The URL must be valid (see RFC 2396)
but it doesn't need to be canonicalized.
If you use the REST API, you must encode GET parameters, like the URI.
The HTTP GET response returns the matching threat types, if any, along with
the cache expiration.
Example: uris.search
HTTP method and URL:
GET https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html&key=API_KEY
To send your request, choose one of these options:
curl
Execute the following command:
curl -X GET \ "https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html&key=API_KEY"
importcom.google.cloud.webrisk.v1.WebRiskServiceClient;importcom.google.webrisk.v1.SearchUrisRequest;importcom.google.webrisk.v1.SearchUrisResponse;importcom.google.webrisk.v1.ThreatType;importjava.io.IOException;publicclassSearchUri{publicstaticvoidmain(String[]args)throwsIOException{// TODO(developer): Replace these variables before running the sample.// The URI to be checked for matches.Stringuri="http://testsafebrowsing.appspot.com/s/malware.html";// The ThreatLists to search in. Multiple ThreatLists may be specified.ThreatTypethreatType=ThreatType.MALWARE;searchUri(uri,threatType);}// This method is used to check whether a URI is on a given threatList. Multiple threatLists may// be searched in a single query.// The response will list all requested threatLists the URI was found to match. If the URI is not// found on any of the requested ThreatList an empty response will be returned.publicstaticvoidsearchUri(Stringuri,ThreatTypethreatType)throwsIOException{// Initialize client that will be used to send requests. This client only needs to be created// once, and can be reused for multiple requests. After completing all of your requests, call// the `webRiskServiceClient.close()` method on the client to safely// clean up any remaining background resources.try(WebRiskServiceClientwebRiskServiceClient=WebRiskServiceClient.create()){SearchUrisRequestsearchUrisRequest=SearchUrisRequest.newBuilder().addThreatTypes(threatType).setUri(uri).build();SearchUrisResponsesearchUrisResponse=webRiskServiceClient.searchUris(searchUrisRequest);if(!searchUrisResponse.getThreat().getThreatTypesList().isEmpty()){System.out.println("The URL has the following threat: ");System.out.println(searchUrisResponse);}else{System.out.println("The URL is safe!");}}}}
Python
fromgoogle.cloudimportwebrisk_v1fromgoogle.cloud.webrisk_v1importSearchUrisResponsedefsearch_uri(uri:str,threat_type:webrisk_v1.ThreatType.MALWARE)-> SearchUrisResponse:"""Checks whether a URI is on a given threatList. Multiple threatLists may be searched in a single query. The response will list all requested threatLists the URI was found to match. If the URI is not found on any of the requested ThreatList an empty response will be returned. Args: uri: The URI to be checked for matches Example: "http://testsafebrowsing.appspot.com/s/malware.html" threat_type: The ThreatLists to search in. Multiple ThreatLists may be specified. Example: threat_type = webrisk_v1.ThreatType.MALWARE Returns: SearchUrisResponse that contains a threat_type if the URI is present in the threatList. """webrisk_client=webrisk_v1.WebRiskServiceClient()request=webrisk_v1.SearchUrisRequest()request.threat_types=[threat_type]request.uri=uriresponse=webrisk_client.search_uris(request)ifresponse.threat.threat_types:print(f"The URI has the following threat: {response}")else:print("The URL is safe!")returnresponse
If no results match your request, you will get an empty JSON response of {}.
This means that the URL you provided isn't on any threat lists.
Cache durations
The expireTime field indicates the timestamp at which the match should be
considered expired. For details, see Caching.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Using the Lookup API\n====================\n\nOverview\n--------\n\nThe Lookup API lets your client applications check if a URL is included on any\nof the Web Risk lists.\n\nChecking URLs\n-------------\n\nTo check if a URL is on a Web Risk list, send an HTTP `GET` request to\nthe [`uris.search`](/web-risk/docs/reference/rest/v1/uris/search)\nmethod:\n\n- The Lookup API supports one URL per request. To check multiple URLs, you need to send a separate request for each URL.\n- You can specify multiple [threat types](/web-risk/docs/reference/rest/v1/ThreatType)\n in a single request by repeating the `threatTypes` field. For example:\n\n &threatTypes=SOCIAL_ENGINEERING&threatTypes=MALWARE\n\n- The URL must be valid (see [RFC 2396](http://www.ietf.org/rfc/rfc2396.txt))\n but it doesn't need to be canonicalized.\n\n- If you use the REST API, you must encode `GET` parameters, like the URI.\n\n- The HTTP `GET` response returns the matching threat types, if any, along with\n the cache expiration.\n\nExample: uris.search\n--------------------\n\n\nHTTP method and URL:\n\n```\nGET https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html&key=API_KEY\n```\n\nTo send your request, choose one of these options: \n\n#### curl\n\n\nExecute the following command:\n\n```\ncurl -X GET \\\n \"https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html&key=API_KEY\"\n```\n\n#### PowerShell\n\n\nExecute the following command:\n\n```\n$headers = @{ }\n\nInvoke-WebRequest `\n -Method GET `\n -Headers $headers `\n -Uri \"https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html&key=API_KEY\" | Select-Object -Expand Content\n```\n\nYou should receive a JSON response similar to the following:\n\n```\n{\n \"threat\": {\n \"threatTypes\": [\n \"MALWARE\"\n ],\n \"expireTime\": \"2019-07-17T15:01:23.045123456Z\"\n }\n}\n```\n\n\u003cbr /\u003e\n\n### Java\n\n\n import com.google.cloud.webrisk.v1.https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.cloud.webrisk.v1.WebRiskServiceClient.html;\n import com.google.webrisk.v1.https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.SearchUrisRequest.html;\n import com.google.webrisk.v1.https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.SearchUrisResponse.html;\n import com.google.webrisk.v1.https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.ThreatType.html;\n import java.io.IOException;\n\n public class SearchUri {\n\n public static void main(String[] args) throws IOException {\n // TODO(developer): Replace these variables before running the sample.