I took the following from gotphish.com (a security professionals project)
Report phishing website:
Right-click the link in the phishing email, and copy the hyperlink. Do not click the link, which is less useful to security companies.
urlscan.io - Quickly get a screenshot and redirects (run by @heipi)
UrlQuery.net - Get screenshot, analyze for known risks, create public record (run by @urlquery)
CheckPhish.ai - Phishing detection engine (run by RedMarlin)
phishcheck.me - Custom phishing detection engine
VirusTotal - Checks against multiple blacklists
any.run: Remotely download and interactively sandbox analyze arbitrary file downloads (run by @anyrun_app)
Google - Block in Chrome, Firefox, Android, iPhone, Google, and more
Microsoft - Block in Edge, Office 365, and Internet Explorer
NetCraft - Send to computer security companies
Symantec - Submit to Norton
Blue Coat - Symantec has not yet integrated with Norton submission
McAfee - Select real-time, click Check, and click Submit at the bottom
Webroot BrightCloud - Provides data to PaloAlto firewalls, many others.
Cisco PhishTank - Wide distribution, but requires registration.
CIRCL - Shares with European partners, lookup and click "Send report to CIRCL"
Report phishing/file hosting abuse directly:
bit.ly: Report spam
goo.gl: Report spam
is.gd: Report spam
x.co: Report abuse
tiny.cc: Report abuse
000webhost.com: Report abuse
SugarSync: support [at] sugarsync.zendesk.com
Weebly: Report spam
Wix: Report spam
Extra-credit phishing reporting:
To representative organizations:
Financial companies - FS-ISAC
Universities - REN-ISAC
If you have a Twitter account, message these people the link (add a space somewhere so clicking it doesn't work). They are high-powered researchers with lots of connections who track down clues and shut down entire constellations of fraud. Like computer Batman.
Other malware tools:
any.run: Interactive sandbox for arbitrary files
IRIS-H: Analyze Office, RTF, LNK
sekoia: Broad frontend to multiple analysis tools
quicksan.io: Analyze Office documents
cryptam: Analyze Office documents
PDFExaminer: Analyze PDF files
VirusTotal.com (Shares reports publicly, shares files with Premium subscribers)
Hybrid-Analysis.com (Shares reports and files publicly, uses Payload Security's VxStream sandbox)
Malwr.com (Shares reports and files publicly)
Microsoft (Select 'Home User')
Webroot (Detections and threat intelligence go to multiple other products)
ClamAV (Especially for files that came through email, used in many spam filters)
Report phishing/spam text (SMS) message:
Copy the contents of the spam SMS and paste it into a message to this four-digit number. This reports it to your phone company so they can search for who sent it and block them. Don't click the link, it could be dangerous!
7 7 2 6 ( S - P - A - M )
On iPhone: Hold your finger on the message, tap "More...", tap the Forward icon in the bottom right of the screen.
Report unsolicited calls and SMS
Use the form on SpamResponse.
Report abuse to website hosts:
Find who hosts the website with WhoIsHostingThis and search Google for "webhost + abuse" to find their complaint contact information.
RiskIQ PassiveTotal (requires registration)