[How to article] Takedown Phishing Domains/URLs on GMO Internet, Inc

How to do a takedown on a malicious domain which is registered through GMO Internet, Inc.

Step 1: To begin, open your email account and create a new message.

Step 2: In the “To:” section type GMO Groups’s abuse contact email. You may choose to send it to [email protected], [email protected], [email protected] or all three.

Step 3: For the subject line, use language that allows for the recipient to understand the request and call attention to it.

-ex: “{Your Brand} Phishing on Your Infrastructure”

Step 4: Draft the body of the email. Make sure to provide a detailed description of the abuse including the domain name, all abusive URLs built off the domain, and the IP address of the malicious user.

*Please note that in order to avoid being blocked by the email providers, it is essential to obfuscate the URL by changing some of the characters.

-ex: “https://www.google.com ” can be written “hxxps://www[.]google[.]com”


Step 5: Attach screenshot evidence with timestamps showing that the abuse is still currently taking place.

Step 6: Click “Send.”

You will receive a confirmation from GMO group letting you know that they received your email. GMO will make a decision within 48 hours.