Frequently asked questions
What ClearPhish is, how we work, and how to confirm a notice really came from us. Still unsure? Write to abuse@clearphish.org.
What is ClearPhish? +
ClearPhish is a brand-protection and anti-phishing monitoring team. We act on behalf of the rights holders whose brands we are authorized to protect, detecting impersonation and phishing and coordinating its removal with the responsible providers.
Are you affiliated with the brands you report about? +
We act for the brands we are authorized to protect. We are not affiliated with the abusive sites we report, and we never impersonate any provider, brand or authority in our notices.
How do you verify abuse before reporting it? +
We independently reproduce each case and capture the HTTP evidence — request metadata and rendered HTML — before filing. Where a site cloaks its content, we capture both the decoy shown to ordinary browsers and the abusive page served to search-engine crawlers, and we include a one-line command the reviewer can run to see it themselves. See our evidence & methodology.
What happens after I report something to you? +
We aim to acknowledge within two business days. If the report checks out, we attribute the responsible registrar, host and CDN, file evidence-led notices through their official channels, submit the URL to the relevant blocklists, and follow up until the content is removed. The full workflow is on How it works.
How fast do takedowns happen? +
It depends on the provider. Browser blocklisting can protect users within hours; registrar or host suspension can take longer. Filing with every responsible channel in parallel — rather than waiting on one — is what keeps removal from stalling.
How do I confirm a notice really came from ClearPhish? +
Genuine notices come only from abuse@clearphish.org on this domain. We never ask recipients for credentials, payment or account access — a real notice only asks the responsible provider to review the reported URL against their own acceptable-use policy. See the Abuse & Reports page and our security.txt.
Can a provider request the underlying evidence? +
Yes. We retain the captured HTTP responses for each case and provide them to the reviewing registrar, host, CDN or other party able to act, on request. Reply to the original notice or write to abuse@clearphish.org with the report reference.
How do you handle a compromised legitimate site? +
When a real site has been hacked and used as a front, we send a courtesy security notice to its host and owner so they can clean and secure it, rather than treating the victim as the offender. The abusive domains relying on it are reported separately.
Do you ever access or disrupt the sites you report? +
No. We only observe what any visitor or search engine would see, and we report through providers' official, published abuse channels. We do not attempt to access, alter or disrupt third-party systems, and we don't try to defeat any provider's security controls.
Does this website track me? +
No. clearphish.org uses no cookies, no analytics and no third-party scripts. The site loads no JavaScript at all.
Didn't find your answer?
Reach the team directly — we aim to acknowledge within two business days.