CoreSentinel Start a Takedown

CoreSentinel Phishing Takedown — Customer Terms

Version: v0.3 Effective date: 23 June 2026 Last updated: 23 June 2026 Provider: CoreSentinel Pty Ltd (ABN 51 611 410 658), Governor Phillip Tower, 1 Farrer Place, Sydney NSW 2000, Australia. Contact: phishing@coresentinel.com Service URL: https://takedown.coresentinel.com

These Terms govern your purchase and use of CoreSentinel’s phishing site takedown service (“the Service”). By submitting a takedown request and completing payment, you agree to these Terms. They are in addition to any general website terms and conditions published at coresentinel.com.

1. What the Service is

The Service is a professional, human-operated phishing takedown service. When you submit a malicious URL and authorise payment, CoreSentinel investigates the report, captures evidence, and submits abuse reports to the relevant parties (domain registrars, registries, hosting providers, CDNs, and platforms) seeking the removal, suspension, or blocking of the reported phishing content. The Service is operated by a certified security professional (OSCE/OSCP), not an automated form.

We offer two tiers:

  • Single Takedown — USD $500. One reported phishing URL, with 7 days of monitoring of the reported domain following takedown.
  • Takedown + Watch — USD $900. One reported phishing URL, with 30 days of monitoring following takedown. If the same phishing threat re-emerges on that domain within the 30-day window, we will action a further takedown at no additional charge.

All prices are in US Dollars and are inclusive of any applicable taxes. When you order, your card is pre-authorised for the fee via Stripe — this places a hold, it is not a charge. We capture the payment only after we have verified the takedown. If we do not achieve takedown within the guarantee window (Section 4), the hold is released and you are never charged.

2. The 72 Business-Hour Service Level (SLA)

We aim to achieve takedown of the reported URL within 72 business hours of case approval — the point at which, after your payment has been confirmed and we have reviewed your submission (a working URL and the information we reasonably need to act), we accept the case and begin remediation work. The SLA clock starts at approval; it does not run during checkout or while we are validating your submission.

For the purposes of these Terms:

  • “Business hours” accrue only during business days.
  • “Business day” means Monday to Friday, excluding public holidays observed in New South Wales, Australia.
  • The clock pauses entirely on weekends and NSW public holidays and resumes at the start of the next business day.

“Takedown achieved” means the reported URL no longer resolves to, or serves, the phishing content — whether by domain suspension, hosting removal, content removal, or equivalent action by a responsible third party. If the reported URL redirects to other URLs, we may also report those, but whether takedown has been achieved (and therefore whether your card is captured) is assessed on the originally reported URL being neutralised.

3. What we can and cannot guarantee

We act as an intermediary. We do not control domain registrars, registries, hosting providers, or platforms, and final action rests with those third parties. We commit to using our professional skill and reasonable efforts to achieve takedown within the SLA, and we stand behind that commitment with the no-takedown, no-charge guarantee in Section 4.

We do not:

  • access, alter, or interfere with the malicious site or any third-party system;
  • act as law enforcement, or guarantee prosecution of any party;
  • guarantee that a hostile or non-responsive registrar/host in any particular jurisdiction will comply.

4. No-Takedown, No-Charge Guarantee

If we do not achieve takedown of the reported URL within 72 business hours (as defined in Section 2), you are not charged: because your card is only ever pre-authorised (Section 1), the authorisation hold is released in full and no payment is taken.

  • Your card is captured only on a verified takedown. A missed guarantee means the authorisation hold simply expires or is released — there is nothing to refund, because no charge was made.
  • In the rare event a payment was already captured and the guarantee is then found not met, we issue a full refund of the amount paid, with no deduction for payment-processing fees, on request to phishing@coresentinel.com referencing your case reference. We aim to process such refunds within 5 business days; the time for funds to appear depends on your payment provider.
  • If you have been charged and believe the takedown was not actually achieved, contact us at phishing@coresentinel.com within 14 days of the charge and we will review.
  • For the Takedown + Watch tier, the guarantee applies to the initial takedown. The 30-day monitoring component is a separate ongoing benefit and is not refundable once monitoring has commenced, except as required by law.

This guarantee is a contractual benefit we offer in addition to your legal rights. It does not limit those rights — see Section 7.

5. Your responsibilities and warranties

By submitting a takedown request, you warrant that:

  • you are the owner of, or are authorised to act on behalf of, the brand, organisation, or person being impersonated or targeted by the reported content, or you otherwise have a legitimate basis to request the takedown;
  • the URL you submit hosts genuinely malicious, fraudulent, or impersonating content;
  • the information you provide is accurate and complete.

We may report abusive or fraudulent use of the Service to relevant authorities.

6. Requests we may decline

We may decline a request — for example, where the content is not phishing or otherwise actionable, where we are unable to lawfully act, or where the request appears to target lawful content or a competitor in bad faith. If we decline a request before commencing takedown work, you are not charged (any pre-authorisation hold is released in full).

7. Australian Consumer Law

Nothing in these Terms excludes, restricts, or modifies any consumer guarantee, right, or remedy you have under the Competition and Consumer Act 2010 (Cth), including the Australian Consumer Law, or any other law that cannot lawfully be excluded.

Where our services come with guarantees that cannot be excluded under the Australian Consumer Law, and to the extent we are entitled to do so, our liability for breach of such a guarantee is limited to re-supplying the service or paying the cost of having the service re-supplied. The no-takedown, no-charge guarantee in Section 4 is offered in addition to, and not instead of, your rights under the Australian Consumer Law.

8. Limitation of liability and indemnity

Limitation of liability and indemnity provisions are under review and will be added by amendment.

9. Privacy

We handle personal information in accordance with our Privacy Policy at https://www.coresentinel.com/phishing-takedown-privacy/, which forms part of these Terms.

10. Governing law

These Terms are governed by the laws of New South Wales, Australia. You and CoreSentinel submit to the non-exclusive jurisdiction of the courts of New South Wales.

11. Changes and contact

We may update these Terms from time to time; the version in force when you submit a request applies to that request. Questions: phishing@coresentinel.com.