How to Report a Malware Website
Capture indicators of compromise, file with the right blocklists, and get the malicious file removed at the hosting layer: not just blocked in the browser.
The 4-Step Malware Reporting Workflow
Quarantine the URL
Do not visit the page from your main browser. Use an isolated VM or sandbox (any.run, Hybrid Analysis) to capture the payload safely.
Capture indicators of compromise
Record the URL, the hosted file's SHA-256, dropper domains, C2 endpoints, and any obfuscated JavaScript. The more IoCs, the faster the takedown.
Submit to malware blocklists
File with URLhaus (abuse.ch), Google Safe Browsing, and PhishTank. In parallel submit to Blackwall so the host removes the file, not just flags the URL.
Track and confirm
Blackwall escalates to the hosting provider and the upstream network if the file is still served after 24h. The case is closed once the URL returns 404 or the host removes the bucket.
Where to Report Malware Websites
Each blocklist protects a different ecosystem. File in parallel for the broadest coverage.
BlackwallInfrastructure
Pushes the case to the hosting provider, registrar, and upstream ASN to disable the malicious file. You receive status updates until the URL returns 404.
File on BlackwallURLhaus by abuse.ch
The standard community database for malware-distribution URLs. Feeds dozens of security products and threat-intel platforms.
urlhaus.abuse.chGoogle Safe Browsing
Adds the URL to Safe Browsing so Chrome, Gmail, and Android show interstitial warnings to anyone trying to download.
safebrowsing.google.comMicrosoft Security Intelligence
Reports samples to Microsoft Defender for inclusion in the AV signature database. Best alongside the URL submission.
microsoft.com/wdsiFrequently Asked Questions
Found a website serving malware?
Submit the URL in under two minutes. The Blackwall team handles the host correspondence so the file is removed, not just blocked.
