domains, they provided a very useful service to find the host of a website as well as their contact details (which I’m now going to include at the top of this guide).

They do take down phishing domains, though, and they gave me these instructions to report a phishing site:

If you want to report a phishing case, please follow these steps:

To create a case:

  1. Visit new[dot]namesilo[dot]com/phishing_report.php
  2. Fill in a the domain URL
  3. Complete required information and click “Continue”.
3 Likes

Just something to add to this for Cloudflare. If a website is running under Cloudflare’s nameservers you can almost always find an abuse email for the register itself in the whois data. See the screenshot below for reference

2 Likes

Oh, that’s true. Thanks!

I suggest contacting Namecheap on Twitter. Much more responsive.

Thanks for the suggestion - the next time I get a chance, I’ll try this and add to the post if it works.

That does seem to work well! Thanks.

Their Twitter now tells me to contact their website.

And their website says this is not a scam:

Edit: This kind of nonsense seems to happen about 5-10% of the time nowadays.