How to report a phishing site to browsers and providers
Filing with Google Safe Browsing, Microsoft SmartScreen, Cloudflare, hosting providers, and CDNs to get a phishing site offline fast.
TL;DR
- 1Submit in parallel to Google Safe Browsing, Microsoft SmartScreen, Netcraft, PhishTank, and Cloudflare for fastest browser blocklist coverage.
- 2Each service has its own form; tracking which you've reported to per alert keeps you from double-filing or forgetting one.
- 3Browser blocklist coverage usually starts within 1-6 hours; deeper takedown (domain suspension) still requires the registrar.
What browser blocklist reporting does
Browser blocklists (Google Safe Browsing, Microsoft SmartScreen, Apple Safari) are the fastest practical way to stop a live phishing site. When a browser checks a URL against the blocklist and gets a hit, it shows a full-page red warning that most users won't click through. The phishing campaign's conversion rate collapses within hours.
These services accept community-submitted reports. Google Safe Browsing's submission form, Microsoft's SmartScreen form, and Netcraft's takedown service all process reports within hours. PhishTank crowd-validates reports; Cloudflare's abuse form null-routes the site at their edge.
Reporting to all of them in parallel covers the major browser markets. Tracking which services you've reported to (and which acknowledged) per phishing alert prevents double-filing and lets you escalate quickly to registrar takedown if the blocklists alone don't stop the campaign.
Where to report (in priority order)
- 1
Google Safe Browsing. Submit at
safebrowsing.google.com/safebrowsing/report_phish/?url=<url>. Covers Chrome, Firefox (uses GSB), Safari. Typical block time: 1-3 hours for clear phishing. - 2
Microsoft SmartScreen. Submit at
microsoft.com/en-us/wdsi/support/report-unsafe-site-guest. Covers Edge and SmartScreen-enabled Outlook clients. Typical block time: 2-6 hours. - 3
Netcraft. Either submit via their public form OR via their Report API v3 (PhishFence's one-click submission). Netcraft has a phishing-feed shared with browser vendors. Typical processing: minutes to hours.
- 4
PhishTank. Community-validated phishing database used by anti-phishing toolbars and security products. Submit at
phishtank.org/phish_submit.php. Goes live after community votes — usually 1-24 hours. - 5
Cloudflare (if applicable). If the site is fronted by Cloudflare, file at
abuse.cloudflare.com/phishing. They can null-route the request at their edge before the origin even sees the traffic. Resolution: hours to a few days. - 6
Track which services received your report. Per-alert. Without tracking you'll either double-file (annoys abuse teams) or forget a critical one (campaign keeps running on the un-reported channel).
Common pitfalls
Reporting only to one service. Each service has different coverage. Reporting only to GSB leaves Edge/Outlook users exposed; only to SmartScreen leaves Chrome users exposed.
Reporting too late. Most browser blocklists prefer to see EVIDENCE (a screenshot of the phishing page). If you report only the URL after takedown, the page is gone and the report gets deprioritized.
Not preserving evidence. Phishing sites disappear quickly (often within hours of reporting). Screenshot the page, capture the headers, save the page source BEFORE filing reports. Otherwise you can't substantiate a follow-up registrar complaint or UDRP later.
Forgetting to escalate to the registrar. Browser blocklists hide the site from browsers; they don't take down the domain. A persistent attacker can spin up a new URL on the same domain. Registrar abuse is the parallel track that addresses the domain itself.
Reporting innocuous lookalikes. Reporting registered-but-inactive lookalikes to browser blocklists wastes everyone's time. Reserve reports for sites with actual phishing content; the inactive ones go in the monitoring queue.