Method: projects.uris.submit

Submits a URI suspected of containing malicious content to be reviewed. Returns a google.longrunning.Operation which, once the review is complete, is updated with its result. You can use the Pub/Sub API to receive notifications for the returned Operation. If the result verifies the existence of malicious content, the site will be added to the Google's Social Engineering lists in order to protect users that could get exposed to this threat in the future. Only allowlisted projects can use this method during Early Access. Please reach out to Sales or your customer engineer to obtain access.

HTTP request

POST https://webrisk.googleapis.com/v1/{parent=projects/*}/uris:submit

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. The name of the project that is making the submission. This string is in the format "projects/{project_number}".

Request body

The request body contains data with the following structure:

JSON representation
{
  "submission": {
    object (Submission)
  },
  "threatInfo": {
    object (ThreatInfo)
  },
  "threatDiscovery": {
    object (ThreatDiscovery)
  }
}
Fields
submission

object (Submission)

Required. The submission that contains the URI to be scanned.

threatInfo

object (ThreatInfo)

Provides additional information about the submission.

threatDiscovery

object (ThreatDiscovery)

Provides additional information about how the submission was discovered.

Response body

If successful, the response body contains an instance of Operation.

Authorization Scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Submission

Wraps a URI that might be displaying malicious content.

JSON representation
{
  "uri": string,
  "threatTypes": [
    enum (ThreatType)
  ]
}
Fields
uri

string

Required. The URI that is being reported for malicious content to be analyzed.

threatTypes[]

enum (ThreatType)

Output only. ThreatTypes found to be associated with the submitted URI after reviewing it. This might be empty if the URI was not added to any list.

ThreatInfo

Context about the submission including the type of abuse found on the URI and supporting details.

JSON representation
{
  "abuseType": enum (AbuseType),
  "threatConfidence": {
    object (Confidence)
  },
  "threatJustification": {
    object (ThreatJustification)
  }
}
Fields
abuseType

enum (AbuseType)

The type of abuse.

threatConfidence

object (Confidence)

Confidence that the URI is unsafe.

threatJustification

object (ThreatJustification)

Context about why the URI is unsafe.

AbuseType

The abuse type found on the URI.

Enums
ABUSE_TYPE_UNSPECIFIED Default.
MALWARE The URI contains malware.
SOCIAL_ENGINEERING The URI contains social engineering.
UNWANTED_SOFTWARE The URI contains unwanted software.

Confidence

Confidence that a URI is unsafe.

JSON representation
{

  // Union field value can be only one of the following:
  "score": number,
  "level": enum (ConfidenceLevel)
  // End of list of possible types for union field value.
}
Fields

Union field value.

value can be only one of the following:

score

number

A decimal representation of confidence in the range of 0 to 1 where 0 indicates no confidence and 1 indicates complete confidence.

level

enum (ConfidenceLevel)

Enum representation of confidence.

ConfidenceLevel

Enum representation of confidence.

Enums
CONFIDENCE_LEVEL_UNSPECIFIED Default.
LOW Less than 60% confidence that the URI is unsafe.
MEDIUM Between 60% and 80% confidence that the URI is unsafe.
HIGH Greater than 80% confidence that the URI is unsafe.

ThreatJustification

Context about why the URI is unsafe.

JSON representation
{
  "labels": [
    enum (JustificationLabel)
  ],
  "comments": [
    string
  ]
}
Fields
labels[]

enum (JustificationLabel)

Labels associated with this URI that explain how it was classified.

comments[]

string

Free-form context on why this URI is unsafe.

JustificationLabel

Labels that explain how the URI was classified.

Enums
JUSTIFICATION_LABEL_UNSPECIFIED Default.
MANUAL_VERIFICATION The submitter manually verified that the submission is unsafe.
USER_REPORT The submitter received the submission from an end user.
AUTOMATED_REPORT The submitter received the submission from an automated system.

ThreatDiscovery

Details about how the threat was discovered.

JSON representation
{
  "platform": enum (Platform),
  "regionCodes": [
    string
  ]
}
Fields
platform

enum (Platform)

Platform on which the threat was discovered.

regionCodes[]

string

CLDR region code of the countries/regions the URI poses a threat ordered from most impact to least impact. Example: "US" for United States.

Platform

Platform types.

Enums
PLATFORM_UNSPECIFIED Default.
ANDROID General Android platform.
IOS General iOS platform.
MACOS General macOS platform.
WINDOWS General Windows platform.