In this article, you'll find out how to make a takedown request on a suspect domain and keep track of all your pending or closed requests.
TABLE OF CONTENTS
Attackers regularly register domain names similar to company names in order to usurp the identity of employees and external contacts (customers and/or service providers). The aim is to steal sensitive and operational information for the purposes of information theft or illegitimate access to internal IS resources.
As an official CERT, XMCO is able to request the closure of malicious domains (phishing, president scams, etc.) from the registrars with which these domains are registered. Over the years, we have developed a network of contacts within these registrars to help us deal with these domains.
XMCO takes care of the entire procedure, from the initial request to reminders, and informing the customer once the procedure is complete.
This is an additional service to Serenety or Yuno.
General workflows
From LePortail, in the Serenety section, you can make a takedown request so that CERT-XMCO can start the procedures with the registrars.
Overall takedown procedure operated by CERT-XMCO
1. Fill in the form
- Go to the takedown request form.
- Fill in all the required fields.
2. Validation of the request
- Once your request has been completed and validated, it is given the status "New".
- At this stage, you can :
- Request a change to your application.
- Cancel your application without affecting your credits.
3. Handled by CERT-XMCO
- Each takedown is processed within 24 hours of its request by CERT-XMCO.
- When CERT-XMCO takes the first action, the status of the request changes to "In progress".
- At this stage, you can no longer cancel the request in the interface (but you can still do so by email). However, you can still change the type of Takedown request.
4. Monitoring the request
- You can track the progress of your request directly on LePortail.
- An Excel export file is available for detailed tracking of actions.
5. Closing the request
- When the request status changes to "Closed", this means that the CERT-XMCO procedures have been completed in full.
- The actions taken by the registrars are listed in the Excel file available.
Request a takedown
From the interface
Step 1 : Go to the Takedown section of LePortail in the Serenety section
You will be redirected to the takedown request interface.
Step 2 : Click on the New request tab
Step 3 : Complete the "New takedown request" side page
- The domain(s) you wish to close
- The scope of your company concerned by the request
- Type of abuse :
- Preventive takedown
- Phishing
- Brand infringement
- Employee identity theft
- Spam
- Legal information about your company to support your request to the registrar
- Any evidence you have that will help us to close the domain
Step 4 : Once your request is complete, you can validate it using the button at the top of the page.
If you do not have any takedown credits, an error message is displayed. You should contact your operational or sales customer manager to obtain additional credits.
View all your requests
The interface allows you to use different filter and search parameters:
- By date
- By scope
- By domaine
- By status
- By registrar
Export your takedown requests
An export function for takedowns is available from the button at the top right. This feature allows you to obtain an Excel file containing the information below.
Only request in "new" status can be cancelled without credit deduction. One CERT-XMCO has taken action, all request are final.
If you wish to request a modification or cancellation, please contact the team at serenety@xmco.fr.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article