https://transparencyreport.google.com/transparencyreport/api/v3/safebrowsing/status?site=domainhere:
When we get the results from the endpoint above, the actual results we want will be on the 3rd line.
The first line will contain )]}', and the second line will be blank. Ignore both of those lines and get the results from the 3rd line.
Ex:
$ curl -sL 'https://transparencyreport.google.com/transparencyreport/api/v3/safebrowsing/status?site=testsafebrowsing.appspot.com' | tail -n -1
[["sb.ssr",3,1,0,1,1,0,1628410274243,"https://testsafebrowsing.appspot.com"]]
The 3rd line contains a nested array that tells us about the domain. The 2nd entry in the array gives a general status of the results, and the rest of the entries give more details.
What the results mean:
[[0]]: unimportant
[[1]]: Shows general status of the results. AFAIK, will either be 6, 5, 3, 2, or 1
- 6:
No available data - 5:
This site hosts files that are not commonly downloaded - 3:
Some pages on this site are unsafe - 2:
This site is unsafe - 1:
No unsafe content found
[[2]]: Will either be 0 for false or 1 for true.
- 1:
Sends visitors to harmful websites
[[3]]: Will either be 0 for false or 1 for true.
- 1:
Installs unwanted or malicious software on visitors’ computers
[[4]]: Will either be 0 for false or 1 for true.
- 1:
Tries to trick visitors into sharing personal info or downloading software(this result is for phishing domains)
[[5]]: Will either be 0 for false or 1 for true.
- 1:
Contains unwanted or malicious software
[[6]]: Will either be 0 for false or 1 for true.
- 1:
Distributes uncommon downloads
[[7]]: modified time
[[8]]: domain that was scanned
I believe 4 is for safe sites, take a look at the response for google:
And facebook:
So 4 might be an whitelist?