What happens after you submit a phishing report

After you submit a report, it enters the review queue and is checked for completeness. If key details are missing, support may ask for clarification before action can continue.

Once the report is validated, the case is triaged based on risk and evidence quality. Reports tied to active credential theft, wallet drain activity, or large distribution channels are usually escalated quickly.

The takedown phase depends on where the content is hosted and who controls that infrastructure. Some providers respond fast, while others require additional notice cycles or legal review. That is why two similar reports can have different timelines.

You might be contacted if more evidence is needed. If you receive a follow up, replying with direct answers and relevant files helps keep the case moving.

When action is completed, the case is closed. In some situations a site may reappear on new infrastructure, and that is considered a new incident. If that happens, submit a new report with the updated link and evidence.