# Reputation

### Check IP/Domain Reputation

The response returns a JSON object indicating the reputation status of the queried IP address or domain. It includes a list of sources that verified the domain as malicious, the domain type, its value, overall reputation results, and a flag indicating if the domain is considered malicious.

#### Request

<mark style="color:green;">**GET**</mark> `https://ismalicious.com/api/check/reputation?query=qouv.fr`

Try this endpoint in your [**browser**](https://ismalicious.com/api/check/reputation?query=qouv.fr) 🔗

{% tabs %}
{% tab title="Request" %}
Query Parameters

| Parameter    | Type   | Description                            |
| ------------ | ------ | -------------------------------------- |
| `query`      | string | The IP address / Domain name to check. |
| {% endtab %} |        |                                        |

{% tab title="Response" %}

#### Response

```json
{
    "sources": [
        {
            "status": "verified",
            "name": "Dl Red Flag Domains - Red.flag.domains.txt",
            "type": "domain",
            "url": "https://dl.red.flag.domains/red.flag.domains.txt"
        },
        {
            "category": "phishing",
            "status": "verified",
            "name": "Duggytuxy - Phishing Scam Domains.txt",
            "type": "domain",
            "url": "https://raw.githubusercontent.com/duggytuxy/phishing_scam_domains/main/phishing_scam_domains.txt"
        },
        {
            "status": "verified",
            "name": "Romain Marcoux - Full Domains Aa.txt",
            "type": "domain",
            "category": "malware",
            "url": "https://raw.githubusercontent.com/romainmarcoux/malicious-domains/main/full-domains-aa.txt"
        },
        {
            "status": "verified",
            "name": "Hyder365 - Combined.txt",
            "type": "domain",
            "category": "phishing",
            "url": "https://raw.githubusercontent.com/hyder365/combined-dns-list/master/combined.txt"
        },
        {
            "category": "phishing",
            "status": "verified",
            "name": "Hectorm - Hmirror - Someonewhocares.org",
            "type": "domain",
            "url": "https://raw.githubusercontent.com/hectorm/hmirror/master/data/someonewhocares.org/list.txt"
        },
        {
            "category": "phishing",
            "status": "verified",
            "name": "Someonewhocares Org - Hosts",
            "type": "domain",
            "url": "https://someonewhocares.org/hosts/hosts"
        },
        {
            "category": "malware",
            "status": "verified",
            "name": "V Firebog Net - Prigent Malware.txt",
            "type": "domain",
            "url": "https://v.firebog.net/hosts/Prigent-Malware.txt"
        }
    ],
    "type": "DOMAIN",
    "value": "qouv.fr",
    "malicious": true,
    "reputation": {
        "malicious": 7,
        "harmless": 0,
        "suspicious": 0,
        "undetected": 573,
        "timeout": 0
    }
}
```

{% endtab %}
{% endtabs %}

#### Description

This feature allows users to check the reputation of IP addresses or domain names quickly and effectively. By querying multiple verified sources, it provides comprehensive insight into whether a domain is considered malicious. The system identifies threats related to phishing and malware, offering an enhanced level of threat detection and protection. This multi-source approach ensures more accurate results and reduces the chances of false positives, helping users make informed decisions about potential security threats.

**Why is this useful?**

* Protects against cyber threats like phishing and malware.
* Identifies potentially harmful websites.
* Prevents unauthorized access to sensitive data.
* Ensures safe browsing for employees.
* Enhances overall cybersecurity measures.
* Minimizes downtime caused by cyber attacks.
* Safeguards business reputation by maintaining network security.

#### More:

For performance reasons, you'll find other separate endpoints for each sub-check you want to look after:

{% content-ref url="/pages/OspdXm1aHTKbrPvF2Jil" %}
[Vulnerabilities](/technical-docs/api-reference/check-ressource/vulnerabilities.md)
{% endcontent-ref %}

{% content-ref url="/pages/CbqwTrxj1RcUuxdzcH3z" %}
[Geolocation](/technical-docs/api-reference/check-ressource/geolocation.md)
{% endcontent-ref %}

{% content-ref url="/pages/iszKMyvDuVEIJd1m21s2" %}
[Whois](/technical-docs/api-reference/check-ressource/whois.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ismalicious.com/technical-docs/api-reference/check-ressource/reputation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.