\n // The URI to be checked for matches.\n String uri = \"http://testsafebrowsing.appspot.com/s/malware.html\";\n\n // The ThreatLists to search in. Multiple ThreatLists may be specified.\n https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.ThreatType.html threatType = https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.ThreatType.html.MALWARE;\n\n searchUri(uri, threatType);\n }\n\n // This method is used to check whether a URI is on a given threatList. Multiple threatLists may\n // be searched in a single query.\n // The response will list all requested threatLists the URI was found to match. If the URI is not\n // found on any of the requested ThreatList an empty response will be returned.\n public static void searchUri(String uri, https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.ThreatType.html threatType) throws IOException {\n // Initialize client that will be used to send requests. This client only needs to be created\n // once, and can be reused for multiple requests. After completing all of your requests, call\n // the `webRiskServiceClient.close()` method on the client to safely\n // clean up any remaining background resources.\n try (https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.cloud.webrisk.v1.WebRiskServiceClient.html webRiskServiceClient = https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.cloud.webrisk.v1.WebRiskServiceClient.html.create()) {\n\n https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.SearchUrisRequest.html searchUrisRequest =\n https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.SearchUrisRequest.html.newBuilder()\n .addThreatTypes(threatType)\n .setUri(uri)\n .build();\n\n https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.SearchUrisResponse.html searchUrisResponse = webRiskServiceClient.searchUris(searchUrisRequest);\n\n if (!searchUrisResponse.https://cloud.google.com/java/docs/reference/google-cloud-webrisk/latest/com.google.webrisk.v1.SearchUrisResponse.html#com_google_webrisk_v1_SearchUrisResponse_getThreat__().getThreatTypesList().isEmpty()) {\n System.out.println(\"The URL has the following threat: \");\n System.out.println(searchUrisResponse);\n } else {\n System.out.println(\"The URL is safe!\");\n }\n }\n }\n }\n\n### Python\n\n\n from google.cloud import https://cloud.google.com/python/docs/reference/webrisk/latest/\n from google.cloud.webrisk_v1 import https://cloud.google.com/python/docs/reference/webrisk/latest/google.cloud.webrisk_v1.types.SearchUrisResponse.html\n\n\n def search_uri(\n uri: str, threat_type: https://cloud.google.com/python/docs/reference/webrisk/latest/.https://cloud.google.com/python/docs/reference/webrisk/latest/google.cloud.webrisk_v1.types.ThreatType.html.MALWARE\n ) -\u003e SearchUrisResponse:\n \"\"\"Checks whether a URI is on a given threatList.\n\n Multiple threatLists may be searched in a single query. The response will list all\n requested threatLists the URI was found to match. If the URI is not\n found on any of the requested ThreatList an empty response will be returned.\n\n Args:\n uri: The URI to be checked for matches\n Example: \"http://testsafebrowsing.appspot.com/s/malware.html\"\n threat_type: The ThreatLists to search in. Multiple ThreatLists may be specified.\n Example: threat_type = webrisk_v1.ThreatType.MALWARE\n\n Returns:\n SearchUrisResponse that contains a threat_type if the URI is present in the threatList.\n \"\"\"\n webrisk_client = https://cloud.google.com/python/docs/reference/webrisk/latest/.https://cloud.google.com/python/docs/reference/webrisk/latest/google.cloud.webrisk_v1.services.web_risk_service.WebRiskServiceClient.html()\n\n request = https://cloud.google.com/python/docs/reference/webrisk/latest/.https://cloud.google.com/python/docs/reference/webrisk/latest/google.cloud.webrisk_v1.types.SearchUrisRequest.html()\n request.threat_types = [threat_type]\n request.uri = uri\n\n response = webrisk_client.https://cloud.google.com/python/docs/reference/webrisk/latest/google.cloud.webrisk_v1.services.web_risk_service.WebRiskServiceClient.html#google_cloud_webrisk_v1_services_web_risk_service_WebRiskServiceClient_search_uris(request)\n if response.threat.threat_types:\n print(f\"The URI has the following threat: {response}\")\n else:\n print(\"The URL is safe!\")\n return response\n\n\u003cbr /\u003e\n\nIf no results match your request, you will get an empty JSON response of `{}`.\nThis means that the URL you provided isn't on any threat lists.\n\n**Cache durations**\n\nThe `expireTime` field indicates the timestamp at which the match should be\nconsidered expired. For details, see [Caching](/web-risk/docs/caching).\n\nWhat's next?\n------------\n\nLearn about [Using the Update API](/web-risk/docs/update-api)."]]
