Sometimes the console does tell you which URL they found malicious content at.
However, if they detect you doing dodgy things like trying to cloak from their scanner (eg. giving bad content when given a browser user agent from a home internet IP range, but not when scanned by googlebot from a google datacenter), then they won't give the URL because that would leak what IP range they scan from to detect such cloaking.
If we let Google design our criminal justice system, the accused would never be informed of what crime they broke because that would "help criminals get away with it"
>Maybe I would feel better if there had been more transparency in the process. I was left to guess what Google thought was deceptive about my site.