[How to article] Takedown Phishing Domains/URLs on Cosmotown

How to do a takedown on a malicious domain which is registered through Cosmotown.

Step 1: To begin, open your email account and create a new message.

Step 2: In the “To:” section type Cosmotown’s abuse contact email. You may choose to send it to [email protected], [email protected] or both.

Step 3: For the subject line, use language that allows for the recipient to understand the request and call attention to it.

-ex: “{Your Brand} Phishing on Your Infrastructure”

Step 4: Draft the body of the email. Make sure to provide a detailed description of the abuse including the domain name, all abusive URLs built off the domain, and the IP address of the malicious user.

*Please note that in order to avoid being blocked by the email providers, it is essential to obfuscate the URL by changing some of the characters.

-ex: “https://www.google.com” can be written “hxxp://www[.]google[.]com”


Step 5: Attach screenshot evidence with timestamps showing that the abuse is still currently taking place.

Step 6: Click “Send.”

Cosmotown does not send an automated response when you submit an abuse complaint to them, nor will they update you on their decision once they review your submission.

*Please note: Cosmotown usually assesses the submission within a week, so if the site targeting you is still active after 7 business days you may need to resubmit.