- you can report them to
community projects like Phishtank (they get used by opendns and others)
- you can find a local LE provided website where you can report it (not sure what your local would be but Australia has https://www.scamwatch.gov.au/ for example)
- you can contact their hosting/DNS provider by checking the whois entry for the domain and the resolved IP
- you can report them to industry big names like Google (through safe browsing https://safebrowsing.google.com/safebrowsing/report_phish/?h...)
- you can report them to community projects like Phishtank (they get used by opendns and others)
- you can find a local LE provided website where you can report it (not sure what your local would be but Australia has https://www.scamwatch.gov.au/ for example)