V4 Safe Browsing Lookup API and Accuracy

386 views
Skip to first unread message

Moussa Oumar

unread,
Aug 3, 2016, 11:57:01 AM8/3/16
to Google Safe Browsing API
Hello,

I am having issues getting accurate results from the Safe Browsing V4 Lookup API.

I just submitted 50 Phishing URLs to the API that I know are marked as phishing via Chrome.

However, when retrieving the results from the API, I only get 3 matches with  "threatType": "SOCIAL_ENGINEERING"

Is there a reason why all 50 URLs being returned as match? Anything that I might be doing wrong?

Here's a phishing site example that's not being picked up by the lookup API: webappscgilogindispatchcrn[.]com.levonlinepreview.net/PayPaUpdate%20Accountt/manage/23d23/home

-Google Chrome: Warning that this site might be a phishing.
- Transparency Report, Safe Browsing Site Status: Current Status says that the site is "partially dangerous"
- Safe Browsing V4 Lookup API: No matches. 

Do you guys know why this is happening, and how to possibly fix this?
Anything we might be doing wrong?

Thanks in advance,

--
Moussa 
Message has been deleted

Sean Cox

unread,
Aug 5, 2016, 1:25:23 PM8/5/16
to Google Safe Browsing API
Are you canonicalizing the URL? (Chrome would be.)

Moussa Oumar

unread,
Aug 5, 2016, 4:26:18 PM8/5/16
to Google Safe Browsing API
Hi Sean,

The Lookup API doesn't require the URL to bi canonicalized.

From the Documentation:

  • The HTTP POST request can include up to 500 URLs. The URLs must be valid (see RFC 2396) but they do not need to be canonicalized or encoded.

Also, since the server response included 3 matches, it probably means that the format is correct. 

Thanks! 
Message has been deleted

Dan O'Bryan

unread,
Aug 15, 2016, 8:50:07 PM8/15/16
to Google Safe Browsing API
i'm seeing the same behavior.  I have several sites that are flagged by google's safe browsing transparency report and by chrome, but are returning "safe" from the safebrowsing api.  I have tried both the lookup api and the update api using google's golang implementation.  Google is blocking me from posting urls, they are flagging my example urls and deleting my posts.  In all cases, the url is a simple one where the canonical url is just http://examplehost.com/, no path, so the queries are all using the canonical url.  Its not finding the majority of the urls I've tested in the safebrowsing api that are being flagged by chrome and google's safe browsing transparency page.
Reply all
Reply to author
Forward
0 new messages