According to the Anti-Phishing Working Group, phishing attacks hit an all-time high in 2023 with nearly five million attacks recorded in a single year. Many of those involved fake websites impersonating legitimate brands. If you just discovered one targeting your company, you are not alone.
The good news: you can get these sites taken down. The process is more straightforward than most people think, and it works. In this guide, we walk you through the complete website takedown process, from collecting evidence to filing abuse reports and getting fraudulent domains shut down.
Why Fake Websites Are a Serious Threat
Brand impersonation goes far beyond a minor annoyance. Fraudulent websites can steal customer data through phishing attacks, damage the trust you spent years building, and divert revenue from your legitimate business. In some cases, customers who fall victim to scam sites blame your actual company, leading to support tickets, refund demands, and negative reviews you had nothing to do with.
The longer a fake site stays online, the more damage it does. Acting quickly is critical.
Impact of Brand Impersonation
Stolen Customer Data
Lost Revenue
Damaged Brand Trust
Legal Liability
The Legal Basis: Why Takedowns Work
Here is something most business owners do not realize: hosting providers and domain registrars are legally obligated to act when you report abuse on their platforms.
This is based on the notice-and-takedown principle, which is embedded in regulations like the EU's Digital Services Act (DSA), the US Digital Millennium Copyright Act (DMCA), and similar frameworks worldwide. The core idea is simple: once a provider receives a valid complaint about fraudulent or infringing content on their infrastructure, they cannot simply ignore it. If they fail to act after being notified, they risk becoming liable for the illegal content themselves.
This gives your takedown request real leverage. In practice, most reputable hosting providers and registrars respond within a few business days. Some act within hours.
Step 1: Document Everything
Before you contact anyone, collect solid evidence. This is the foundation of your entire takedown case. Take screenshots of the fake website (including the URL bar visible), and document what exactly makes it fraudulent. Are they using your logo? Your company name? Copying your product pages?
Save everything with timestamps. If the site changes or goes down temporarily, you want a record of what it looked like when you found it.
What to capture:
- Full-page screenshots of the fake site (with URL visible)
- Screenshots of your legitimate website for comparison
- The domain name and any variations you find
- Any emails or communications originating from the fake domain
- Customer reports or complaints related to the impersonation
Step 2: Find Out Who Is Hosting the Fake Website
Every website runs on a server somewhere, and that server belongs to a hosting provider. To get the site taken down, you need to figure out who that provider is.
This is easier than it sounds. Use a free DNS lookup tool like DNS Checker or MXToolbox and look up the A record for the fake domain. The A record reveals the IP address of the server hosting the site. From there, you can identify the hosting company.
Most tools will show you directly which provider owns that IP address. Common hosting providers you might encounter include Cloudflare, Amazon Web Services (AWS), DigitalOcean, Hetzner, or OVH.
$ dig A y0urcompany.com
; <<>> DiG <<>> A y0urcompany.com
;; ANSWER SECTION:
y0urcompany.com. 300 IN A 185.199.108.23
;; Hosting Provider:
→ Hetzner Online GmbH (AS24940)
Step 3: Find the Domain Registrar
The domain registrar is the company where the fraudster registered the fake domain name (the ".com" or ".de" address itself). This is separate from the hosting provider, and you will want to contact both.
To find the registrar, run a WHOIS lookup on the fake domain using a tool like whois.com or ICANN Lookup. The WHOIS results will show you which registrar manages the domain.
Common registrars include GoDaddy, Namecheap, Tucows, or regional ones like DENIC for .de domains.
Tip: Sometimes the hosting provider and the registrar are the same company. In that case, one well-crafted abuse report can address both the hosting and the domain at once.
Step 4: File Abuse Reports
Now comes the core of the website takedown process: filing abuse reports with both the hosting provider and the domain registrar.
Most providers have a dedicated abuse contact. You can usually find it on their website (look for "abuse", "report", or "trust & safety" pages), or check the WHOIS data for an abuse email address.
What to Include in Your Abuse Report
Your report needs to be clear, factual, and well-documented. Include the following:
Abuse Report Structure
Your identity and authority
Who you are, your role, and your connection to the legitimate brand
The fraudulent domain
The exact URL of the fake website
The nature of the violation
Brand impersonation, trademark infringement, phishing, fraud
Evidence
Screenshots, side-by-side comparisons, trademark registration numbers
Your legitimate website
Link to your actual company site for comparison
A clear request
Ask specifically for the domain to be suspended or the content removed
Keep the tone professional and factual. Avoid emotional language. Stick to the facts and make it as easy as possible for the abuse team to verify your claims and take action.
Following Up
If you do not hear back within 3-5 business days, follow up. Reference your original ticket number and ask for a status update. Persistence matters. Abuse teams handle high volumes of reports, and a polite follow-up can move your case forward.
Struggling with the process? If tracking multiple providers, writing abuse reports, and following up is taking more time than you have, professional takedown services can handle the entire workflow for you, from investigation through to confirmed removal.
Step 5: Get the Site Blacklisted
While you wait for the hosting provider and registrar to act, you can take additional steps to limit the damage. Reporting the fake site to major security blacklists helps protect users even before the domain is fully taken down.
Key platforms to report to:
- Google Safe Browsing — submit the URL at safebrowsing.google.com. Once flagged, Chrome, Firefox, and Safari will display a warning before users can visit the site.
- Microsoft Security Intelligence — report the URL to protect Edge users and Microsoft's security ecosystem.
