Re: Request TRUSTED_REPORTER access for Safe Browsing API reporting (threatHits.create)

[Yuki]

This is the mailing list, not the contact mail.

On Monday, 16 February 2026 at 20:47:48 UTC+1 Rhett Ermis wrote:

Hi Safe Browsing team,

I’m requesting TRUSTED_REPORTER visibility for my Google Cloud project so I can use the Safe Browsing v4 reporting method `threatHits.create` for reporting of confirmed phishing URLs.

• Project name: scam-sentry
• Project number: 135608245032
• Website: https://scam-sentry.com/
• Chrome Web Store listing: https://chromewebstore.google.com/detail/scam-sentry/ehbojhgbiodfbockddehghckdbobnekl?hl=en

Scam Sentry is a website + browser extension focused on identifying and tracking fraudulent checkout pages and credential-harvesting pages. We only report URLs when we have strong demonstrable evidence (screen captures, content fingerprint, and a saved email source or redirect-chain).

Estimated volume: 10-100 per day
Contact email: rh...@richardlerma.com

Thank you.

[Yuki]

You're looking for https://console.cloud.google.com/support

[Google Safe Browsing API]

Hi,

The threatHits.create method will soon be deprecated. Feel free to share more about your use case to determine which APIs may be a good fit.

Thanks!

[Rhett Ermis]

  We need a supported, fully automated way to submit confirmed phishing URLs to Google (not lookup). If threatHits.create is being deprecated, what is the replacement endpoint or program for automated phishing reporting? We currently archive all phishing evidence including email source (if applicable), screenshots and redirect chains, but would like a way to contribute to safe browsing.

[Google Safe Browsing API]

Hi,

The Web Risk Submission API may be appropriate for this use case: https://docs.cloud.google.com/web-risk/docs/submission-api

[John Bambenek]

I’m a security researcher, it seems that this particular endpoint is for google cloud customers. Is there something an external researcher could use?

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/google-safe-browsing-api/1be56251-bc7e-4c50-9452-298f89488835n%40googlegroups.com.

[Google Safe Browsing API]

Hi! Unfortunately there is no public threat reporting API available at this time. We recommend using the public URL submission form to share potentially unsafe URLs with the Safe Browsing team for further assessment: https://safebrowsing.google.com/safebrowsing/report-url).

[Thomas Moore]

Why am I receiving this totally unknown email repeatedly? I have no damn idea of what these emails are referring to. 

Thomas Moore

To view this discussion visit https://groups.google.com/d/msgid/google-safe-browsing-api/ac9fe1ee-0e17-4650-917b-bcb94830bbd3n%40googlegroups.com.

[Sherrie Anne Aquino]

🔹Rhett requested TRUSTED_REPORTER access for the now deprecated threatHits.create API.

🔹Google recommended the Web Risk Submission API, but only the public form is for external users.

To view this discussion visit https://groups.google.com/d/msgid/google-safe-browsing-api/CAOkKqu3GnOU%2BHbvezMQXvOgLtXF2ingBmqnAoZKqq9T1eiXMdg%40mail.gmail.com.