# Check ressource

### Check IP

The response from the API indicates whether the queried IP address or domain is malicious. The `malicious` field is a boolean that confirms if the IP is associated with suspicious activity. If `true`, the `sources` array provides details about the blocklists where this IP was found, including the name, type, category, and a URL to the list. This helps users trace and verify the threat origins using reputable security sources.

#### Request

<mark style="color:green;">**GET**</mark> `https://ismalicious.com/api/check?query=qouv.fr`

Try this endpoint in your [**browser**](https://ismalicious.com/api/check?query=qouv.fr) 🔗

{% tabs %}
{% tab title="Request" %}
Query Parameters

| Parameter    | Type   | Description                            |
| ------------ | ------ | -------------------------------------- |
| `query`      | string | The IP address / Domain name to check. |
| {% endtab %} |        |                                        |

{% tab title="Response" %}

#### Response

```json
{
    "sources": [
        {
            "status": "verified",
            "name": "Dl Red Flag Domains - Red.flag.domains.txt",
            "type": "domain",
            "url": "https://dl.red.flag.domains/red.flag.domains.txt"
        },
        {
            "category": "phishing",
            "status": "verified",
            "name": "Duggytuxy - Phishing Scam Domains.txt",
            "type": "domain",
            "url": "https://raw.githubusercontent.com/duggytuxy/phishing_scam_domains/main/phishing_scam_domains.txt"
        },
        {
            "status": "verified",
            "name": "Romain Marcoux - Full Domains Aa.txt",
            "type": "domain",
            "category": "malware",
            "url": "https://raw.githubusercontent.com/romainmarcoux/malicious-domains/main/full-domains-aa.txt"
        },
        {
            "status": "verified",
            "name": "Hyder365 - Combined.txt",
            "type": "domain",
            "category": "phishing",
            "url": "https://raw.githubusercontent.com/hyder365/combined-dns-list/master/combined.txt"
        },
        {
            "category": "phishing",
            "status": "verified",
            "name": "Hectorm - Hmirror - Someonewhocares.org",
            "type": "domain",
            "url": "https://raw.githubusercontent.com/hectorm/hmirror/master/data/someonewhocares.org/list.txt"
        },
        {
            "category": "phishing",
            "status": "verified",
            "name": "Someonewhocares Org - Hosts",
            "type": "domain",
            "url": "https://someonewhocares.org/hosts/hosts"
        },
        {
            "category": "malware",
            "status": "verified",
            "name": "V Firebog Net - Prigent Malware.txt",
            "type": "domain",
            "url": "https://v.firebog.net/hosts/Prigent-Malware.txt"
        }
    ],
    "type": "DOMAIN",
    "value": "qouv.fr",
    "malicious": true,
    "reputation": {
        "malicious": 7,
        "harmless": 0,
        "suspicious": 0,
        "undetected": 567,
        "timeout": 0
    },
    "whois": {
        "domain": {
            "domain": "qouv.fr",
            "punycode": "qouv.fr",
            "name": "qouv",
            "extension": "fr",
            "status": [
                "active"
            ],
            "name_servers": [
                "ns-150-b.gandi.net",
                "ns-197-a.gandi.net",
                "ns-220-c.gandi.net"
            ],
            "created_date": "2024-10-07T09:04:51.46256Z",
            "created_date_in_time": "2024-10-07T09:04:51.46256Z",
            "updated_date": "2024-10-12T09:11:24.271385Z",
            "updated_date_in_time": "2024-10-12T09:11:24.271385Z",
            "expiration_date": "2025-10-07T09:04:51.418135Z",
            "expiration_date_in_time": "2025-10-07T09:04:51.418135Z"
        },
        "registrar": {
            "name": "GANDI",
            "street": "63-65 boulevard Massena, 75013 PARIS",
            "country": "FR",
            "phone": "+33.170377661",
            "fax": "+33.143731851",
            "email": "support@support.gandi.net",
            "referral_url": "https://www.gandi.net/fr/tlds/fr/"
        },
        "registrant": {
            "id": "CTC4025262-FRNIC"
        },
        "administrative": {
            "id": "CTC4025262-FRNIC",
            "name": "Etat francais represente par le Premier Ministre DSAF",
            "street": "Etat francais represente par le Premier Ministre DSAF, 18 RUE VANEAU, 75700 PARIS",
            "country": "FR",
            "phone": "+33.142758000",
            "email": "00e0885df59caa9c48c10d1d493d15ff-50551183@contact.gandi.net"
        },
        "technical": {
            "id": "CTC4025262-FRNIC"
        }
    },
    "geo": {
        "status": "fail",
        "message": "invalid query",
        "query": "qouv.fr"
    },
    "similar_domains": {
        "total_hits": 0,
        "keywords": "qouv.fr",
        "hits": []
    }
}
```

{% endtab %}
{% endtabs %}

#### Description

#### Feature Description: IP and Domain Checking

The IP and Domain checking feature offers an advanced security layer for users aiming to proactively detect and mitigate potential threats. By leveraging a robust database of verified sources, this feature identifies malicious domains and IP addresses, ensuring businesses can address risks swiftly. Its real-time updates and comprehensive threat detection capabilities make it a pivotal tool for network security management, helping prevent data breaches and associated financial losses. Users can also perform targeted checks with specialized sub-endpoints, allowing for performance optimization and detailed threat analysis.

**Why is this useful?**

* Enhances security by identifying malicious domains and IPs proactively.
* Utilizes multiple verified sources for comprehensive threat detection.
* Provides timely updates ensuring current threat protection.
* Allows businesses to assess potential threats quickly and efficiently.
* Facilitates informed decision-making regarding network security actions.
* Minimizes risk of data breaches and financial loss.
* Offers targeted sub-checks for detailed analysis, optimizing performance.

For performance reasons, you'll find separate endpoints for each sub-check you want to look for:

{% content-ref url="/pages/UpTmgHhwsRYxAIRhlxIL" %}
[Reputation](/technical-docs/api-reference/check-ressource/reputation.md)
{% endcontent-ref %}

{% content-ref url="/pages/OspdXm1aHTKbrPvF2Jil" %}
[Vulnerabilities](/technical-docs/api-reference/check-ressource/vulnerabilities.md)
{% endcontent-ref %}

{% content-ref url="/pages/CbqwTrxj1RcUuxdzcH3z" %}
[Geolocation](/technical-docs/api-reference/check-ressource/geolocation.md)
{% endcontent-ref %}

{% content-ref url="/pages/iszKMyvDuVEIJd1m21s2" %}
[Whois](/technical-docs/api-reference/check-ressource/whois.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ismalicious.com/technical-docs/api-reference/check-ressource.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.