Malware Reporting Guide

    How to Report a Malware Website

    Capture indicators of compromise, file with the right blocklists, and get the malicious file removed at the hosting layer: not just blocked in the browser.

    The 4-Step Malware Reporting Workflow

    Step 1

    Quarantine the URL

    Do not visit the page from your main browser. Use an isolated VM or sandbox (any.run, Hybrid Analysis) to capture the payload safely.

    Step 2

    Capture indicators of compromise

    Record the URL, the hosted file's SHA-256, dropper domains, C2 endpoints, and any obfuscated JavaScript. The more IoCs, the faster the takedown.

    Step 3

    Submit to malware blocklists

    File with URLhaus (abuse.ch), Google Safe Browsing, and PhishTank. In parallel submit to Blackwall so the host removes the file, not just flags the URL.

    Step 4

    Track and confirm

    Blackwall escalates to the hosting provider and the upstream network if the file is still served after 24h. The case is closed once the URL returns 404 or the host removes the bucket.

    Where to Report Malware Websites

    Each blocklist protects a different ecosystem. File in parallel for the broadest coverage.

    Blackwall
    Infrastructure

    Pushes the case to the hosting provider, registrar, and upstream ASN to disable the malicious file. You receive status updates until the URL returns 404.

    File on Blackwall

    URLhaus by abuse.ch

    The standard community database for malware-distribution URLs. Feeds dozens of security products and threat-intel platforms.

    urlhaus.abuse.ch

    Google Safe Browsing

    Adds the URL to Safe Browsing so Chrome, Gmail, and Android show interstitial warnings to anyone trying to download.

    safebrowsing.google.com

    Microsoft Security Intelligence

    Reports samples to Microsoft Defender for inclusion in the AV signature database. Best alongside the URL submission.

    microsoft.com/wdsi

    Frequently Asked Questions

    Found a website serving malware?

    Submit the URL in under two minutes. The Blackwall team handles the host correspondence so the file is removed, not just blocked.

    Cookie Notice

    We use cookies to ensure the functionality of our website. Necessary cookies are required for operation. Optional cookies help us improve our services. For more information, see our Privacy Policy.