A phishing site that copies your brand can harvest a victim’s credentials in under a minute, so speed matters. This is the honest, do-it-yourself process for getting one removed — the same chain a professional follows. Reporting a site isn’t the same as removing it: blocklists get users warned; only the host or registrar can take the page down. Here’s how to do both.
Step 1 — Collect the evidence
Before the page changes or disappears, capture: the full URL, a screenshot of the page, the date and time you saw it live, and the response headers if you can. A WHOIS record of the domain is useful too. Every abuse desk will ask for this, and good evidence is what makes them act quickly.
Step 2 — Report it to the browser blocklists
This gets the site flagged and warned in major browsers within hours — real protection for users, even though the page is still live:
- Google Safe Browsing — report a phishing page (protects Chrome, Safari, Firefox).
- Microsoft — report an unsafe site (SmartScreen, for Edge).
- APWG — forward the phishing email or URL to reportphishing@apwg.org.
Flagging warns people; it does not remove the page. For removal, go to the parties who control it — the next steps.
Step 3 — Find the registrar and host
Run a WHOIS lookup on the domain to find the registrar (who controls the domain name) and look up the hosting provider (who serves the content) — plus any CDN, such as Cloudflare, sitting in front. Note the Registrar Abuse Contact Email from WHOIS; for content takedowns you’ll also want the host’s abuse address.
Step 4 — Send the abuse reports (this is what removes it)
Email a clear, evidence-backed abuse report to the host and the registrar. State plainly that the site is phishing/impersonation, attach the URL, screenshot and timestamps, and request content removal or domain suspension. Responsive providers act within 24–72 hours; uncooperative or abuse-tolerant hosts can take weeks, or stall entirely.
Step 5 — Escalate — or hand it off
If the host or registrar stalls, escalate to the domain registry, the CDN abuse desk, and your national cybercrime centre (in Australia, ReportCyber and Scamwatch). This is also the point where many people decide their time is better spent elsewhere.
If you’d rather not chase abuse desks for days, a named senior analyst can do the whole job for you — flat $500 USD, neutralized within 72 hours of analyst approval (excluding weekends and public holidays) or your money back. Add the optional 30-day Watch ($900 total) and we take it down again at no extra charge if it reappears within your window.
Frequently asked questions
Does reporting a phishing site take it down?
Not by itself. Reporting to Google Safe Browsing or APWG gets the site flagged so browsers warn users, but the page stays live until the host removes the content or the registrar suspends the domain. Removal is a separate step — the abuse reports in Step 4.
How long does it take to remove a phishing site?
Browser warnings usually appear within hours of a blocklist report. Full removal depends on the host and registrar: responsive ones act in 24–72 hours; abuse-tolerant hosts can take weeks.
What if the host ignores me?
Escalate to the registry, the CDN, and your national cybercrime centre — or hand it to a senior analyst who deals with these desks daily and backs the result with a 72-hour money-back SLA.