# Whois

### Check IP/Domain Whois

The response returns geolocation information of the queried IP address or domain, including status, country, region, city, zip code, latitude, longitude, timezone, ISP, organization, and AS (Autonomous System) details.

#### Request

<mark style="color:green;">**GET**</mark> `https://ismalicious.com/api/check/whois?query=146.59.151.156`

Try this endpoint in your [**browser**](https://ismalicious.com/api/check/whois?query=146.59.151.156) 🔗

{% tabs %}
{% tab title="Request" %}
Query Parameters

| Parameter    | Type   | Description                            |
| ------------ | ------ | -------------------------------------- |
| `query`      | string | The IP address / Domain name to check. |
| {% endtab %} |        |                                        |

{% tab title="Response" %}

#### Response

```json
{
    "whois": {
        "ip": "146.59.151.156",
        "rir": "RIPE",
        "is_bogon": false,
        "is_mobile": false,
        "is_crawler": false,
        "is_datacenter": true,
        "is_tor": false,
        "is_proxy": false,
        "is_vpn": true,
        "is_abuser": false,
        "datacenter": {
            "datacenter": "OVH SAS",
            "domain": "ovhcloud.com",
            "network": "146.59.150.0 - 146.59.151.255"
        },
        "company": {
            "name": "OVH SAS",
            "abuser_score": "0.0098 (Elevated)",
            "domain": "ovhcloud.com",
            "type": "hosting",
            "network": "146.59.150.0 - 146.59.151.255",
            "whois": "https://api.ipapi.is/?whois=146.59.150.0"
        },
        "abuse": {
            "name": "OVH Technical Contact",
            "address": "OVH SAS, 2 rue Kellermann, 59100 Roubaix, France",
            "email": "abuse@ovh.net",
            "phone": "+33972101007"
        },
        "asn": {
            "asn": 16276,
            "abuser_score": "0.0032 (Low)",
            "route": "146.59.0.0/16",
            "descr": "OVH, FR",
            "country": "fr",
            "active": true,
            "org": "OVH SAS",
            "domain": "ovhcloud.com",
            "abuse": "abuse@ovh.net",
            "type": "hosting",
            "created": "1970-01-01",
            "updated": "2024-12-02",
            "rir": "RIPE",
            "whois": "https://api.ipapi.is/?whois=AS16276"
        },
        "location": {
            "continent": "EU",
            "country": "France",
            "country_code": "FR",
            "state": "Hauts-de-France",
            "city": "Roubaix",
            "latitude": 50.69421,
            "longitude": 3.17456,
            "zip": "59998 CEDEX",
            "timezone": "Europe/Paris",
            "local_time": "2024-12-10T14:27:29+01:00",
            "local_time_unix": 1733837249,
            "is_dst": false
        },
        "elapsed_ms": 0.71
    }
}
```

{% endtab %}
{% endtabs %}

#### Description

This API endpoint provides detailed WHOIS information for a given IP address or domain name. By querying this endpoint, users can obtain data regarding the ownership, network range, and associated organization of an IP address. The response further includes insights about data center presence, VPN and proxy usage, along with geographical and organizational details. This feature is crucial for security teams and IT professionals to carry out robust network analysis and threat assessments efficiently.

**Why is this useful?**

* Helps identify potential threats by revealing whether an IP is associated with malicious activities, data centers, or VPNs.
* Provides detailed insights into network ownership and geography, allowing for better network oversight.
* Assists in meeting regulatory requirements by documenting IP and domain ownership and associated activities.
* Identifies suspicious IPs or domains used in fraudulent schemes, reducing the risk of financial loss.
* Supports data-driven decisions by providing comprehensive network and organization details.

#### More:

For performance reasons, you'll find other separate endpoints for each sub-check you want to look after:

{% content-ref url="/pages/UpTmgHhwsRYxAIRhlxIL" %}
[Reputation](/technical-docs/api-reference/check-ressource/reputation.md)
{% endcontent-ref %}

{% content-ref url="/pages/OspdXm1aHTKbrPvF2Jil" %}
[Vulnerabilities](/technical-docs/api-reference/check-ressource/vulnerabilities.md)
{% endcontent-ref %}

{% content-ref url="/pages/CbqwTrxj1RcUuxdzcH3z" %}
[Geolocation](/technical-docs/api-reference/check-ressource/geolocation.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ismalicious.com/technical-docs/api-reference/check-ressource/whois.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.