Web Risk Lists

This document applies to the following methods:

• Lookup API: uris.search
• Update API: hashes.search
• Update API: threatLists:computeDiff

About the lists

The Web Risk lists also referred to as threat lists or simply lists are Google's constantly updated lists of unsafe web resources. Examples of unsafe web resources are social engineering sites like phishing and deceptive sites, and sites that host malware or unwanted software.

Threat types

Each Web Risk list is named (identified) using a threatType.

List contents

Currently, all Web Risk lists consist of variable length SHA 256 hashes between 4 and 32 bytes. These hashes are based on the suffix/prefix expressions of the URLs associated with unsafe web resources. Note that the URLs themselves are not stored in the Web Risk lists. For more information, see URLs and Hashing.

When using the Lookup API to check URLs, the client sends the actual URL in the request and the Web Risk server converts the URL to a hash before performing the check. For additional details, see Checking URLs for the Lookup API.

When using the Update API to check URLs, the client must convert the URL to a hash and then send the hash prefix in the request to perform the URL check. See Checking URLs for more information about checking URLs with the Update API.