POST/api/v1/phishing/safe-browsing

Safe Browsing Check

Check URLs against Google Safe Browsing to identify pages flagged for malware, social engineering, unwanted software, or potentially harmful applications.

Credits

Per request

Max URLs

500

Per request

Plans

Starter+

Starter, Professional, Enterprise

Not available on the Free plan. This endpoint requires a Starter, Professional, or Enterprise subscription. Free-plan requests will receive a 403 Forbidden response.

Threat Types Checked

Threat Type	Description
MALWARE	Pages that host or distribute malicious software
SOCIAL_ENGINEERING	Phishing pages that trick users into revealing sensitive information
UNWANTED_SOFTWARE	Pages that distribute deceptive or unwanted software
POTENTIALLY_HARMFUL_APPLICATION	Pages hosting applications that may be harmful to the user or device

Request Body

Field	Type	Required	Description
urls	string[]	Yes	Array of URLs to check (max 500)

Code Examples

cURL

curl -X POST https://dfir-lab.ch/api/v1/phishing/safe-browsing \
  -H "Authorization: Bearer sk-dfir-your-key-here" \
  -H "Content-Type: application/json" \
  -d '{
    "urls": [
      "https://example.com",
      "http://malware-test.example.org/payload",
      "https://legitimate-site.com"
    ]
  }'

Python

import requests

response = requests.post(
    "https://dfir-lab.ch/api/v1/phishing/safe-browsing",
    headers={
        "Authorization": "Bearer sk-dfir-your-key-here",
        "Content-Type": "application/json",
    },
    json={
        "urls": [
            "https://example.com",
            "http://malware-test.example.org/payload",
            "https://legitimate-site.com",
        ]
    },
)

data = response.json()
for url_result in data["results"]:
    if url_result["threats"]:
        types = [t["threat_type"] for t in url_result["threats"]]
        print(f"⚠ {url_result['url']}: {', '.join(types)}")
    else:
        print(f"✓ {url_result['url']}: safe")

Example Response

{
  "success": true,
  "results": [
    {
      "url": "https://example.com",
      "safe": true,
      "threats": []
    },
    {
      "url": "http://malware-test.example.org/payload",
      "safe": false,
      "threats": [
        {
          "threat_type": "MALWARE",
          "platform_type": "ANY_PLATFORM",
          "threat_entry_type": "URL"
        },
        {
          "threat_type": "SOCIAL_ENGINEERING",
          "platform_type": "ANY_PLATFORM",
          "threat_entry_type": "URL"
        }
      ]
    },
    {
      "url": "https://legitimate-site.com",
      "safe": true,
      "threats": []
    }
  ],
  "summary": {
    "total_urls": 3,
    "safe_count": 2,
    "flagged_count": 1
  },
  "credits_used": 2,
  "credits_remaining": 485
}

Results are powered by the Google Safe Browsing Lookup API v4. Data freshness depends on Google's update cycle, which typically reflects threats within minutes.

A URL being marked as safe means it was not found in Google's threat lists at the time of the query. It is not a guarantee of safety.