Contents
Before you start
Whether the phishing site impersonates your brand or you simply found one, the removal path is the same: prove it is abusive to the party that controls it, and ask them to act. Two ground rules first. Do not enter any credentials or interact with the page, and do not try to "hack back" — capture what you need and report it. If you are not sure a link is malicious, run it through a phishing URL checker before anything else.
1. Confirm and capture evidence
Verify the page is live and is genuinely impersonating a brand (a fake login, payment, or support page). Then capture a defensible evidence record while it is up, because phishing sites are often short-lived:
- The full URL and a timestamped screenshot of the page.
- The resolved IP address and any redirect chain.
- The brand being impersonated and what the page is trying to steal.
2. Find the host and registrar
You need two parties: who hosts the page and who registered the domain. Use an ICANN domain lookup for the registrar and registration date, and a host/IP lookup for the hosting provider or CDN. Note whether the domain looks malicious-by-registration (a brand-new lookalike domain) or is a hacked legitimate site — the ask differs: suspend the domain in the first case, clean the injected page in the second.
3. Report to the host and CDN
The host can pull the page fastest. Send your evidence to the provider's abuse address (usually abuse@<provider> or an abuse web form), state clearly that it is a phishing page violating their acceptable-use policy, and include the exact URL. If a CDN like Cloudflare sits in front, report through the CDN's abuse process too — they will forward to the origin host and can flag the page.
4. Report to the registrar
In parallel, report the domain to its registrar's abuse contact. For a domain that exists only to phish, registrar suspension kills every page on it at once — a stronger lever than removing a single URL. Reference the brand-rights claim and the consumer harm. For clear trademark abuse that a registrar will not action, the formal route is UDRP.
5. Add it to browser blocklists
Even before the page comes down, blocklists protect users by showing a warning in their browser. Report the URL to:
- Google Safe Browsing — protects Chrome, Firefox, and Safari users.
- Microsoft (SmartScreen) — protects Edge users.
- APWG — shares the report across the anti-phishing ecosystem.
6. Escalate and watch for recycling
If the host or registrar stalls, escalate to the upstream provider or registry, and keep your evidence and ticket numbers organized. After the page is down, the job is not over: most actors recycle, standing a new page up on fresh infrastructure within hours. Watch the actor's nameservers and page fingerprints so you catch the next one — the metric that captures this is the recycle rate.
When to use a service
Doing this once is manageable. Doing it for a brand that is targeted weekly is a full-time job — which is why most organizations move to a phishing takedown service or run it inside brand protection software. A platform automates the detection, evidence, and parallel submission, and tracks recycling for you. See automated takedowns for how that looks end to end, and the broader online brand protection guide for the full program.
FAQs
How long does it take to remove a phishing site? From under an hour to a few days, depending on how responsive the host and registrar are. Submitting clean evidence to the host, the registrar, and blocklists at the same time is the fastest path.
Who do I report a phishing website to? The hosting provider, the domain registrar, and browser blocklists (Google Safe Browsing, Microsoft SmartScreen, APWG). Report to all of them in parallel.
What if the phishing site is on a hacked legitimate website? Report it to the site owner and their host as a compromise, not a malicious-domain takedown — the goal is to clean the injected page, not suspend the whole domain.
Can I take down a site impersonating my brand on social media or an app store? Yes, through the platform's trust-and-safety reporting — see social monitoring and app store monitoring.
Where to report
- Google Safe Browsing — report a phishing page
- Microsoft — report an unsafe site
- APWG — report phishing
- ICANN — domain (registrar) lookup
On PhishEye: phishing & scam protection, automated takedowns, and the free phishing URL checker. Targeted often? Start free, book a demo, or contact sales.