This document applies to the following methods:
About metadata
Metadata is information that helps distinguish between threat types and allows for more informative warnings (see Suggested Warning Language). Metadata is part of the ThreatMatch object returned in the fullHashes.find response and includes:
- The threat list descriptor (threat/platform/threatEntry type combination): Identifies the Safe Browsing (threat) list.
- The threat: For
threatMatches, a URL. ForfullHashes, a full-length hash. - The metadata: Additional information about the threat.
Metadata is provided in the form of key/value string pairs (see the ThreatEntryMetadata field). For JSON requests, the key and value are both base64-encoded. The type of metadata returned will vary depending on the specific Safe Browsing list (the threat/platform/threatEntry type combination).
Malware sites
Metadata is currently available for all available lists with the MALWARE threatType
and the URL threatEntryType. The key/value pairs are described here.
| key | value | Description |
|---|---|---|
| malware_threat_type | landing | Malware landing site. These sites are gateways to malware. They are often hacked sites that include iframes, scripts, or redirects that load content from other sites that launch the actual attacks. |
| malware_threat_type | distribution | Malware distribution site. These sites launch the malware attacks. |