1

Despite that I check a malicious URL (http://fileserver03.com), empty response returns from Google Safe Browsing API v4.

Here is the code I have tried:

String postURL = https://safebrowsing.googleapis.com/v4/threatMatches:find?key=API_KEY

String requestBody = "{" +
        "    \"client\": {" +
        "      \"clientId\":      \"twittersentidetector\"," +
        "      \"clientVersion\": \"1.0\"" +
        "    }," +
        "    \"threatInfo\": {" +
        "      \"threatTypes\":      [\"MALWARE\", \"SOCIAL_ENGINEERING\"]," +
        "      \"platformTypes\":    [\"ANY_PLATFORM\"]," +
        "      \"threatEntryTypes\": [\"URL\"]," +
        "      \"threatEntries\": [" +
        "        {\"url\": \"http://fileserver03.com\"}," +
        "        {\"url\": \"https://bing.com\"}," +
        "        {\"url\": \"https://yahoo.com\"}" +
        "      ]" +
        "    }" +
        "  }";

URL url = new URL(postURL);
HttpURLConnection con = (HttpURLConnection) url.openConnection();

con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
con.setRequestProperty("Content-Type", "application/json");

con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(requestBody);
wr.flush();
wr.close();

int responseCode = con.getResponseCode();
System.out.println("Response Code: " + responseCode);
System.out.println("Response Message: " + con.getResponseMessage());

BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String output;
StringBuffer response = new StringBuffer();

while ((output = in .readLine()) != null) {
    response.append(output);
} in .close();

System.out.println("Response: " + response.toString());

Here is the output:

Response Code: 200
Response Message: OK
Response: {}
Improve this question

1 Answer 1

Reset to default
7

Google Safe Browsing API v4 returns empty JSON with http code 200 if URLs were not listed as "MALWARE" or any other "threatTypes" you searched for.

So you can try other URLs to see how response for Listed URLs look like. Try these:

http://goooogleadsence.biz/
http://activefile.ucoz.com/
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Safe Browsing API v4 returns empty JSON with http_code 200 if URLs were not listed as any threatTypes
There is something strange. I've added activefile.ucoz.com, but the response is the same: +200 with {}. Wow, after some investigation I've find a nice site to test: testsafebrowsing.appspot.com/s/phishing.html from testsafebrowsing.appspot.com
returns {} for the urls you've listed for me as well

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.