- Spamhaus — if the domain is being used for spam or phishing campaigns.
- Social media platforms — if the fake brand also has profiles on social media, report those too.
Deceptive site ahead
Attackers on y0urcompany.com may trick you
This site has been flagged by Google Safe Browsing as potentially deceptive. It may attempt to steal your personal information.
Blacklisting does not remove the website itself, but it puts a big red warning screen between the fake site and your customers. That is a significant layer of protection while the full takedown is being processed.
How Long Does a Website Takedown Take?
Timelines vary depending on the hosting provider, the type of violation, and how well your abuse report is put together. Here is a rough overview:
| Scenario | Typical Timeline |
|---|---|
| Major hosting provider, clear violation | 1–3 days |
| Privacy-protected WHOIS, standard registrar | 3–7 days |
| Offshore or unresponsive provider | 1–4 weeks |
| Bulletproof hosting (designed to resist takedowns) | Several weeks |
The most important factor is the quality of your initial abuse report. A well-documented, clearly written report with strong evidence gets significantly faster results than a vague complaint.
What If the Site Keeps Coming Back?
Persistent fraudsters sometimes register new domains or move to different hosting providers after a successful takedown. This is unfortunately common, especially in organized phishing campaigns. If you are dealing with a repeat offender, the situation calls for ongoing monitoring and a more systematic approach. This might include setting up domain monitoring alerts, building relationships with abuse teams at major providers, or working with a dedicated brand protection service that can detect and respond to new impersonation sites quickly.
Dealing with cybersquatting? If someone has registered a domain that imitates your brand name, taking the site down is only the first step. You may also want to reclaim the domain itself through legal channels. Our Cybersquatting Guide covers the full process: from UDRP complaints to cease-and-desist letters and prevention strategies.
When to Consider Professional Help
The steps above work, and many businesses successfully handle takedowns on their own. But there are situations where bringing in specialists makes sense:
- You are dealing with multiple fake sites and do not have the bandwidth to investigate and report each one
- The fraudsters keep coming back and re-register domains or switch hosting providers after each takedown
- You need faster response times because the fake site is actively harming customers right now
- The technical investigation is complex, for example when sites hide behind multiple layers of proxies, CDNs, or privacy services
- You want ongoing brand monitoring so new threats are caught early, before customers encounter them
Professional brand protection services like nebty specialize in exactly this. They handle the entire process from investigation and evidence gathering through to confirmed removal, and they typically achieve faster turnaround times thanks to established relationships with hosting providers and registrars worldwide.
Prevention: How to Stay Ahead of Impersonators
Taking down a fake website is reactive. Ideally, you want to catch impersonation attempts early, before they cause real damage.
Monitor your brand online. Set up Google Alerts for your brand name and key product names. Use domain monitoring tools to catch lookalike domain registrations as soon as they happen.
Register common domain variations. If your brand is "acme.com", consider also registering "acme.net", "acme.co", and common typo variations. This is cheaper than fighting takedowns later.
Educate your customers. Make it clear on your website which domains are legitimately yours. Some companies maintain a public list of their official web properties.
Protect your trademarks. Having registered trademarks strengthens your takedown requests significantly. Registrars and hosting providers take reports backed by trademark registrations much more seriously.
Frequently Asked Questions
Can I take down a fake website from another country?
Yes. The notice-and-takedown principle works internationally. Hosting providers and registrars operate under their own terms of service, which typically prohibit fraudulent use regardless of where the site operator is located. If the provider is based in the EU, the Digital Services Act applies. For US-based providers, the DMCA provides a legal framework.
How much does a website takedown cost?
Doing it yourself costs nothing except your time. Professional takedown services vary in pricing, typically ranging from a few hundred to several thousand dollars depending on complexity and whether you need ongoing monitoring.
What if the WHOIS data is hidden behind privacy protection?
Many fraudsters use WHOIS privacy services to hide their identity. This does not block the takedown. You can still contact the registrar's abuse department directly. The privacy shield protects the registrant's personal data from public view, but it does not protect them from abuse complaints filed with the registrar.
Is a website takedown the same as a DMCA takedown?
Not exactly. A DMCA takedown specifically targets copyright infringement (e.g., someone copying your website content). A brand impersonation takedown is broader and can be based on trademark infringement, fraud, or phishing. In practice, you may use both approaches depending on what the fake site is doing.
What if the hosting provider does not respond?
Escalate. Contact the upstream network provider (the company that provides internet connectivity to the hosting company). You can also file complaints with organizations like ICANN (for domain-related issues) or relevant law enforcement agencies. In the EU, you can reference the DSA's complaint handling obligations.
Key Takeaways
Getting a fake website taken down is absolutely doable. The process follows a logical sequence: document the fraud, identify the hosting provider and registrar, file well-crafted abuse reports, and follow up until the site is removed. Blacklisting adds an extra layer of protection for your customers while the takedown is in progress.
The most important thing is to act fast. Every day a fake website stays online is a day it can damage your brand and harm your customers.
Need help with a website takedown?
We handle takedowns every day. Whether you need help removing a single fake site or want to set up proactive brand monitoring, we are here to help.
Talk to the nebty teamAbout the author
Benedikt Scheungraber
Co-Founder & CEO, nebty
Benedikt founded nebty to make professional brand protection accessible to businesses of all sizes. He writes about digital threats, domain abuse, and how companies can defend their online identity.