Scam SentryHost / Registrar Abuse Reports (Rolling 90 day stats)
| Entity | Domains Reported | Total Reports | Repeat Reports ⓘ |
|---|---|---|---|
| Service.aliyun.com | 4 | 4 | 0% |
| Dynadot.com | 4 | 4 | 0% |
| Google.com | 4 | 4 | 0% |
| Alibaba Cloud | 8 | 8 | 0% |
| Namesilo.com | 92 | 98 | 6% |
| Digitalocean.com | 12 | 13 | 8% |
| Public Domain Registry | 9 | 11 | 18% |
| Colocrossing.com | 8 | 10 | 20% |
| Spaceship.com | 16 | 22 | 27% |
| Namecheap.com | 92 | 143 | 36% |
| Cloudflare | 156 | 296 | 47% |
| Amazon Web Services | 32 | 61 | 48% |
| GoDaddy | 10 | 21 | 52% |
| Internet.bs | 29 | 65 | 55% |
| Easydns.com | 7 | 18 | 61% |
Trends Revealed in Registrar Abuse Response Stats
The registrar stats uncovers trends in scam takedown compliance. Most notably, Cloudflare and Internet.bs at the bottom performance extreme, with a high abuse repeat-report rate. Over half of all abusive domains needed multiple reports, and despite proof, most abuse reports were closed without action. Amazon Web Services and NameCheap closely follow the low performers.
Most abuse reports require re-reporting, allowing abuse to go unchecked for days or weeks, underscoring persistent gaps in domain registrar enforcement and ICANN abuse policy.
Green Sets the Standard
In contrast, registrars with a 0 % multiple-report rate highlights the impact of swift abuse takedowns. The abuse reporting trends tend to show better response times from smaller registrars, typically with in-house abuse teams. Smaller registrars can honor aggressive SLAs with near-instant takedowns and virtually no repeat filings, thanks to leaner portfolios, strict onboarding/KYC (know your customer) checks and dedicated compliance staff.
Large Registrars Struggle with Abuse Reporting Loads
Large registrars juggle millions of active domains and farm out abuse desks to third-party vendors with quantity prioritized over quality. This approach dilutes accountability, creates sprawling ticket backlogs and requires multiple abuse reports before a bad actor is finally placed on clientHold status.
Cloudflare is a Takedown Shield for Scam Infrastructure
Cloudflare’s reverse-proxy model masks the true hosting provider by replacing the origin server IP with its own network. This hides the hosts and upstream carriers serving abusive content, preventing third parties from reaching the actual companies that could shut them down.
Because Cloudflare refuses to disclose origin hosts without strict evidence thresholds, hosting-level enforcement is effectively limited. Abuse action is typically limited to registrars. Domains that only redirect or broker traffic in phishing chains are often deemed non-actionable.
This creates a systemic blind spot where scam networks can rotate domains at scale behind Cloudflare while keeping abusive content insulated from takedown.
