Registrar Accountability
Every abuse report we send is logged. This page turns that log into a scoreboard: how long each registrar takes to act, how many escalations it takes, and how many malicious domains stay live on their watch. The numbers are computed deterministically from raw data — the categories are derived from the numbers, not from us.
The illusion of security — how registrars profit from the abuse they ignore
On paper, every registrar is bound by its ICANN agreement to investigate and act on abuse. In practice that agreement is a dead letter — window dressing over a business model built on willful blindness. In this project’s entire history we have not seen ICANN apply a single meaningful sanction against a negligent registrar, while the registrar keeps collecting its fee on every domain it sells — the malicious ones included.
Mass negligence
Valid, evidence-backed abuse reports are systematically ignored, buried, or met with an automated non-reply.
Indisputable proof, ignored
Domains flagged by VirusTotal and independent infosec labs stay live while abuse desks stall or go silent.
Profitable delays
Malware and phishing stay online for weeks — every extra day is a paying customer the registrar won’t cut off.
This is not bureaucratic incompetence — it is tacit complicity. Everything below is the receipts: dates, escalations, evidence, and outcomes.
Methodology — how these numbers are computed
| Registrar | Domains | Escalated | Median resp. | Live 90d+ | Ignored | Verdict |
|---|---|---|---|---|---|---|
| Loading accountability data… | ||||||
Fairness safeguards. Platforms we never file abuse reports against (Cloudflare, Vercel, GitHub and other free hosts) are excluded — ranking them would be meaningless. Registrars with fewer than 10 reported domains are omitted to avoid small-sample distortion. Response medians are computed only over domains with a recorded takedown; still-active domains are counted separately and never averaged in. Every claim is reproducible from the hashed dataset above.