Takedown FAQs

Answers to frequently asked questions about OnDOMAIN's integrated takedown.

Ivan Kovachev avatar
Written by Ivan Kovachev
Updated over a week ago

Q: Why did we choose OpSec as our takedown partner vs others?

A: We partnered with OpSec as they are the most established and reputable firm in the “takedown” space. Reputation and credibility matter when trying to prove fraud.

Q: If a customer (e.g. yoursite.com) received fraudulent emails asking for invoice payment from lookalike domains (y0ursite.com and yourslte.com), would that be enough for a takedown?

A: It is highly likely that these domains would be taken down successfully as evidence of fraudulent activity exists for both in the form of invoice fraud. When submitting domains for takedown, be sure to submit any/all evidence you have in order for OpSec to process the takedown as quickly and efficiently as possible.

Q: Can I apply to take ownership of a domain that has been taken down? If so, do t

I have any priority in being able to acquire it?

A: While OpSec doesn't have the ability to purchase the domain for you, it is definitely possible for you to create a domain backorder for the domain in question. GoDaddy, amongst others, allows you to do this, and it is a good idea to work with multiple registrars in order to achieve the highest purchase success. There isn't a way to create a priority to purchase it.

Q: Is the domain available so that someone else can purchase it, for example, a competitor or the person with the original malicious intent?

A: This largely depends on the registrar. Some registrars will release the domain as soon as it is suspended (which means you could purchase it instantly) whereas others will move the domain into a "Pending Delete" or "Redemption Period" for a few days before it can be purchased again. Regardless, at some point, the domain should become available for purchase.

Q: Does the taken-down domain appear or feature on watchlists thereafter?

A: This is a tough question since OpSec doesn't control those watchlists. Many domain blocklists will contain bad domains long after those domains were taken down - mainly to prevent someone from doing what you're thinking - repurchasing the domain and trying to defraud people again. For places like OpenPhish and other phishing OSINT lists, those domains become part of the historical phishing record, so it is possible that these would show up as a result of a Google search for the bad domain.

Did this answer your question?