Important update 1: Email Support is being transitioned to Webforms. Click here for more information.
Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Report an Abusive Website

            OpenSRS investigates reports of abusive activity on domains registered through our reseller channel. This article explains how to report a domain, what information to include in your report, what kinds of abuse OpenSRS handles, and what to expect after you submit.

            What OpenSRS investigates

            OpenSRS reviews reports tied to domains registered through Tucows-owned registrars (including OpenSRS, Enom, and Ascio). The types of abuse we accept include:

            • Phishing. Fraudulent sites impersonating banks, payment providers, or other trusted brands to steal credentials.
            • Malware distribution. Sites that host or distribute malicious software, exploit kits, or drive-by downloads.
            • Spam. Domains used in bulk unsolicited email campaigns, including the message body URLs and sender domains.
            • Botnet command and control. Domains hosting C2 infrastructure for malware networks.
            • Child sexual abuse material (CSAM). Reports involving CSAM are escalated immediately and reported to appropriate authorities.
            • Intellectual property and copyright infringement. DMCA and copyright complaints are accepted through the same channel, though some content disputes may be directed to the hosting provider rather than the registrar.
            • Trademark abuse. Reports tied to UDRP-eligible disputes can be referred to the appropriate UDRP provider.

            Note: Some categories — content disputes, defamation, terms-of-service complaints against a hosted application — are typically the responsibility of the website's hosting provider, not the registrar. OpenSRS may forward such reports to the appropriate party.

            Before you report

            • Confirm OpenSRS is the registrar. Run a WHOIS lookup on the domain. If the registrar field does not list OpenSRS, Enom, Ascio, or another Tucows-owned registrar, file your report with the listed registrar instead.
            • Capture evidence. Take screenshots, save full email headers (for spam and phishing), record exact URLs, and note timestamps in UTC.
            • Avoid interacting with the abusive content. Do not click suspicious links, enter credentials, or download files from the reported site.

            How to submit a report

            Submit reports through the OpenSRS abuse contact channel.

            1. Open the OpenSRS abuse reporting page or send your report to the published abuse email address.
            2. Include all required information from the checklist below.
            3. Submit and retain a copy of your message and any case reference number returned.

            Information to include in every report

            • The domain name. Just the domain (for example, example.com), not a long URL with parameters.
            • The specific URL(s). Full URLs of the abusive pages, if different from the domain root.
            • The type of abuse. Phishing, malware, spam, CSAM, copyright, trademark, etc.
            • Evidence. Screenshots, email headers (full headers, not just from/to), packet captures, log excerpts, or hashes of malicious files.
            • Timestamps in UTC. When you observed the activity.
            • Your contact information. So the abuse team can request clarification if needed.
            • Targeted brand or victim (for phishing). The name of the institution being impersonated.

            Tip: For phishing, the full email headers and a screenshot of the landing page together are usually enough for fast action. For malware, a SHA-256 hash of the dropper plus the URL helps the abuse team verify quickly.

            After you submit

            The OpenSRS abuse team reviews each report and acts according to the registrar's published abuse policy and ICANN obligations. Depending on findings, action may include:

            • Suspension of the domain (temporary or permanent).
            • Forwarding the report to the hosting provider or upstream operator.
            • Notifying the registrant and giving them a window to remediate.
            • Reporting to law enforcement or designated authorities where required (for example, CSAM).

            Response times vary by severity. High-risk categories such as active phishing, malware, and CSAM are prioritized.

            Warning: Do not file the same report through multiple channels without informing the OpenSRS abuse team. Duplicate reports slow down handling and complicate case tracking.

            Next steps

            • Track your case. Note any reference number returned in the acknowledgment so you can follow up.
            • Report related infrastructure separately. If the abusive site uses additional registrars, hosting providers, or DNS providers, report to each of them.
            • For trademark and UDRP disputes, contact a UDRP provider. The registrar abuse channel is not the right venue for complex IP disputes.

            Questions? Contact OpenSRS Support.

            How helpful was this article?

            Thanks for your feedback!

            Do you still need help? If so please submit a request here.