I am planning on using the Google Safebrowsing API to vet incoming URLs in my app. There are a few steps to get through prior to discovering if a URL has malware, etc though:
- Create a combination of possible URLs to match from the base one (with querystring, different levels of paths, hosts, etc).
- SHA256 hash of each of the outcomes.
- query first 4 bytes against a local cache of similar results.
- if a match found on that, query Google's API for the entire hash for authoritative match info.
My issue is I don't have an example match to test my code for the first 3 steps. I might never know there is a bug. Is there an example positive matching URL for this service or is it possible to find a valid url? I don't see malware links in Google search results anymore, so I'm not sure I can get one that way either.
You probably want to start with the official test URLs at https://testsafebrowsing.appspot.com/.
If you're looking for real phishing sites (which may or may not be on the Safe Browsing list yet), have a look at https://www.phishtank.com/.