{"_id":"581a1cb91a63870f008b61f3","project":"5615790c0f5ed00d00483dd1","__v":0,"category":{"_id":"5615790d0f5ed00d00483dd5","__v":19,"pages":["5615790e0f5ed00d00483dd7","561d48e46386060d00e06003","561d48fe31d9630d001eb5bd","561d49b657165b0d00aa5d8b","561d4a879463520d00cd11e2","561d67f48ca8b90d00210234","561d6a0bf0cff80d00ca22c3","561d6c5b071cd60d000d3221","562f9c2543c5570d001fe6bd","56311c99eae7ef0d00270e3d","56311d6702aff217007dba23","56311f96f1c0580d00fac719","563120b7242cda1900198b79","5631229bf1c0580d00fac721","563131559ead230d00a188f6","563134a324014b0d00bd9a4f","5631392082d96a0d00b0fb1d","56313c584b36120d00fdebfb","5642658ef424a10d00118360"],"project":"5615790c0f5ed00d00483dd1","version":"5615790d0f5ed00d00483dd4","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-10-07T19:57:01.871Z","from_sync":false,"order":0,"slug":"opendns-investigate-rest-api","title":"Umbrella Investigate REST API"},"version":{"_id":"5615790d0f5ed00d00483dd4","__v":6,"project":"5615790c0f5ed00d00483dd1","createdAt":"2015-10-07T19:57:01.307Z","releaseDate":"2015-10-07T19:57:01.307Z","categories":["5615790d0f5ed00d00483dd5","56157b2af432910d0000f9fe","56157cfb0f5ed00d00483ddb","562684d95db46b1700fd4f48","573b7ea9ef164e2900a2b8ff","582e285d8373c20f00810608"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"parentDoc":null,"user":"560b40145148ba0d009bd0b5","updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-11-02T17:04:57.426Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"settings":"","results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":11,"body":"This endpoint returns the date range when the domain being queried was a part of the Umbrella block list. A common use case is to find how long a domain has been in the block list for domains being blocked currently. However it will also show a record of the history of the domain in the Umbrella block list.\n\nThis endpoint will return an array with the following:\n\n* The date range for which this domain has been in the block list\n* The domain tag such as malware or phishing, identifying the security category of the domain\n* If available or possible, list the specific URL hosting the malicious content.\n\nIf there is no security category assigned to the domain, this endpoint will return a blank array. It is also possible for a single domain to return multiple current entries. For example, if there is more than one URL at a domain containing malware, or more than one security category, then there will be two entries in the array returned.\n\nThis endpoint is the equivalent of the information found under the Domain Tagging section in the UI.\n\nSample query:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"curl -H \\\"Authorization: Bearer %YourToken%\\\" \\\"https://investigate.api.umbrella.com/domains/example.com/latest_tags\\\"\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\n### Parameter for input ###\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Field\",\n    \"h-1\": \"Type\",\n    \"h-2\": \"Description\",\n    \"0-0\": \"name\",\n    \"0-1\": \"string\",\n    \"0-2\": \"domain name\"\n  },\n  \"cols\": 3,\n  \"rows\": 1\n}\n[/block]\n### Returned value for output if Success 200 ###\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Field\",\n    \"h-1\": \"Type\",\n    \"h-2\": \"Description\",\n    \"0-0\": \"period\",\n    \"1-0\": \"category\",\n    \"2-0\": \"url\",\n    \"2-1\": \"string\",\n    \"1-1\": \"string\",\n    \"0-1\": \"array of strings\",\n    \"0-2\": \"The beginning date of domain being added to block list and end date of domain being removed from block list. If domain is currently in block list, the end date will be “Current”.\",\n    \"1-2\": \"The Umbrella security category or categories that match this domain.\",\n    \"2-2\": \"The full URL containing the malicious code at the domain requested. Return is null if URL is not available.