Question 1

What does Clonedown detect?

Accepted Answer

Phishing pages, lookalike and typosquatted domains, fake mobile apps, paid-ad impersonation and other brand and trademark abuse across the open web, app stores and ad networks.

Question 2

How fast are takedowns?

Accepted Answer

Most confirmed threats are actioned within hours. Median response time is under 15 minutes from detection to the first abuse report, and confirmed phishing URLs can be deindexed from search before the host even responds.

Question 3

Is the deindexing success rate really 100%?

Accepted Answer

For verified phishing URLs submitted to Google’s Trusted Copyright Removal Program, yes — confirmed submissions are removed from search results. Host-level takedown timing still depends on the provider.

Question 4

Do I have to manage takedowns myself?

Accepted Answer

No. Detection, evidence and reporting are automated on every plan. The Managed plan adds our 24/7 disruption team and manual toolset, so the whole process runs without your involvement.

Question 5

How is Clonedown priced?

Accepted Answer

Pay as you go is $30 per takedown. Monthly is $1,500/mo per brand, Managed is $4,000/mo per brand with unlimited takedowns and support, and Enterprise covers multiple brands — see Pricing for the detail.

Question 6

Can it connect to our existing security tools?

Accepted Answer

Yes. A documented API streams detections into your SIEM or SOAR and lets you trigger actions from your own tooling. Clonedown also works with Cloudflare, Google Safe Browsing, AbuseIPDB, Spamhaus, Netcraft and more.

Question 7

How do you handle cloaking?

Accepted Answer

Attackers often cloak phishing content to hide it from scanners. Clonedown uses automated and manual techniques to defeat cloaking so hidden threats are still detected and documented.

Question 8

How do you actually find threats?

Accepted Answer

We scan widely: DNS and certificate (SSL/CT) data, search engines, reverse image search, recursive crawling of suspicious pages, our own historical threat database, parasite-SEO abuse on high-authority sites, host and subdomain enumeration, and continuous discovery of newly registered lookalike domains.

Question 9

Do you cover chat and messaging platforms?

Accepted Answer

Yes. Beyond websites, apps and ads, we detect and act against impersonation and scams on chat and messaging providers (such as Telegram, WhatsApp and Discord), where a growing share of fraud now originates.

Question 10

Is there a real team, or is it all automated?

Accepted Answer

Both. Automation handles detection, evidence and the bulk of takedowns. Behind it, a professional disruption team works 24/7 on escalations, uncooperative providers and the cases automation cannot close on its own.

Question 11

Which countries and regions do you cover?

Accepted Answer

All of them. We operate across every geography with no regional restrictions, and the platform and reports are available in multiple languages.

Question 12

What reporting do I get?

Accepted Answer

Advanced reports show threat trends over time, a breakdown of active and resolved threats, and the top abusive hosting providers, registrars and networks targeting your brand — all filterable and exportable.

Question 13

Can I make my own pages harder to clone?

Accepted Answer

Yes — the Clonedown SDK is an optional add-on you embed on your site. It hardens your pages against copying and shows you exactly which visitors accessed them. See the SDK page for detail.