Stay organized with collections
Save and categorize content based on your preferences.
Using the Extended Coverage list
This document explains how to use Web Risk's Extended Coverage list to improve the coverage of malicious urls with a small amount (<10%) of potential false positives. It applies to the following methods:
Improve detection with the Social Engineering Extended Coverage list
You can query the Update and Lookup APIs with the Extended Coverage list as you query with Web Risk's Malware, Social Engineering, or Unwanted Software lists. When you query, include the type SOCIAL_ENGINEERING_EXTENDED_COVERAGE in your threatTypes. When you use the Extended Coverage list for Social Engineering, it provides improved coverage of phishing and deceptive sites by up to 90% in some cases.
When a match to the Extended Coverage list is found, consider that these URLs are categorized with a slightly lower confidence than the other list types, and therefore have a slightly higher chance of being a false positive.
Examples
This section lists a few examples of how to use the Extended Coverage list.
Using Extended Coverage list with uris.search
HTTP method and URL:
GET https://webrisk.googleapis.com/v1/uris:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fsocial_engineering_extended_coverage.html&key=API_KEY
To send your request, choose one of these options:
curl
Execute the following command:
curl -X GET \ "https://webrisk.googleapis.com/v1/uris:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fsocial_engineering_extended_coverage.html&key=API_KEY"
Using Extended Coverage list with threatLists.computeDiff
HTTP method and URL:
GET https://webrisk.googleapis.com/v1/threatLists:computeDiff?threatType=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&versionToken=Gg4IBBADIgYQgBAiAQEoAQ%3D%3D&constraints.maxDiffEntries=2048&constraints.maxDatabaseEntries=4096&constraints.supportedCompressions=RAW&key=API_KEY
To send your request, choose one of these options:
curl
Execute the following command:
curl -X GET \ "https://webrisk.googleapis.com/v1/threatLists:computeDiff?threatType=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&versionToken=Gg4IBBADIgYQgBAiAQEoAQ%3D%3D&constraints.maxDiffEntries=2048&constraints.maxDatabaseEntries=4096&constraints.supportedCompressions=RAW&key=API_KEY"
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Using the Extended Coverage list\n================================\n\nThis document explains how to use Web Risk's Extended Coverage list to improve the coverage of malicious urls with a small amount (\\\u003c10%) of potential false positives. It applies to the following methods:\n\n- [Lookup API](/web-risk/docs/lookup-api): [`uris.search`](/web-risk/docs/lookup-api#example-urissearch)\n- [Update API](/web-risk/docs/update-api): [`hashes.search`](/web-risk/docs/update-api#example-hashessearch)\n- [Update API](/web-risk/docs/update-api): [`threatLists:computeDiff`](/web-risk/docs/update-api#example-threatlistscomputeDiff)\n\nImprove detection with the Social Engineering Extended Coverage list\n--------------------------------------------------------------------\n\nYou can query the Update and Lookup APIs with the Extended Coverage list as you query with Web Risk's Malware, Social Engineering, or Unwanted Software lists. When you query, include the type SOCIAL_ENGINEERING_EXTENDED_COVERAGE in your `threatTypes`. When you use the Extended Coverage list for Social Engineering, it provides improved coverage of phishing and deceptive sites by up to 90% in some cases.\n\nWhen a match to the Extended Coverage list is found, consider that these URLs are categorized with a slightly lower confidence than the other list types, and therefore have a slightly higher chance of being a false positive.\n| **Note:** These URL matches might not trigger a red warning screen if visited in Chrome, Firefox, Safari or other SafeBrowsing compliant browsers.\n\nExamples\n--------\n\nThis section lists a few examples of how to use the Extended Coverage list.