Did you know that websites that include malware, phishing scams, or masquerade as real businesses can be reported by ordinary web users like you?
Here are some handy instructions on what to do when you come across suspicious domain names or websites.
Fake Site or Hacked SIte?
Fraudulent websites generally fall into two categories: fake sites have been created to install malware or perform other nefarious tasks, and sites that are real but have been hacked by someone trying to do the above. It’s important to start out by making this distinction if you can.
• Hacked Sites
If you visit a website regularly and one day it starts forwarding to a bad website, there’s a good chance that the website itself (or occasionally the domain name) has been hacked so it points elsewhere.
Hackers try to find vulnerabilities in popular website software that lets them forward traffic from the legitimate site to one that tries to install malware or get personal information. Alternately, they might gain access to a site at its usual domain and replace the content with their own.
• Fake Sites
Fake websites may look legitimate, but these sites have been built from the ground up to lure users into surrendering vital information or opening their systems up to malicious software (malware). Learn more tips on how to spot a fake site.
In either case, if you suspect a fake or hacked site, your first step is to determine who really owns the domain name.
Finding Out Who Owns the Domain Name
All domain name registrars offer a Whois service that lets you look up any domain’s owner and view certain technical details about the site. This handy guide can help you understand how to read a Whois record if you’ve never done it before.
In most cases, a domain name used for fraudulent purposes won’t have accurate information in the Whois record. If contact information is obviously fake (e.g., phone numbers that start with 555-), this can be helpful information when reporting the website. More on that later.
Domain Registrars and Hosting Providers
If you encounter a website with malicious content or malware, you need to reach out to the web hosting company and/or domain name registrar to report the site.
It’s important to understand the difference between a domain registrar and a domain hosting company. Domain name registrars act as “pointers” to websites but don’t always also host the actual content.
For example, people who register domain names with Namecheap can use other companies to host their content (although Namecheap provides both services). They tell Namecheap where to point their domain to reach their content. It’s helpful to think of the domain as the street address and the hosting provider as the actual house.
If the problem is with the content of the website, you need to report abuse to the hosting provider, as registrars typically cannot take action against content hosted elsewhere.
How to Find the Hosting Provider
Now you’re ready to collect some vital stats on the site itself so you can effectively make a report.
Examine the nameservers in the Whois record to find out where a website is hosted. Here’s an example:
Name Server: NS01.hostingcompanyname.TLD Name Server: NS02.hostingcompanyname.TLD
Sometimes the nameservers will make it easy to determine where the website is being hosted. In other cases, the domain names might point to a service which subsequently points to the actual host.
If you can’t determine where a site is hosted using the nameservers, you can use a tool like WhoisHostingThis.com to get more details.
When to Contact a Domain Registrar
If the domain name itself is being used for fraudulent purposes, such as phishing scams or impersonation, that’s when the domain registrar should be notified. You would also contact the registrar if you determined that some of the contact information in Whois for the owner is fake.
Finding the registrar is easy. Just look for this line in the Whois record:
Registrar: EXAMPLE REGISTRAR LLC
Go to the registrar’s website and look for an abuse or contact link.
How to Report Abuse
Time to blow the whistle on the black hats. Once you know which company is hosting the site, or the registrar of the domain, go to that company’s website and look for a ‘report abuse or fraud’ link, usually found on a Contact page or in the footer. If all else fails, try emailing abuse@ + the company’s main website address (email@example.com, e.g.)
Be sure to include as many of the details you’ve collected as possible, including (but not limited to):
- Specific information describing why you believe the site is fraudulent or malicious
- URLs of offending content (if not on the homepage)
- full email headers and content for fraudulent or abusive emails
- Specific details on which Whois information is inaccurate
Why a Company May Not Take Action
While reputable companies rely on ordinary citizens to bring abuse to their attention, they cannot take action against every single site reported to them.
Depending on the size of the company, domain registrars and hosting providers may receive hundreds of abuse reports every week. Reviewing and analyzing each report takes time.
In some cases, there is insufficient information to warrant removing the site. Sometimes the reported content does not meet the company’s criteria for removal. In other cases, the company is not the provider of the content in question and therefore cannot take action.
Companies also must abide by their countries’ laws governing online content and fraud, as well as tenets around free speech. In many cases, if a company determines that content is not illegal or harmful, the website may remain online.
Regardless of the reasons companies may or may not act, it’s up to all of us who browse the Internet, check email, or use social media to remain vigilant against fraudulent and abusive websites. Together, we can make the web a safer place.
How to Report a Fraudulent Site to Namecheap
NameCheap takes fraud very seriously, and we do everything we can to keep the internet safe for everyone.
If you find out a website is fake, or have any other concerns about a domain registered with Namecheap or hosted on our servers, please refer to our documentation on reporting fraud and abuse for the steps you need to take to report the website to us. You may also submit a ticket to our Legal & Abuse team using this form (be sure to select either hosting legal and abuse or domains legal and abuse under ‘department’).
If you have any questions, you’re also welcome to contact our customer support team.