# Malicious

**urlscan Pro** - Look up how often an observable (IP, hostname, domain, or URL) has been seen in malicious scan results, along with first and last seen timestamps.


## Malicious observable lookup

 - [GET /api/v1/malicious/{type}/{value}](https://docs.urlscan.io/apis/urlscan-openapi/malicious/lookupmaliciousobservable.md): urlscan Pro - Look up how often an observable has been seen in malicious scan results,
along with first and last seen timestamps.

The type parameter selects what kind of observable to query:

- ip — Match scans by the IP address of the page server (e.g. 192.0.2.1).
- hostname — Match scans by the exact page hostname (e.g. www.example.com). Use this when you are interested in a specific host.
- domain — Match scans by the apex (registered) domain (e.g. example.com). This covers all subdomains under that domain, so a lookup for example.com will include scans for www.example.com, blog.example.com, etc. Use this for a broader view across an entire domain.
- url — Match scans by the exact page URL. The value must be URL-encoded (e.g. https%3A%2F%2Fexample.com%2F).