\n\n### Using Extended Coverage list with uris.search\n\n\nHTTP method and URL:\n\n```\nGET https://webrisk.googleapis.com/v1/uris:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fsocial_engineering_extended_coverage.html&key=API_KEY\n```\n\nTo send your request, choose one of these options: \n\n#### curl\n\n\nExecute the following command:\n\n```\ncurl -X GET \\\n \"https://webrisk.googleapis.com/v1/uris:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fsocial_engineering_extended_coverage.html&key=API_KEY\"\n```\n\n#### PowerShell\n\n\nExecute the following command:\n\n```\n$headers = @{ }\n\nInvoke-WebRequest `\n -Method GET `\n -Headers $headers `\n -Uri \"https://webrisk.googleapis.com/v1/uris:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fsocial_engineering_extended_coverage.html&key=API_KEY\" | Select-Object -Expand Content\n```\n\nYou should receive a JSON response similar to the following:\n\n```\n{\n \"threat\": {\n \"threatTypes\": [\n \"SOCIAL_ENGINEERING_EXTENDED_COVERAGE\"\n ],\n \"expireTime\": \"2019-07-17T15:01:23.045123456Z\"\n }\n}\n```\n\n### Using Extended Coverage list with threatLists.computeDiff\n\n\nHTTP method and URL:\n\n```\nGET https://webrisk.googleapis.com/v1/threatLists:computeDiff?threatType=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&versionToken=Gg4IBBADIgYQgBAiAQEoAQ%3D%3D&constraints.maxDiffEntries=2048&constraints.maxDatabaseEntries=4096&constraints.supportedCompressions=RAW&key=API_KEY\n```\n\nTo send your request, choose one of these options: \n\n#### curl\n\n\nExecute the following command:\n\n```\ncurl -X GET \\\n \"https://webrisk.googleapis.com/v1/threatLists:computeDiff?threatType=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&versionToken=Gg4IBBADIgYQgBAiAQEoAQ%3D%3D&constraints.maxDiffEntries=2048&constraints.maxDatabaseEntries=4096&constraints.supportedCompressions=RAW&key=API_KEY\"\n```\n\n#### PowerShell\n\n\nExecute the following command:\n\n```\n$headers = @{ }\n\nInvoke-WebRequest `\n -Method GET `\n -Headers $headers `\n -Uri \"https://webrisk.googleapis.com/v1/threatLists:computeDiff?threatType=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&versionToken=Gg4IBBADIgYQgBAiAQEoAQ%3D%3D&constraints.maxDiffEntries=2048&constraints.maxDatabaseEntries=4096&constraints.supportedCompressions=RAW&key=API_KEY\" | Select-Object -Expand Content\n```\n\nYou should receive a JSON response similar to the following:\n\n```\n{\n \"recommendedNextDiff\": \"2020-01-08T19:41:45.436722194Z\",\n \"responseType\": \"RESET\",\n \"additions\": {\n \"rawHashes\": [\n {\n \"prefixSize\": 4,\n \"rawHashes\": \"AArQMQAMoUgAPn8lAE...\"\n }\n ]\n },\n \"newVersionToken\": \"ChAIARAGGAEiAzAwMSiAEDABEPDyBhoCGAlTcIVL\",\n \"checksum\": {\n \"sha256\": \"wy6jh0+MAg/V/+VdErFhZIpOW+L8ulrVwhlV61XkROI=\"\n }\n}\n```\n\n### Using Extended Coverage list with hashes.search\n\n\nHTTP method and URL:\n\n```\nGET https://webrisk.googleapis.com/v1/hashes:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&hashPrefix=WwuJdQ%3D%3D&key=API_KEY\n```\n\nTo send your request, choose one of these options: \n\n#### curl\n\n\nExecute the following command:\n\n```\ncurl -X GET \\\n \"https://webrisk.googleapis.com/v1/hashes:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&hashPrefix=WwuJdQ%3D%3D&key=API_KEY\"\n```\n\n#### PowerShell\n\n\nExecute the following command:\n\n```\n$headers = @{ }\n\nInvoke-WebRequest `\n -Method GET `\n -Headers $headers `\n -Uri \"https://webrisk.googleapis.com/v1/hashes:search?threatTypes=SOCIAL_ENGINEERING_EXTENDED_COVERAGE&hashPrefix=WwuJdQ%3D%3D&key=API_KEY\" | Select-Object -Expand Content\n```\n\nYou should receive a JSON response similar to the following:\n\n```\n{\n \"threats\": [{\n \"threatTypes\": [\"SOCIAL_ENGINEERING_EXTENDED_COVERAGE\"],\n \"hash\": \"WwuJdQxaCSH453-uytERC456gf45rFExcE23F7-hnfD=\"\n \"expireTime\": \"2019-07-17T15:01:23.045123456Z\"\n },\n }],\n \"negativeExpireTime\": \"2019-07-17T15:01:23.045123456Z\"\n}\n}\n```"]]
