Take down fraudulent domains

To request anonymous takedown of fraudulent domain content, you must be the owner of the primary brand and have an authorization letter on file stating this. If you don't have a letter on file, a message appears on the Domain Takedown page instructing you to upload a signed letter. Optionally, you can upload supporting evidence files, which may expedite the takedown request review.

Start a domain takedown

Complete the next procedure to request a domain takedown.

  1. Display a related domains report.

  2. On the Related domains report page, check the Risk level column for domains of high risk to your brand. To ensure that the list is sorted in descending order, click the Risk level column head to re-sort the list.

  3. For each high-risk domain (High), click the Actions menu and select Start Takedown (or Takedown Status if you previously started to fill out the form and saved the data.).

    A confirmation dialog opens asking if you want to continue.

  4. Click Yes.

    The Domain Takedown page opens.

  5. In the Takedown Request Form panel, verify these items:

    1. Authorization Letter field.

      • If an authorization letter is on file confirming that you're the owner of the primary brand, you can continue to Step 4.b.

      📘

      Once uploaded and approved, the authorization letter is used for all takedown requests associated with the account.

    2. Evidence of malicious exploit field. Optional.

      • If you previously uploaded evidence files, or you don't feel that it's necessary to do so, continue to Step 5.
      • Otherwise, you can upload evidence files now.
  6. To initiate the takedown request now, click Takedown. Otherwise, to save the Takedown Request Form data and initiate the takedown request later, click Save.

Domain Takedown page

Depending on where you are in the domain takedown workflow, one of three panels appears on the page:

  • Takedown Request Form
  • Takedown Request Status
  • Takedown Request Cancelation Status

The next table describes each panel.

PanelDescriptionFields and buttons

Takedown Request Form

Displays the form you need to complete prior to requesting a domain takedown.

  • Request state field. Displays a workflow graphic highlighting the state of the takedown request. On the Takedown Request Form panel, the Draft state is highlighted.

  • Authorization letter field. An authorization letter must be on file for the account before the takedown request can progress to the REQUESTED state. This letter is used for all takedown requests associated with the account, so it only needs to be uploaded once.

    • To download the authorization letter if one is on file, click Download file.
    • To upload a signed authorization letter, or to replace the authorization letter on file, see Download/upload an authorization letter.
  • Domain, Violation type, and Source type fields. Read-only fields that are automatically filled in.

  • Evidence of malicious exploit field. Optional. Upload one or more evidence files. Evidence files may expedite moving the takedown request to the SUBMITTED state.

  • Save button. Save the form data in DRAFT state. You can return to the page later to complete the form and issue the takedown request.

  • Takedown button. Appears when you initiate a new takedown request. If the authorization letter is missing, the Takedown button is disabled.

  • Cancel Takedown button. When you cancel a takedown request in the DRAFT state, the following UI updates appear:

    • On the Domain Takedown page, the Takedown Request Cancelation Status panel appears.
    • The Request state workflow highlights the CANCELED state.

Takedown Request Status

Shows the takedown request status starting at the `REQUESTED` state and throughout the workflow.
  • Request state field. Displays a workflow graphic highlighting the state of the takedown request.

  • Request time field. Time that the takedown request transitioned to the REQUESTED state.

  • Domain, Violation Type, and Source Type fields. Read-only fields that are automatically filled in.

  • Authorization Letter field. This letter is used for all takedown requests associated with an account. This letter is used for all takedown requests associated with the account, so it only needs to be uploaded once.

    • To download the authorization letter if one is on file, click Download file.
    • To upload a signed authorization letter, or to replace the authorization letter on file, see Download/upload an authorization letter.
  • Evidence files field. Optional. If evidence files are uploaded, the Download files button is enabled.

  • Cancel Takedown button. Canceling a takedown changes its state to CANCELED. If the takedown request was in the SUBMITTED state when cancelation was initiated, no further submissions to the disruption network are made. However, actions that were performed before the cancelation request may be irreversible.

Takedown Request Cancelation Status

Shows the status of a canceled takedown request.

  • Request state field. Displays a workflow graphic highlighting the state of the takedown request. On the Takedown Request Cancelation Status panel, the status is either CANCELED, DENIED, or DOWN ON ARRIVAL.

  • Request time field. Time that the takedown request transitioned to the REQUESTED state.

