How to Take a Malicious Website Down - The Easy Way

In our last blog...

In our last blog, we took you through the 5 not-so-easy steps required to take down a malicious website manually. If you read the piece, you’ve come to learn that manual takedowns are doable if time and patience are on your side, and if you’re not faced with any of the tricky situations that we outlined. But if you don’t have the time or the patience, or if you simply have too many sites to take down, an easier, more scalable, solution is best. So, without further ado, here it is.

The 3 easy steps to take a malicious website down

Step 1: Contact Bolster. This simple first step will fundamentally change everything. With Bolster on your side, we will scour the internet to find a comprehensive assessment of all threats related to your brand and domains. Results are displayed in a real-time Domain Monitoring Dashboard where all domain variants (aka 'typosquat domains' or 'look-alike domains') both registered and unregistered are identified. For all registered domains, the system will make an initial assessment. For a domain with active content, our system will scan it, render a verdict in milliseconds, and if fraudulent queue for takedown. For a domain that’s registered but not yet live with content, our system will continually monitor conditions for changes in status and signs of weaponization. If a site does emerge, it will get scanned, a verdict will be rendered, and if necessary, will be scheduled for takedown.

Figure 1. Bolster Real-Time Domain Monitoring Dashboard

Step 2: Sit back and watch Bolster work its magic. With Bolster, every site deemed malicious, will trigger an automated takedown process. No need to collect info, fill out forms, or submit evidence. Our system does it all for you automatically in minutes. And our system and team have a number of different mechanisms to employ to see sites through to takedown.

API takedowns: We have extensive relationships with hosting providers, registrars, and registries globally. With some, we have API takedown integrations allowing takedown requests to be issued via API. This approach is the fastest, yielding results in minutes when dealing with credential theft sites.

Automated abuse reporting: If there isn’t a takedown API integration, the fallback is an automated submission via email API integration into the hosting provider’s abuse box or simply via an automated email with evidence. Here, automated takedowns are measured typically in hours.

Step 3: Monitor takedown success. To date we have taken down well over 100,000 malicious websites globally. At the core, it's the combination of the highly accurate evidence collected (our false-positive rate is 1 in 100,000), plus automation, plus our trusted global relationships that makes it all possible. Note too, that once a takedown is completed, the site will be added to the ‘Monitor Post-Malicious’ category in the dashboard making tracking for re-occurrence a snap.

Scalable into the thousands

These 3 simple steps are easily repeated, scaling to however big a problem you may have on your hands. With Zoom, our system identified over 14,000 malicious websites in the first month of service. What’s more, our system took down over 1,400 websites in the first 24 hours, 99% of which were performed with zero human intervention. And these 1,400 takedowns were performed across 28 different hosting companies spanning 7 counties! Read up more on the Zoom case study and takedown success here.

No more corner cases or corners to hide

Our system has notched successes for our customers even when things get tricky. We mentioned in the previous blog that some takedowns are not always clear cut. Websites with active signs of credential theft are the easiest to work with. But sites that are infringing on your copyrights or trademarks are harder to take down, especially automatically. Here, our detailed evidence, complete with logo abuse detection and screenshots, plus our trusted status globally work to your advantage. We can also issue DMCA Takedown Notices to bolster our takedown case. As discussed in the previous blog, DMCA Takedown Notices are an effective measure but only enforceable in the United States. When dealing with sites infringing on copyrights and trademarks, takedown time is measured typically in a few days.

There are also the cases where we’re dealing with a not-so-cooperative hosting provider or hosting country. Here again, our experience and relationships (especially with anti-abuse authorities) work to your advantage allowing for takedown success where you would otherwise strike out.

Whac-a-mole™ — GAME OVER

While taking a website down can be tricky, it can be even trickier to keep it down. It’s very easy for a bad actor to simply re-host the website on another provider network. At this point, the endless whac-a-mole™ game is invoked, with the site perpetually being taken down only to re-emerge. Our system puts an end to this game. Full stop. Here's how:

Continuous monitoring: For every site taken down, the system will continue to monitor the internet for signs of re-occurrence. If the site does re-emerge, anywhere globally, we will invoke our takedown process automatically. This causes bad actors to lose interest, at least with that particular domain, and puts an end to the whac-a-mole™ game.

Submissions to global blocklists: In addition to executing a site takedown, our system also submits the site address to global blocklists including anti-phishing working groups, safe browsing communities, and publicly available threat intel feeds. This serves as added protection, ensuring a site is not reachable at the browser level despite potentially still being up.

Closing thoughts

Phishing and fraud happen fast on the internet, and your brand can quickly come under attack. So, do you wait for that day or put in place a program that affords you advanced warning? And when that day inevitably comes when a site (or sites) needs to be taken down, what steps will you take? Are you going to try to do it manually or enlist a professional service? Hopefully this blog series helped to answer these questions for you. And as always, remember we’re here to help you every step of the way!


Learn more:
Bolster Auto-Takedown solutions
Bolster Domain Protection solutions
Bolster Brand Protection solutions
Bolster Phishing & Fraud Protection solutions

Request a demo & free trial: Free trial

***
Whac-a-mole™ is a registered trademark of Mattel, Inc.

Jeff Baher

Jeff Baher