The Web Risk lists also referred to as threat lists or
simply lists are Google's constantly updated lists of unsafe web resources.
Examples of unsafe web resources are social engineering sites like phishing and
deceptive sites, and sites that host malware or unwanted software.
Threat types
Each Web Risk list is named (identified) using a
threatType.
List contents
Currently, all Web Risk lists consist of variable length SHA 256 hashes
between 4 and 32 bytes. These hashes are based on the suffix/prefix expressions
of the URLs associated with unsafe web resources. Note that the URLs themselves
are not stored in the Web Risk lists. For more information, see
URLs and Hashing.
When using the Lookup API to check URLs, the client sends the actual URL in the
request and the Web Risk server converts the URL to a hash before
performing the check. For additional details, see Checking
URLs for the Lookup API.
When using the Update API to check URLs, the client must convert the URL to a
hash and then send the hash prefix in the request to perform the URL
check. See Checking URLs for more
information about checking URLs with the Update API.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[],[],null,["# Web Risk Lists\n==============\n\nThis document applies to the following methods:\n\n- [Lookup API](/web-risk/docs/lookup-api): [`uris.search`](/web-risk/docs/lookup-api#example-urissearch)\n- [Update API](/web-risk/docs/update-api): [`hashes.search`](/web-risk/docs/update-api#example-hashessearch)\n- [Update API](/web-risk/docs/update-api): [`threatLists:computeDiff`](/web-risk/docs/update-api#example-threatlistscomputeDiff)\n\nAbout the lists\n---------------\n\nThe Web Risk lists also referred to as **threat lists** or\nsimply **lists** are Google's constantly updated lists of unsafe web resources.\nExamples of unsafe web resources are social engineering sites like phishing and\ndeceptive sites, and sites that host malware or unwanted software.\n\nThreat types\n------------\n\nEach Web Risk list is named (identified) using a\n[`threatType`](/web-risk/docs/reference/rest/v1/ThreatType).\n\nList contents\n-------------\n\nCurrently, all Web Risk lists consist of variable length SHA 256 hashes\nbetween 4 and 32 bytes. These hashes are based on the suffix/prefix expressions\nof the URLs associated with unsafe web resources. Note that the URLs themselves\nare not stored in the Web Risk lists. For more information, see\n[URLs and Hashing](/web-risk/docs/urls-hashing).\n\nWhen using the Lookup API to check URLs, the client sends the actual URL in the\nrequest and the Web Risk server converts the URL to a hash before\nperforming the check. For additional details, see [Checking\nURLs](/web-risk/docs/lookup-api#checking-urls) for the Lookup API.\n\nWhen using the Update API to check URLs, the client must convert the URL to a\nhash and then send the hash prefix in the request to perform the URL\ncheck. See [Checking URLs](/web-risk/docs/update-api#checking-urls) for more\ninformation about checking URLs with the Update API."]]
