Submitting Takedown Requests in Bolster
Overview: Takedown Requests and Disputes
Submitting takedown requests allows security teams to remove phishing and scam URLs by having Bolster issue notices to relevant entities, such as registrars and hosting providers. Â
When Bolster detects a phishing or scam URL, users don’t need to take action. Bolster does it on the team’s behalf, initiating a takedown automatically or having a Bolster SOC analyst issue one manually. Â
If Bolster determines that a URL is clean or merely suspicious, a takedown is not initiated. If your security team believes the URL should be marked as phishing, the team can dispute Bolster’s verdict. Disputing the verdict automatically initiates a takedown request. Â
This article explains how takedown requests work in the dispute workflow and how to dispute verdicts for individual or multiple URLs.Â
Accessing the Insights Page to Dispute a URL
Accessing the Insights page to dispute a URL lets security teams review URL details and request further action, including disputing the verdict if it has not already been disputed.Â
Access the Insights page to dispute a verdict by clicking on a URL in one of the following locations:Â
- Web moduleÂ
- Monitor Pre-MaliciousÂ
- Takedown MaliciousÂ
- Monitor Post-MaliciousÂ
- Social Media moduleÂ
- Live DetectionsÂ
- IgnoredÂ
- Abuse Mailbox moduleÂ
- DashboardÂ
- Targeted MaliciousÂ
- Scan URL reportÂ
- Takedown Visibility CenterÂ
Disputing a Single URL for Takedown
Disputing a single URL for takedown is done directly from the Insights page using the Dispute button. Follow these steps to dispute one URL and submit a takedown request.Â
- Navigate to the Insights page for the URL. Â
- Select the Dispute button at the top of the Insights page. This action is only available if the URL has not already been disputed.Â
- Complete the Dispute Disposition form with relevant details. Â
- Click Submit. Â
- The disposition updates and a takedown ticket is created automatically.Â
Disputing Multiple URLs for Takedown (Bulk Action)
Disputing multiple URLs for takedown at once uses the bulk action tool available in list views. Security teams can efficiently dispute several URLs using the following steps.Â
- Navigate to a URL list view such as Monitor Pre-Malicious (Web module) or Live Detections (Social Media module). If you’re in the Web module, make sure the grouped view toggle is switched off.Â
- Select multiple URLs by clicking the checkbox to the left of each row. Â
- Open the Bulk Actions menu and select Dispute All. Â
- Complete the Dispute Disposition form. It applies to all selected URLs. Â
- Click Submit to update dispositions and create takedown tickets.Â
Requesting Takedowns from the Scan Page
Requesting takedowns from the Scan page allows security teams to confirm phishing findings and submit removal requests. After scanning URLs directly, any newly found to be phishing or a scam will automatically generate a takedown request. But teams can confirm this finding and provide additional information by submitting a takedown request directly using the following steps.Â
- Enter the website URLs you want to scan on the Scan page. Â
- Click Scan to perform the check. Â
- Review the scan results for each URL. Â
- Select any URLs flagged as phishing or scam. Â
- Open the Bulk Actions menu and select Request Takedown.Â
- Complete the form for all selected URLs. Â
- Click Submit to send the request.Â
If a URL is marked as clean or suspicious, the disposition must be disputed first.Â
Tracking Takedown Status
Tracking takedown status in the Takedown Visibility Center lets security teams monitor current and recent removal activity. All takedown requests, including those your team submitted, are shown in the Takedown Visibility Center:Â
- Current takedowns in progress
- Takedowns completed in the last 30 days
