Hostname History API

This API returns the raw historical observations for a single hostname or domain.

Response Body Semantics

The results in the results array represent aggregated observation in various intervals, from various data sources and for various different values. Each result is unique by the combination of it's seen_on, source, and sub_id fields. For each source and value we store at most one observation per day, albeit with accurate first_seen and last_seen timestamps per day. Each entry will match this format:

• seen_on always — Date, YYYY-MM-DD
• source always — Source of observation, see below
• sub_id always — Observation value, can be "" in some cases
• first_seen always — First-seen timestamp, ISO8601
• last_seen always — Last-seen timestamp, ISO8601
• data_type optional — Can be json
• data optional — Might contain arbitrary data according to data_type

The first results for every hostname will contain entries for future dates (e.g. 2200-01-01 and 2100-01-01). These records are summarised and housekeeping records which track global attributes for the hostname:

• 2200-01-01/seenDates: Global first-seen and last-seen timestamps for the hostname.
• 2100-01-01/shardDate: Internal, please disregard.
• 2100-01-01/ct: Global first-seen and last-seen timestamps for the ct datasource (Certificate Transparency).
• 2100-01-01/pdns/A: Global first-seen and last-seen timestamps for an A record for the hostname from the pdns datasource (Passive DNS).

The source filed can be one of ct, scan, pdns, zonefile, scan-link, scan-cert-subject.