  • Domain, Violation Type, and Source type fields. Read-only fields that are automatically filled in.

  • Authorization letter field.

  • Evidence files field. Optional. If evidence files are uploaded, the Download files button is enabled.

  • Notes field. Appears after a takedown request reaches the SUBMITTED state. The field displays additional information, if any.

Workflow states

Each takedown request transitions through four main states:

DRAFT -> REQUESTED -> SUBMITTED -> ACCEPTED

where the states are defined as:

  • DRAFT. Request is being drafted.
  • REQUESTED. Operations team is reviewing and processing the request.
  • SUBMITTED. Disruption network is processing the takedown request.
  • ACCEPTED. Fraudulent domain is removed.

Depending on the takedown scenario, there can be alternate workflows with additional states, as described next.

Alternate workflows

Consider the following workflow:

DRAFT -> REQUESTED -> EVIDENCE REQUIRED -> REQUESTED -> SUBMITTED -> ACCEPTED

The following events occur:

  1. While the account owner is drafting the takedown request, it is in the DRAFT state.

  2. After completing the draft and submitting the request, it transitions to the REQUESTED state.

  3. The operations team reviews the request, determines that evidence files are needed, and transitions the request to the EVIDENCE REQUIRED state.

  4. The account owner uploads evidence files and resubmits the takedown request. The request transitions back to the REQUESTED state.

  5. The operations team reviews and approves the request, transitioning it to the SUBMITTED state. The disruption network begins processing.

  6. After the fraudulent domain is removed, the request transitions to the ACCEPTED state.

In another alternate workflow, the takedown request may be denied or cannot be completed, resulting in one of the following terminal states:

  • DENIED. The request doesn't meet the criteria for takedown, or the network denies the request for removal.
  • DOWN ON ARRIVAL. The request can't be completed because the fraudulent domain is down.

If you cancel a takedown request, the workflow varies depending on the request state at the time you initiate cancelation:

  • If the request form is in the DRAFT state, it is updated to CANCELED.
  • If the request is in the REQUESTED or SUBMITTED state, it is updated to CANCEL REQUESTED.
    Later, after the takedown request is reviewed, the state is updated to either CANCELED, DENIED, or DOWN ON ARRIVAL.

Takedown Settings page

Use the Takedown Settings page to perform these actions:

Download/upload an authorization letter

An account must have a signed authorization letter on file to request a domain takedown. Once uploaded and approved, the authorization letter is associated with the account and is used for all subsequent takedown requests.

Complete the next procedure to download an authorization letter to sign, and to upload the signed letter. If a signed letter is already on file, you can download the letter and delete it before uploading a new signed letter.

  1. On the Domain Takedown page, top toolbar, click Takedown Settings.

    The Takedown Settings page opens. Notice that there are two sections:

    • Download authorization letter to sign
    • Upload signed authorization letter or Existing signed authorization letter
  2. In the Download authorization letter to sign section, click Download.

    An unsigned authorization letter is downloaded to your computer.

  3. Sign the letter, and save the file under a new name that includes your account name. You may also want to include the date. For example, MyAccount_Signed_Auth_Letter_2023-02-01.

  4. If the Existing signed authorization letter panel appears on the page, a letter is already on file for your account. You must first delete the letter before you can upload a new one. Otherwise, go to Step 5.

    1. Click Delete.

      A confirmation dialog opens.

    2. Click Yes.

      The letter on file is deleted, and the Upload signed authorization letter section now appears on the page.

  5. In the Upload signed authorization letter section, upload the letter you signed in Step 3.

View takedown status

To view takedown status, complete the next procedure.

  1. Navigate to the related domains report page.

  2. Click the Actions menu for the related domain of interest and select Takedown Status.

    The Domain Takedown page opens displaying the Takedown Request Status panel.

Cancel a takedown request

To cancel a takedown request, complete the following procedure.

📘

Canceling a takedown stops the takedown progress; no further submissions to the disruption network are made. However, actions that were performed before the cancelation request may be irreversible.

  1. If you started a domain takedown for a related domain and subsequently want to cancel it, on the Domain Takedown page, top toolbar, click Cancel Takedown.

    A confirmation dialog opens.

  2. Click Yes.

    The dialog closes. On the Domain Takedown page, notice that the Request state field is updated.