This document applies to the following methods:

About metadata

Metadata is information that helps distinguish between threat types and allows for more informative warnings (see Suggested Warning Language). Metadata is part of the ThreatMatch object returned in the fullHashes.find response and includes:

  • The threat list descriptor (threat/platform/threatEntry type combination): Identifies the Safe Browsing (threat) list.
  • The threat: For threatMatches, a URL. For fullHashes, a full-length hash.
  • The metadata: Additional information about the threat.

Metadata is provided in the form of key/value string pairs (see the ThreatEntryMetadata field). For JSON requests, the key and value are both base64-encoded. The type of metadata returned will vary depending on the specific Safe Browsing list (the threat/platform/threatEntry type combination).

Malware sites

Metadata is currently available for all available lists with the MALWARE threatType and the URL threatEntryType. The key/value pairs are described here.

key value Description
malware_threat_type landing Malware landing site. These sites are gateways to malware. They are often hacked sites that include iframes, scripts, or redirects that load content from other sites that launch the actual attacks.
malware_threat_type distribution Malware distribution site. These sites launch the malware attacks.