# Check ressource ### Check IP The response from the API indicates whether the queried IP address or domain is malicious. The `malicious` field is a boolean that confirms if the IP is associated with suspicious activity. If `true`, the `sources` array provides details about the blocklists where this IP was found, including the name, type, category, and a URL to the list. This helps users trace and verify the threat origins using reputable security sources. #### Request **GET** `https://ismalicious.com/api/check?query=qouv.fr` Try this endpoint in your [**browser**](https://ismalicious.com/api/check?query=qouv.fr) 🔗 {% tabs %} {% tab title="Request" %} Query Parameters | Parameter | Type | Description | | ------------ | ------ | -------------------------------------- | | `query` | string | The IP address / Domain name to check. | | {% endtab %} | | | {% tab title="Response" %} #### Response ```json { "sources": [ { "status": "verified", "name": "Dl Red Flag Domains - Red.flag.domains.txt", "type": "domain", "url": "https://dl.red.flag.domains/red.flag.domains.txt" }, { "category": "phishing", "status": "verified", "name": "Duggytuxy - Phishing Scam Domains.txt", "type": "domain", "url": "https://raw.githubusercontent.com/duggytuxy/phishing_scam_domains/main/phishing_scam_domains.txt" }, { "status": "verified", "name": "Romain Marcoux - Full Domains Aa.txt", "type": "domain", "category": "malware", "url": "https://raw.githubusercontent.com/romainmarcoux/malicious-domains/main/full-domains-aa.txt" }, { "status": "verified", "name": "Hyder365 - Combined.txt", "type": "domain", "category": "phishing", "url": "https://raw.githubusercontent.com/hyder365/combined-dns-list/master/combined.txt" }, { "category": "phishing", "status": "verified", "name": "Hectorm - Hmirror - Someonewhocares.org", "type": "domain", "url": "https://raw.githubusercontent.com/hectorm/hmirror/master/data/someonewhocares.org/list.txt" }, { "category": "phishing", "status": "verified", "name": "Someonewhocares Org - Hosts", "type": "domain", "url": "https://someonewhocares.org/hosts/hosts" }, { "category": "malware", "status": "verified", "name": "V Firebog Net - Prigent Malware.txt", "type": "domain", "url": "https://v.firebog.net/hosts/Prigent-Malware.txt" } ], "type": "DOMAIN", "value": "qouv.fr", "malicious": true, "reputation": { "malicious": 7, "harmless": 0, "suspicious": 0, "undetected": 567, "timeout": 0 }, "whois": { "domain": { "domain": "qouv.fr", "punycode": "qouv.fr", "name": "qouv", "extension": "fr", "status": [ "active" ], "name_servers": [ "ns-150-b.gandi.net", "ns-197-a.gandi.net", "ns-220-c.gandi.net" ], "created_date": "2024-10-07T09:04:51.46256Z", "created_date_in_time": "2024-10-07T09:04:51.46256Z", "updated_date": "2024-10-12T09:11:24.271385Z", "updated_date_in_time": "2024-10-12T09:11:24.271385Z", "expiration_date": "2025-10-07T09:04:51.418135Z", "expiration_date_in_time": "2025-10-07T09:04:51.418135Z" }, "registrar": { "name": "GANDI", "street": "63-65 boulevard Massena, 75013 PARIS", "country": "FR", "phone": "+33.170377661", "fax": "+33.143731851", "email": "support@support.gandi.net", "referral_url": "https://www.gandi.net/fr/tlds/fr/" }, "registrant": { "id": "CTC4025262-FRNIC" }, "administrative": { "id": "CTC4025262-FRNIC", "name": "Etat francais represente par le Premier Ministre DSAF", "street": "Etat francais represente par le Premier Ministre DSAF, 18 RUE VANEAU, 75700 PARIS", "country": "FR", "phone": "+33.142758000", "email": "00e0885df59caa9c48c10d1d493d15ff-50551183@contact.gandi.net" }, "technical": { "id": "CTC4025262-FRNIC" } }, "geo": { "status": "fail", "message": "invalid query", "query": "qouv.fr" }, "similar_domains": { "total_hits": 0, "keywords": "qouv.fr", "hits": [] } } ``` {% endtab %} {% endtabs %} #### Description #### Feature Description: IP and Domain Checking The IP and Domain checking feature offers an advanced security layer for users aiming to proactively detect and mitigate potential threats. By leveraging a robust database of verified sources, this feature identifies malicious domains and IP addresses, ensuring businesses can address risks swiftly. Its real-time updates and comprehensive threat detection capabilities make it a pivotal tool for network security management, helping prevent data breaches and associated financial losses. Users can also perform targeted checks with specialized sub-endpoints, allowing for performance optimization and detailed threat analysis. **Why is this useful?** * Enhances security by identifying malicious domains and IPs proactively. * Utilizes multiple verified sources for comprehensive threat detection. * Provides timely updates ensuring current threat protection. * Allows businesses to assess potential threats quickly and efficiently. * Facilitates informed decision-making regarding network security actions. * Minimizes risk of data breaches and financial loss. * Offers targeted sub-checks for detailed analysis, optimizing performance. For performance reasons, you'll find separate endpoints for each sub-check you want to look for: {% content-ref url="check-ressource/reputation" %} [reputation](https://docs.ismalicious.com/technical-docs/api-reference/check-ressource/reputation) {% endcontent-ref %} {% content-ref url="check-ressource/vulnerabilities" %} [vulnerabilities](https://docs.ismalicious.com/technical-docs/api-reference/check-ressource/vulnerabilities) {% endcontent-ref %} {% content-ref url="check-ressource/geolocation" %} [geolocation](https://docs.ismalicious.com/technical-docs/api-reference/check-ressource/geolocation) {% endcontent-ref %} {% content-ref url="check-ressource/whois" %} [whois](https://docs.ismalicious.com/technical-docs/api-reference/check-ressource/whois) {% endcontent-ref %}