One case, every responsible channel
We don't rely on a single point of failure. Each case is filed with every party able to act — in parallel — so removal doesn't stall when one provider is slow. Here is who we contact and what we ask of each.
Registrars
The sponsoring registrar can suspend an abusive domain outright. We file an evidence-led notice citing the breach of their registration and acceptable-use policy, and ask them to preserve registrant and payment records for any subsequent law-enforcement request.
Hosting providers
The host of the origin server can remove the content directly. Where a legitimate site has been compromised and is being used as a front, we send a courtesy security notice so the owner can clean and secure it rather than be penalised.
CDNs & networks
When a site hides behind a CDN, we route to the provider's trust & safety team, request disclosure of the origin IP, and ask for a phishing interstitial where supported — all through their published abuse process, never by attempting to unmask the origin ourselves.
Browser blocklists
Blocklisting protects users before the domain itself comes down. We submit confirmed phishing and impersonation URLs to the major safe-browsing and anti-phishing feeds that browsers consume, so visitors get an interstitial warning quickly.
Search engines
Cloaking and brand impersonation are direct search-quality and policy violations. We report them so the impersonation loses the ranking it was built to steal, and we file copyright-removal requests where the page reproduces a brand's protected content.
More than 90 reporting lanes, applied case by case
No case uses every lane — each one receives the subset that can actually act on it. This is the surface we file across, grouped by what each lane does to the abuse:
Infrastructure — where it lives
Registrar abuse desks (suspension + record preservation), hosting providers (origin removal), CDN trust & safety (interstitial, origin disclosure), DNS resolver blocklists, and certificate-authority misuse reports.
Search & browsers — where it's found
Google Safe Browsing and Microsoft SmartScreen, search policy and copyright removals, and the browser ecosystems that surface warnings — Mozilla, Brave, Opera, DuckDuckGo and others.
Security vendors & intel — how it's flagged
Netcraft and the major AV reputations (Norton, McAfee, ESET, Kaspersky, Trend Micro, Sucuri), plus open intelligence feeds — VirusTotal, urlscan.io, PhishTank, OpenPhish, URLhaus, AlienVault OTX, ThreatFox — that hundreds of downstream blocklists consume.
Money & distribution — how it profits
Where a case exposes the cash-out or spread path: card-network and PSP fraud desks, crypto-exchange compliance, app stores, messaging-platform trust & safety, URL-shortener abuse and mailbox-provider abuse desks.
Channel, request, outcome
| Channel | What we ask for | Typical outcome |
|---|---|---|
| Registrar | Suspend the domain; preserve records | Domain suspended |
| Hosting provider | Remove origin content; notify owner if compromised | Content removed at source |
| CDN / network | Trust & safety review; origin disclosure; interstitial | Interstitial / origin exposed |
| Browser blocklists | Blocklist the confirmed phishing URL | Browser warning for users |
| Search engines | Action cloaking / impersonation; copyright removal | Delisted / demoted |
One report. Every channel covered.
Send us a URL and we file it everywhere that can act — and follow up until it's down.