Latest Malicious Domains for an IP

The latest_domains endpoint shows whether the IP address you’ve entered as input has any known malicious domains associated with it.

The domains that appear when using this endpoint are those that currently exist in the Umbrella block list.

This endpoint will return an array with a single domain name for each domain associated with the IP, along with an id number that can be ignored.

If more than one domain is associated with the IP, more than one array is returned. If no domains are associated with the IP, the array is blank. The input must be formatted as a full IPv4 IP address.

Sample query:

curl -H "Authorization: Bearer %YourToken%" "https://investigate.api.umbrella.com/ips/218.23.28.135/latest_domains"

Parameter for Input

Field
Type
Description

ip

string

IP Address to check for malicious domains

Returned Value for Output if Success 200

Field
Type
Description

id

integer

id for domain, this should be ignored

name

string

The block list domain associated with the IP

GET https://investigate.api.umbrella.com/ips/ip/latest_domains
REQUEST
curl --include \
     --header "Authorization: Bearer %YourToken%" \
https://investigate.api.umbrella.com/ips/{ip}/latest_domains
    
RESPONSE (HTTP 200, Content-Type: application/json)
[
  {
    "id": 22842894,
    "name": "www.cxhyly.com"
  },
  {
    "id": 22958747,
    "name": "cxhyly.com"
  }
]