[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe Malware Domain List integration, version 8.0, allows users to check if a URL is listed within its database through the "Check URL" action.\u003c/p\u003e\n"],["\u003cp\u003eThe "Check URL" action runs on the URL entity and provides enrichment data such as Domain, Description, IP, Country, Reverse Lookup, and Date (UTC), when available in the JSON result.\u003c/p\u003e\n"],["\u003cp\u003eThe integration includes a "Ping" action, which runs on all entities and tests the connectivity, returning a True/False status in the \u003ccode\u003eis_success\u003c/code\u003e script result.\u003c/p\u003e\n"],["\u003cp\u003eThe integration's search for a URL, as per the "Check URL" action, provides a \u003ccode\u003eresults_count\u003c/code\u003e script result that indicates if the url exists within the Malware Domain List database.\u003c/p\u003e\n"]]],[],null,["# Malware Domain List\n===================\n\nIntegration version: 8.0\n\nConfigure Malware Domain List integration in Google Security Operations\n-----------------------------------------------------------------------\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n-------\n\n### Check URL\n\n#### Description\n\nThis action fetches a URL and searches for it in the Malware Domain List.\ndatabase.\n\n#### Parameters\n\nN/A\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on the URL entity.\n\n#### Action Results\n\n##### Entity Enrichment\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n [{\n \"EntityResult\":\n [{\n \"Domain\": \"dieutribenhkhop.com/parking/\",\n \"Description\": \"Ransom, Fake.PCN, Malspam\",\n \"IP\": \"1.1.1.1\",\n \"Country\": \"DE\",\n \"Reverse Lookup\": \"125.0-1.1.1.1.in-addr.arpa.\",\n \"Date (UTC)\": \"2017/03/20_10:13\"\n },\n {\n \"Domain\": \"dieutribenhkhop.com/parking/pay/rd.php?id=10\",\n \"Description\": \"Ransom, Fake.PCN, Malspam\",\n \"IP\": \"1.1.1.1\",\n \"Country\": \"DE\",\n \"Reverse Lookup\": \"125.0-1.1.1.1.in-addr.arpa.\",\n \"Date (UTC)\": \"2017/03/20_10:13\"\n }],\n \"Entity\": \"dieutribenhkhop.com\"\n }]\n\n### Ping\n\n#### Description\n\nTest Connectivity.\n\n#### Parameters\n\nN/A\n\n#### Use cases\n\nN/A\n\n#### Run On\n\nThis action runs on all entities.\n\n#### Action Results\n\n##### Entity Enrichment\n\nN/A\n\n##### Insights\n\nN/A\n\n##### Script Result\n\n##### JSON Result\n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]