How to report a malicious website (step-by-step)

JSsec Security TeamPublishedFebruary 22, 2026UpdatedMarch 6, 2026TopicIncident Reporting
Share on XShare on LinkedIn

Threat analysts and researchers sharing practical guidance on phishing response, digital risk monitoring, and incident workflows.

Reporting a malicious website is one of the most effective ways to speed up phishing takedowns and reduce user risk.

However, the quality of your report directly affects how quickly action is taken. Clear, structured evidence makes reports easier to validate, faster to triage, and more likely to result in removal.

This guide provides a step-by-step checklist you can use to report phishing websites, brand impersonation, and other malicious content.

Reporting a malicious website

How to report a malicious website (quick answer)

  1. Capture the full phishing URL(s) and timestamps
  2. Take screenshots of credential capture or impersonation
  3. Identify where to report (hosting provider or platform)
  4. Submit a clear, structured report with evidence
  5. Track and verify removal

Why good reporting speeds up takedowns

Reviewers need to quickly confirm that a page is malicious and take action.

A high-quality report reduces ambiguity and speeds up decision-making.

Include:

  • exact URLs (including login or credential capture paths)
  • timestamps and discovery context
  • screenshots showing impersonation or suspicious behaviour
  • any details linking the page to your organisation

The clearer your report, the faster it can be processed.

Step-by-step checklist for reporting a malicious website

1. Confirm the URL(s) you want to report

Capture the full URL(s), including any paths that lead to credential capture.

If multiple pages are involved, record each one.

Avoid interacting with the page—treat it as evidence.

2. Capture evidence safely

Collect:

  • screenshots of the phishing or impersonation content
  • timestamps of discovery
  • visible branding or messaging linked to your organisation

If the page redirects, document the full path and destination.

3. Identify where to report the website

Focus on control points that can remove or disable the content:

  • hosting providers serving the page
  • platforms used to distribute or advertise the scam
  • abuse reporting channels linked to the infrastructure

If you want a central starting point, begin via report.

4. Write a clear, actionable report

Structure your report so it is easy to review:

  • describe the type of threat (phishing, impersonation, credential capture)
  • explain what the page is asking users to do
  • show how it relates to your organisation
  • include exact URLs and timestamps

This reduces back-and-forth and speeds up validation.

5. Submit and track progress

After submitting:

  • record submission date and time
  • track where reports were sent
  • keep any reference or ticket numbers

Then verify whether the page has been removed.

What to do after reporting a phishing website

Reporting is only the first step. Attackers often return with new domains or updated infrastructure.

To reduce repeat exposure:

If you need help coordinating across teams, use contact.

FAQ

What if the website looks legitimate but feels suspicious?

If the page is requesting credentials or impersonating your organisation, report it with supporting evidence. It is better to act early than delay.

Should we include sensitive data in reports?

Only include what is necessary to validate the threat. Do not enter credentials or expose unnecessary information.

How do we confirm a takedown is successful?

Check the exact URLs you reported and confirm that credential capture pages are no longer accessible. Monitor for replacements or new variants.

Need help reporting and removing malicious websites?

Effective reporting is critical, but coordinating takedowns across multiple platforms can be complex.

Our takedown service helps structure reporting, accelerate removal, and monitor for reappearance.

Next steps