Report Abuse
Submit evidence of spam emails, phishing sites, malicious IPs, and online abuse. Every verified report helps protect users across the internet.
Submit a Report
What You Can Report
Our abuse reporting system accepts evidence-backed submissions across four categories. Reports without evidence or description are deprioritised in our review queue.
Report Spam Emails
Submit the sender's email address and a description of the unsolicited messages. Include email headers if available - They reveal the true origin IP and routing path.
Report Malicious IP Addresses
Report IPs conducting port scans, brute-force login attempts, DDoS participation, or serving malware. Use our blacklist checker to see if the IP is already flagged before submitting.
Report Phishing Domains
Phishing sites impersonate banks, payment providers, and popular services to steal credentials. Submit the domain along with a screenshot. Use our WHOIS lookup to identify the registrar for parallel reporting.
Report Malware & Ransomware Sources
If a domain or IP is distributing malware, ransomware payloads, or command-and-control (C2) traffic, report it here. Logs, packet captures, and file hashes are especially useful evidence.
How to Write an Effective Abuse Report
Reports that include specific details and supporting evidence are actioned significantly faster than vague submissions. Here is what makes a report useful:
1. Be Specific
Include the exact IP address, email address, or domain. Note timestamps in UTC where possible - "On 2026-04-28 at 14:32 UTC" is far more actionable than "recently."
2. Attach Evidence
Screenshots, email headers, server logs, and packet captures are all valuable. Even a single screenshot of the offending content significantly increases review speed.
3. Describe the Impact
Explain who was targeted and what harm occurred. A report that says "this IP scanned my server 4,000 times in one hour" is prioritised over "I got scanned."
4. Cross-Report
For the fastest takedown, also report to the ISP's abuse desk (found via WHOIS), the hosting provider, and relevant blocklists such as Spamhaus or SORBS.
.txt file.
What Happens After You Submit
Our review process is designed to be thorough rather than instant. Here is what to expect:
- Submission received. Your report enters our review queue immediately. You will see a confirmation on screen.
- Initial triage (within 48 hours). Our team checks whether the submitted entity is already flagged, cross-references against known threat intelligence feeds, and assesses the evidence quality.
- Verification. For IP reports, we run our own checks including blacklist lookups, port scans, and reverse DNS inspection. For domains, we inspect SSL certificates, WHOIS history, and hosting patterns.
- Action. Verified malicious entities are added to our internal blocklists and flagged in our tool results. High-confidence reports are forwarded to upstream abuse contacts and relevant threat-sharing organisations.
We do not share your personal details or account information with the reported party under any circumstances. Reports are kept confidential.
Check Before You Report - Free Verification Tools
Running these checks before submitting helps you build a stronger report and may answer your questions without needing to submit at all.
Frequently Asked Questions
Do I need an account to report abuse?
Yes - A free WhatsMyIP.now account is required to submit reports. This prevents anonymous spam submissions and ensures every report is traceable to a real user. Creating an account takes under 60 seconds and requires no credit card.
How long does it take for a report to be reviewed?
Our team aims to triage all submissions within 48 hours. Reports with clear evidence and specific details are reviewed faster. High-volume or automated attack reports are escalated immediately if they match known threat patterns.
Will the reported party know who submitted the report?
No. Your account information and personal details are never shared with the reported party. When we forward reports to upstream abuse desks or ISPs, we do so without disclosing the identity of the original reporter.
How do I find the email headers for a spam report?
Email headers contain the full routing path of a message, including the originating IP address. Here is how to access them in common clients:
- Gmail: Open the email, click the three-dot menu (more options), select Show original
- Outlook (web): Open the email, click the three-dot menu, select View message source
- Apple Mail: Open the email, go to View → Message → All Headers
Copy the full header block and paste it into the description field, or save it as a .txt file and attach it as evidence. You can also run it through our email header tracer to identify the origin IP before submitting.
What if the IP is already on a blacklist?
You can still report it. Existing blacklist entries may cover only specific abuse categories (e.g. spam but not port scanning). A report with fresh evidence helps update threat intelligence and may trigger re-evaluation by blocklist operators. Run a blacklist check first to see which lists already cover it.
Can I report an IP that scanned my server?
Yes. Port scanning and brute-force attempts are a valid abuse category. Include the source IP, the ports targeted, and if possible attach a log snippet showing the scan timestamps. Use our port scanner to check if the reported IP is itself exposing vulnerable services.
What types of evidence are most useful?
In order of most to least useful:
- Server access logs or firewall logs with IP, timestamp, and request details
- Full email headers (not just the email body)
- Screenshots of phishing pages or fraudulent content
- Packet captures (
.pcapfiles) for network-level attacks - File hashes (MD5/SHA256) for malware samples
- Screenshots of the abuse with timestamps visible