\"\n  },\n  \"cols\": 3,\n  \"rows\": 3\n}\n[/block]\n\n[block:html]\n{\n  \"html\": \"<div class=\\\"api-code-block\\\">\\n  <div class=\\\"api-code-block__header\\\">\\n    <span class=\\\"api-code-block__header__label\\\">GET</span> https://investigate.api.umbrella.com/domains/name/latest_tags\\n  </div>\\n  <div class=\\\"api-code-block__section\\\">\\n    <div class=\\\"api-code-block__section__header\\\">REQUEST</div>\\n    <pre>curl --include \\\\\\n     --header \\\"Authorization: Bearer %YourToken%\\\" \\\\\\nhttps://investigate.api.umbrella.com/domains/{name}/latest_tags\\n    </pre>\\n  </div>\\n  <div class=\\\"api-code-block__section\\\">\\n    <div class=\\\"api-code-block__section__header\\\">RESPONSE <em>(HTTP 200, Content-Type: application/json)</em>\\n    </div>\\n    <pre>\\n[\\n  {\\n    \\\"period\\\": {\\n      \\\"begin\\\": \\\"2014-04-07\\\",\\n      \\\"end\\\": \\\"Current\\\"\\n    },\\n    \\\"category\\\": \\\"Malware\\\",\\n    \\\"url\\\": \\\"http://ancgrli.prophp.org/\\\"\\n  },\\n  {\\n    \\\"period\\\": {\\n      \\\"begin\\\": \\\"2014-03-04\\\",\\n      \\\"end\\\": \\\"2014-03-05\\\"\\n    },\\n    \\\"category\\\": \\\"Malware\\\",\\n    \\\"url\\\": \\\"http://ancgrli.prophp.org/34/45791.html\\\"\\n  }\\n]\\n    </pre>\\n  </div>\\n</div>\"\n}\n[/block]\n---\n[Security Information for a Domain](https://docs.umbrella.com/developer/investigate-api/security-information-for-a-domain-1/) < **Domain Tagging Dates for a Domain** > [DNS RR History for a Type and Domain Name](https://docs.umbrella.com/developer/investigate-api/dns-rr-history-for-a-type-and-domain-name-1/)","excerpt":"","slug":"domain-tagging-dates-for-a-domain-1","type":"basic","title":"Domain Tagging Dates for a Domain"}

Domain Tagging Dates for a Domain


This endpoint returns the date range when the domain being queried was a part of the Umbrella block list. A common use case is to find how long a domain has been in the block list for domains being blocked currently. However it will also show a record of the history of the domain in the Umbrella block list. This endpoint will return an array with the following: * The date range for which this domain has been in the block list * The domain tag such as malware or phishing, identifying the security category of the domain * If available or possible, list the specific URL hosting the malicious content. If there is no security category assigned to the domain, this endpoint will return a blank array. It is also possible for a single domain to return multiple current entries. For example, if there is more than one URL at a domain containing malware, or more than one security category, then there will be two entries in the array returned. This endpoint is the equivalent of the information found under the Domain Tagging section in the UI. Sample query: [block:code] { "codes": [ { "code": "curl -H \"Authorization: Bearer %YourToken%\" \"https://investigate.api.umbrella.com/domains/example.com/latest_tags\"", "language": "text" } ] } [/block] ### Parameter for input ### [block:parameters] { "data": { "h-0": "Field", "h-1": "Type", "h-2": "Description", "0-0": "name", "0-1": "string", "0-2": "domain name" }, "cols": 3, "rows": 1 } [/block] ### Returned value for output if Success 200 ### [block:parameters] { "data": { "h-0": "Field", "h-1": "Type", "h-2": "Description", "0-0": "period", "1-0": "category", "2-0": "url", "2-1": "string", "1-1": "string", "0-1": "array of strings", "0-2": "The beginning date of domain being added to block list and end date of domain being removed from block list. If domain is currently in block list, the end date will be “Current”.", "1-2": "The Umbrella security category or categories that match this domain.", "2-2": "The full URL containing the malicious code at the domain requested. Return is null if URL is not available." }, "cols": 3, "rows": 3 } [/block] [block:html] { "html": "<div class=\"api-code-block\">\n <div class=\"api-code-block__header\">\n <span class=\"api-code-block__header__label\">GET</span> https://investigate.api.umbrella.com/domains/name/latest_tags\n </div>\n <div class=\"api-code-block__section\">\n <div class=\"api-code-block__section__header\">REQUEST</div>\n <pre>curl --include \\\n --header \"Authorization: Bearer %YourToken%\" \\\nhttps://investigate.api.umbrella.com/domains/{name}/latest_tags\n </pre>\n </div>\n <div class=\"api-code-block__section\">\n <div class=\"api-code-block__section__header\">RESPONSE <em>(HTTP 200, Content-Type: application/json)</em>\n </div>\n <pre>\n[\n {\n \"period\": {\n \"begin\": \"2014-04-07\",\n \"end\": \"Current\"\n },\n \"category\": \"Malware\",\n \"url\": \"http://ancgrli.prophp.org/\"\n },\n {\n \"period\": {\n \"begin\": \"2014-03-04\",\n \"end\": \"2014-03-05\"\n },\n \"category\": \"Malware\",\n \"url\": \"http://ancgrli.prophp.org/34/45791.html\"\n }\n]\n </pre>\n </div>\n</div>" } [/block] --- [Security Information for a Domain](https://docs.umbrella.com/developer/investigate-api/security-information-for-a-domain-1/) < **Domain Tagging Dates for a Domain** > [DNS RR History for a Type and Domain Name](https://docs.umbrella.com/developer/investigate-api/dns-rr-history-for-a-type-and-domain-name-1/)