I recently delved into the realm of malware and phishing detection, experimenting with various services. One interesting observation emerged during my exploration—specifically, the disparity in detecting malicious URLs between Google Web Risk Lookup API and VirusTotal.
I conducted tests with URLs sourced from databases like urlhaus, and intriguingly, Google Web Risk Lookup API did not flag many of them as malicious, even though counterparts like VirusTotal successfully identified them. Notably, some of these URLs were associated with well-known malware payloads.
It's worth noting that the tests were conducted on the Google Cloud Platform, leveraging Google Web Risk, and the results were compared against those obtained from VirusTotal.
what is the reason for this?