Google Safe Browsing

Screen any list of URLs against Google's Safe Browsing threat database — the same lists that protect billions of Chrome, Firefox, and Safari users every day. No browser, no crawl, just a clean per-URL verdict.

What you get

• One dataset row per input URL — original order preserved, duplicates removed
• isSafe boolean plus the full list of matching threats per URL
• Threat metadata — threat type (MALWARE, SOCIAL_ENGINEERING, UNWANTED_SOFTWARE, POTENTIALLY_HARMFUL_APPLICATION), platform type, and Google's recommended cache duration
• Batch-aware — automatically chunks into the API's 500-URL batches, so you can paste thousands of URLs in a single run
• Error-tolerant — a failed batch marks only its own URLs as status: "error"; the rest of the run continues

Use cases

• Ad network URL screening — vet destination URLs before serving impressions to avoid linking users to malware or phishing pages
• User-submitted content moderation — auto-flag links posted to forums, comments, and DMs before they go live
• Partner and affiliate link audits — sweep your outbound link inventory on a schedule and catch compromised partners early
• Security team URL triage — bulk-check suspicious URLs pulled from email gateways, SIEM alerts, or abuse inboxes
• Compliance reporting — generate auditable evidence that user-facing URLs were checked against an authoritative threat database

How to use

1. Paste your URLs into the URLs field — one per entry
2. Optionally narrow the Threat Types list (default checks all four categories)
3. Run the actor — results appear in the Dataset tab
4. Export the dataset as CSV/JSON or query it via the Apify API

The actor reads the Safe Browsing API key from the GOOGLE_SAFE_BROWSING_API_KEY environment variable.

Testing

The default input includes http://malware.testing.google.test/testing/malware/ — this is Google's official always-flagged test URL, guaranteed to return a MALWARE match. It's safe to use (it doesn't host real malware) and lets you verify the actor end-to-end before pointing it at real traffic.

Output format

Each dataset record:

{
  "url": "http://malware.testing.google.test/testing/malware/",
  "status": "success",
  "isSafe": false,
  "threatCount": 1,
  "threats": [
    {
      "threatType": "MALWARE",
      "platformType": "ANY_PLATFORM",
      "threatEntryType": "URL",
      "cacheDuration": "300s"
    }
  ],
  "error": null
}

A clean URL:

{
  "url": "https://www.google.com",
  "status": "success",
  "isSafe": true,
  "threatCount": 0,
  "threats": [],
  "error": null
}

If a batch request to Google fails, every URL in that batch is emitted with status: "error", isSafe: null, and the upstream error in error — so you always get one row per input URL.

Threat types

Notes

• The Google Safe Browsing v4 Lookup API is free for non-commercial use; commercial use requires registration with Google. Bring your own API key.
• Google recommends caching results for the duration in cacheDuration before re-checking — the value is passed through unchanged on every threat row.