Domain Tagging Dates for a Domain

This Endpoint is Deprecated

Although still available, we do not recommend using the domain tagging endpoint any longer. The data here is now available under the Timeline API endpoint, which is being actively maintained and updated. If you are using this endpoint in any scripting, we recommend moving to the timeline endpoint immediately.

For more information about the timeline endpoint, see Timeline and Classifiers.

This endpoint returns the date range when the domain being queried was a part of the Umbrella block list. A common use case is to find how long a domain has been in the block list for domains being blocked currently. However it will also show a record of the history of the domain in the Umbrella block list.

This endpoint will return an array with the following:

  • The date range for which this domain has been in the block list
  • The domain tag such as malware or phishing, identifying the security category of the domain
  • If available or possible, list the specific URL hosting the malicious content.

If there is no security category assigned to the domain, this endpoint will return a blank array. It is also possible for a single domain to return multiple current entries. For example, if there is more than one URL at a domain containing malware, or more than one security category, then there will be two entries in the array returned.

This endpoint is the equivalent of the information found under the Domain Tagging section in the UI.

Sample query:

curl -H "Authorization: Bearer %YourToken%" "https://investigate.api.umbrella.com/domains/example.com/latest_tags"

Parameter for Input

Field
Type
Description

name

string

domain name

Returned Value for Output if Success 200

Field
Type
Description

period

array of strings

The beginning date of domain being added to block list and end date of domain being removed from block list. If domain is currently in block list, the end date will be “Current”.

category

string

The Umbrella security category or categories that match this domain.

url

string

The full URL containing the malicious code at the domain requested. Return is null if URL is not available.

GET https://investigate.api.umbrella.com/domains/name/latest_tags
REQUEST
curl --include \
     --header "Authorization: Bearer %YourToken%" \
https://investigate.api.umbrella.com/domains/{name}/latest_tags
    
RESPONSE (HTTP 200, Content-Type: application/json)
[
  {
    "period": {
      "begin": "2014-04-07",
      "end": "Current"
    },
    "category": "Malware",
    "url": "http://ancgrli.prophp.org/"
  },
  {
    "period": {
      "begin": "2014-03-04",
      "end": "2014-03-05"
    },
    "category": "Malware",
    "url": "http://ancgrli.prophp.org/34/45791.html"
  }
]