3

Following instructions here, the following code appears to return good results on the example sites, but on an actual phishing site (https://www.clicktrackingsall.com/a.php) it returns empty:

const axios = require('axios');
const apikey = '<apikey>';
const req = (uri) => `https://webrisk.googleapis.com/v1/uris:search?key=${apikey}&threatTypes=MALWARE&threatTypes=SOCIAL_ENGINEERING&threatTypes=UNWANTED_SOFTWARE&uri=${encodeURIComponent(uri)}`
const checkUrl = async (url) => {
    return axios.get(req(url));
}

// returns threatTypes: [ 'SOCIAL_ENGINEERING' ]
checkUrl('http://testsafebrowsing.appspot.com/s/phishing.html').then(({data}) => console.log(data));

// returns threatTypes: [ 'MALWARE' ]
checkUrl('http://testsafebrowsing.appspot.com/s/malware.html').then(({data}) => console.log(data));

// returns empty result
checkUrl('https://www.clicktrackingsall.com/a.php').then(({data}) => console.log(data));

When navigating to the page with chrome, it does block it. Using the google transparency report also returns phishing.

Also occurs when using the Safe Browsing api 

const axios = require('axios');
const url = 'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=<yourapikey>';
const jsonReq = {
    "client": {
    "clientId":      "<client-id>",
    "clientVersion": "<client-version>"
  },
  "threatInfo": {
    "threatTypes":      [ "MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE", "POTENTIALLY_HARMFUL_APPLICATION"],
    "platformTypes":    ["ANY_PLATFORM"],
    "threatEntryTypes": ["URL","EXECUTABLE"],
    "threatEntries": [
        {"url":"http://testsafebrowsing.appspot.com/s/phishing.html"},
        {"url":"http://testsafebrowsing.appspot.com/s/malware.html"},
        {"url":"https://www.clicktrackingsall.com/a.php"},
        {"url":"http://getnetflix.club/"}
    ]
  }
};
axios.post(url, jsonReq).then(result => {
    console.log(JSON.stringify(result.data, null, 2));
})

/* prints:
{
  "matches": [
    {
      "threatType": "SOCIAL_ENGINEERING",
      "platformType": "ANY_PLATFORM",
      "threat": {
        "url": "http://testsafebrowsing.appspot.com/s/phishing.html"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    },
    {
      "threatType": "MALWARE",
      "platformType": "ANY_PLATFORM",
      "threat": {
        "url": "http://testsafebrowsing.appspot.com/s/malware.html"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    }
  ]
}*/

Am I doing something wrong?

orirab
  • 2,915
  • 1
  • 24
  • 48
  • Sorry, no luck... We ended up not using this. – orirab Feb 21 '22 at 18:54
  • As mentioned in documents of [Web Risk](https://cloud.google.com/web-risk/docs/overview), “Google cannot guarantee that its information is comprehensive and error-free: some risky sites may not be identified, and some safe sites may be classified in error”. – Fariya Rahmat Feb 23 '22 at 08:37

1 Answers1

0

I got the same result, it returns empty: {} in CURL

except only their own example, as I tried to change url or threatTypes It return nothing.

curl -X GET \ 
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
""https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html""
Tung Dmctv
  • 1
  • 1
  • 2