You found a phishing site. Here's how to actually get it taken down.
A free, honest guide to reporting a phishing page yourself — with urlscan.io, WHOIS and the right abuse desks — plus a done-for-you takedown if you'd rather not spend three days chasing a registrar. Reporting flags a site. We get it removed.
- Honest DIY walkthrough
- Free live-status check
- Flat $500 done-for-you option
- 72h money-back SLA
How to report a phishing site yourself — the real steps.
This is the actual chain that gets a phishing page removed. None of it is gatekept — if you have the time, you can do every step below. We use urlscan.io to document and flag, then go to the parties who can remove: the host and the registrar.
-
01
Capture evidence first
Save the full URL, a screenshot of the page, and the date and time you saw it live. Every abuse desk will ask for this, and a phishing page can vanish or change at any moment.
-
02
Scan it on urlscan.io
Submit the URL to urlscan.io for a permanent record: a page screenshot, the domains and IPs it talks to, and the hosting ASN. Search urlscan too — the site may already be scanned. This documents and flags the page; urlscan doesn't host it, so it can't take it down.
-
03
Find the real host & registrar
Run a WHOIS lookup on the domain and read the urlscan results to identify the registrar (who controls the domain) and the hosting provider — plus any CDN such as Cloudflare sitting in front. These are the only parties who can actually remove the site.
-
04
Report to browser safe-browsing
Submit the URL to Google Safe Browsing and Microsoft SmartScreen. Within hours this shows a warning in Chrome, Edge, Safari and Firefox — real protection, even though the page is still live.
-
05
File abuse reports with the host & registrar
Send a clear, evidence-backed report to the host's and registrar's abuse contacts. State plainly that it's a phishing/impersonation site, attach the URL, screenshot and timestamps, and request content removal or domain suspension. Be specific and factual — vague reports get queued.
-
06
Escalate if it stalls
No response? Escalate to the domain registry, the CDN abuse desk (e.g. Cloudflare), and report to APWG and your national cybercrime centre (IC3/FTC in the US, ACSC/Scamwatch in Australia, NCSC in the UK). For ICANN-accredited registrars, an ICANN abuse complaint adds pressure.
Scan the site — see what urlscan sees.
Paste the URL and we'll run it through urlscan.io: a screenshot, the host, IP, ASN and server, and whether it's flagged. Factual only — we show exactly what urlscan returns. Scan by urlscan.io.
We submit it to urlscan as unlisted — your brand URL stays off the public feed and out of search results. No fake scores; only what urlscan returns.
You can report a phishing site all day. Reporting isn't removal.
Tools like urlscan.io and Google Safe Browsing flag a site — they add it to a blocklist so some browsers warn some users. The clone is still live, still hosted, still collecting logins. Removal is a separate job: find the real host and registrar, file a complaint the right abuse desk will act on, and follow up until the page returns a 404. That's the job nobody hands you a button for. It's the one we do for you.
Everything in the free guide above, you can do yourself.
The question is whether you want to spend the next three days doing it. Same outcome, two ways to get there — we don't disparage DIY, we just taught it.
| Step | Do it yourself | Hand it to Core Sentinel |
|---|---|---|
| Find the real host & registrar | You, via WHOIS & urlscan | A senior analyst does it |
| Write the abuse complaints | You draft each one | Evidence-backed, written to act on |
| Follow up & escalate | You chase every desk | We escalate to registry, CDN, authorities |
| Time it takes | Hours to days of your week | About 60 seconds of yours |
| Cost | Free — your time | Flat $500, money-back SLA |
One flat fee, the whole job.
Flat $500 USD. No subscription, no per-domain pricing, no security team required. A senior analyst captures the evidence, identifies the real host and registrar, files the takedown with the desk that acts, follows up until it's down — and tells you the moment it is. Neutralized within 72 hours of analyst approval, excluding weekends and public holidays, or your money back.
Straight answers.
Does reporting a site to urlscan.io take it down?
No. urlscan.io scans and documents a site and helps flag it, but it doesn't host or control the page, so it can't remove it. Removal means getting the host or registrar to take the content offline or suspend the domain — a separate job.
What's the difference between flagging and removing a phishing site?
Flagging (urlscan.io, Google Safe Browsing) adds the site to blocklists so some browsers warn some users. The clone is still live and still collecting logins. Removal takes the content down at the host or suspends the domain at the registrar, so the page returns a 404.
How long does it take to get a phishing site removed?
Browser safe-browsing protection usually lands within hours of a report. Full removal depends on the host and registrar and can take anywhere from hours to days. We guarantee neutralization within 72 hours of analyst approval, excluding weekends and public holidays, or your money back.
Can I get a phishing site taken down myself?
Yes — the DIY guide above walks the full process. It's genuinely doable; it just takes time and persistence chasing abuse desks. If you'd rather not, we do the whole job for a flat $500.
More guides: How to take down a phishing site · The flat-fee takedown service.
Flagging is easy. Removal is the hard part.
Hand an analyst the URL and we take it from flagged to gone. Flat $500 — neutralized within 72 hours of analyst approval, excluding weekends and public holidays, or your money back.
Start my 72-hour takedown