How to Report and Take Down a Phishing Website
Finding a fake or phishing site that impersonates your brand is alarming — but that site is not permanent. It can be reported and taken offline. This guide covers the DIY reporting path you can run yourself and when a domain takedown service is the faster route, especially if the fake site is actively stealing your customers’ logins or payments right now.
Need a phishing site taken down?
Hand the evidence to a professional team that works directly with registrars and hosts to remove impersonating sites — and monitors for repeat attacks.
Step 1: Document the evidence
Phishing sites are deliberately short-lived, so capture proof before it disappears. Abuse teams act faster when you hand them a complete, timestamped record instead of a bare complaint. Collect:
- A scan report. Scan the URL to capture an independent verdict and the reasons behind it. A dated Safe / Suspicious / Malicious report is strong evidence to attach to your abuse complaint.
- The full URL — the complete link, including any subdomain and path, exactly as it appears. Save it as text so it isn’t lost.
- Screenshots of the fake page, especially the copied logo, login form, or checkout that makes the impersonation obvious.
- Timestamps for when you observed the site — abuse teams and registrars want to know the content was live.
- What it impersonates — note your brand, the specific product or login it copies, and any way it is being distributed (email, SMS, ads).
Step 2: Identify the host and registrar
To get a site removed you have to know who can remove it. Two parties matter: the domain registrar (the company the domain was registered through) and the hosting provider (where the page is actually served from). You report the abuse to both.
- Find the registrar with a WHOIS lookup on the domain. WHOIS shows the registrar and, in many cases, an abuse contact you can write to directly.
- Find the host by resolving the site’s IP address and identifying which network or hosting company owns it — that tells you whose abuse desk to contact.
You can gather all of this — WHOIS, registrar, hosting IP, and network owner — in one place with domain intelligence, then report to the registrar and the hosting provider’s abuse contact.
Step 3: Report it to the right places
Report the phishing domain to several places at once rather than waiting on any single one. The more channels flag it, the faster it comes down — and browser warnings can appear well before the site is fully removed.
- The domain registrar’s abuse team. Send them the WHOIS-listed registrar abuse address with your evidence. Impersonation and phishing violate their terms, and they can suspend the domain.
- The hosting provider’s abuse contact. The host can pull the content even if the domain stays registered. Include the offending URL and IP.
- Google Safe Browsing. Report the phishing page so browsers begin showing a red warning to anyone who visits — this protects users fast, often within hours, even before the site is taken down.
- The APWG. Forward the phishing link and message to
[email protected], the Anti-Phishing Working Group, which feeds industry blocklists. - Cloudflare abuse (if proxied). If the site sits behind Cloudflare, submit its abuse form so the request reaches the real host too.
- The impersonated brand’s official channel. If the fake targets another company (or if you are reporting on behalf of one), notify that brand’s security or abuse channel so it can escalate through its own relationships.
Reporting to Safe Browsing in particular is worth doing first: it gets a warning shown to users quickly, buying you protection while the registrar and host process the removal.
Step 4: Use a domain takedown service for speed
The DIY path works, but it is slow and repetitive — and if a fake site is actively harvesting your customers’ credentials, every hour counts. A domain takedown service does the heavy lifting for you:
- Professional abuse handling — it writes the reports the way abuse teams expect, so they don’t bounce or stall.
- Direct registrar and host relationships — established contacts and trusted-reporter status move a request to the front of the queue.
- Evidence packaging — scan verdicts, screenshots, WHOIS, and hosting details bundled into a complete, credible case.
- Monitoring for re-registration — when the same actor spins up a new look-alike domain, it’s caught and actioned again.
For a business, this is usually far faster than doing it yourself. See the domain takedown service to hand off the whole process.
How long does a takedown take?
Timelines depend on who is involved, but realistic ranges look like this:
- Browser warnings: within hours. Once Google Safe Browsing confirms a report, browsers can start warning visitors the same day — even before the page is gone.
- Full removal: days to weeks. Suspending the domain or pulling the content depends on how responsive the registrar and host are. Cooperative providers act in a day or two; slower or offshore ones can take weeks.
A takedown service shortens the long tail: correct evidence and trusted-reporter channels mean fewer back-and-forths and faster action from the parties that matter.
Prevent repeat attacks
Taking one site down rarely ends it — the same actor often re-registers a similar domain days later. Get ahead of the next attempt:
- Monitor for look-alike domains. Watch for new registrations that mimic your brand with typos, hyphens, or alternate TLDs, so you catch a clone before it goes live.
- Watch for new impersonations. Ongoing brand protection monitoring surfaces fresh fakes and feeds them straight into the takedown process.
- Verify suspicious links. Use the phishing link checker on links your customers or staff report, so you can confirm and document a new fake fast.
And if you find yourself running these steps every week because the same brand keeps getting spoofed, that is the sign to stop reporting sites one at a time — let a dedicated platform automate the evidence-gathering, escalation, and re-reporting instead of repeating this process by hand.
Frequently asked questions
How do I get a phishing site taken down?
Document the evidence (URL, screenshots, timestamps), find where the site is hosted and who registered the domain, then report it to the domain registrar's abuse team, the hosting provider's abuse contact, and Google Safe Browsing. For speed, a domain takedown service like the one at urlscans.com/takedown-service handles the abuse reporting and registrar/host escalation on your behalf.
How long does a domain takedown take?
It varies. Google Safe Browsing can start warning users in browsers within hours of a confirmed report, even before the page is removed. Full removal of the domain or content typically takes anywhere from a day to a few weeks, depending on how responsive the registrar and host are. A domain takedown service shortens this because it uses established abuse channels and packages the evidence correctly the first time.
Who do I report a phishing domain to?
Report a phishing domain to several places at once: the domain registrar's abuse team, the hosting provider's abuse contact, Google Safe Browsing, the APWG ([email protected]), Cloudflare's abuse form if the site is proxied through Cloudflare, and the official channel of the brand being impersonated. Reporting to Safe Browsing gets a warning shown to users quickly, even before the site is fully removed.
What is a domain takedown service?
A domain takedown service is a professional service that gets malicious sites removed on your behalf. It handles the abuse reporting, uses direct relationships with registrars and hosting providers, packages the evidence the way abuse teams expect, and monitors for the same actor re-registering a look-alike domain. For a business, it is usually faster and less time-consuming than doing it yourself. You can start one at urlscans.com/takedown-service.
Can I take down a fake site impersonating my brand?
Yes. A fake or phishing site that copies your brand, logo, or login page violates the acceptable-use policies of virtually every registrar and host, and impersonation is grounds for removal. Gather evidence that shows the impersonation, report it to the registrar, host, and Safe Browsing, or hand it to a domain takedown service at urlscans.com/takedown-service to get the fake site removed and watched for repeat attempts.
Get a phishing or fake site taken down
Hand the evidence to a team that works directly with registrars and hosts to remove impersonating sites — and keeps watch for repeat attacks.
Domain takedown service