IPGeolocation-Logo

IP Abuse Contact API and Malicious Report Automation

IP Abuse Contact API provides valuable insights for maintaining network security and operational integrity in the current highly interconnected world, in which the rise of abusive IP addresses poses a significant threat to network integrity. The IP addresses involved in malicious activities such as phishing attacks, DDoS attacks, IP spoofing, and data breaches are reported to their managing organizations using abuse contact details.

Get Free API Access
    • stringip:"216.73.216.168" ,
    • objectabuse:Object,
      • stringroute:"216.73.216.0/22" ,
      • stringcountry:"" ,
      • stringhandle:"ANTHR5-ARIN" ,
      • stringname:"Anthropic" ,
      • stringorganization:"Anthropic" ,
      • stringrole:"technical" ,
      • stringkind:"group" ,
      • stringaddress:"548 Market St. PMB 90375 San Francisco CA 94104-5401 United States" ,
      • emails:Array[1],
        • stringemails[0]:"arin@anthropic.com" ,
      • phone_numbers:Array[1],
        • stringphone_numbers[0]:"+1-415-236-0599" ,

    Abuse Contact Person

    The abuse contact person or group includes details such as the role, handle, organization name, kind (e.g., group or individual), and postal address. This information helps identify the entity responsible for handling abuse reports. It adds legitimacy, enables comprehensive documentation, and is a critical asset for legal and compliance teams responsible for tracking or filing official complaints.

    Request

    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0''

    Response

    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "handle": "IRT-APNICRANDNET-AU",
7    "name": "IRT-APNICRANDNET-AU",
8    "organization": "",
9    "role": "abuse",
10    "kind": "group",
11    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
12 "..."
13  }
14}

    Abuse Contact Emails

    The email address listed is a direct communication channel to report malicious activity such as spam, DDoS attacks, or IP misuse. Using email allows for structured, documented reporting with attachments like logs or screenshots. It ensures faster response times, enables record keeping, and is the preferred method for most abuse handling teams globally.

    Request

    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0'

    Response

    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4  "..."
5    "emails": [
6      "helpdesk@apnic.net"
7    ],
8    "..."
9  }
10}

    Abuse Contact Phone Numbers

    The phone number serves as a real-time communication service when urgent abuse response is required. It is especially useful in time-sensitive cases like ongoing attacks or server compromise. Calling allows instant interaction, clarifications, and human support when email delays are unacceptable. It's a critical fallback when immediate action is needed.

    Request

    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0'

    Response

    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4  "..."
5    "phone_numbers": [
6      "+61 7 3858 3100"
7    ]
8  }
9}'

    Response in Multiple Languages

    You can retrieve the geolocation information for an IP address in the following languages:

    English FlagEnglish German FlagGerman Russian FlagRussian Japanese FlagJapanese French FlagFrench Chinese Simplified FlagChinese Simplified Spanish FlagSpanish Czech FlagCzech Italian FlagItalian Korean FlagKorean Persian FlagPersian Portuguese FlagPortuguese

    Use Cases

    Swift IP Abuse Reporting

    Quickly identify and report abusive IP addresses generating malicious traffic to the relevant authorities. This rapid action significantly helps in preventing further abuse and protecting network integrity by promptly alerting internet service providers and network owners. This process minimizes the window for attackers and ensures a more secure online environment for all users and services.

    cybersecurity

    Phishing Attack Mitigation

    Effectively spot and handle phishing attacks by accurately tracing and reporting the origin IP addresses. This helps protect users from clicking malicious links and leaking their personal and sensitive data. By disrupting the source of these attacks, we can reduce successful phishing attempts and enhance the protection of digital platforms for overall online safety.

    route-optimization

    Effective Spam Control

    Monitor the IP Addresses that are sending spam and report to the relevant authorities in order to reduce its impact on email systems. This essential action creates smooth communication environment for businesses and individual users as well. By proactively identifying and blocking spam sources, we can ensure communication integrity and minimize unwanted disruptions.

    business-analysis

    Automated Abuse Detection

    Integrate comprehensive abuse contact data directly into automated systems for real-time response to suspicious activities. This powerful automation enables immediate flagging and mitigation of threats, significantly reducing manual work. It ensures a proactive security measure to help take swift action against emerging online threats and protect critical infrastructure across the internet.

    fraud-prevention

    Compliance and Legal Action

    Leverage abuse contact information to meet compliance requirements and effectively report abuse cases. This data is crucial for initiating legal proceedings against entities involved in harmful activities such as IP hijacking or data breaches. By providing concrete evidence, it ensures accountability and supports the enforcement of digital legal frameworks. This approach helps protect user data and safeguard online assets.

    network-infra

    Enhanced Network Security

    Utilize comprehensive abuse contact data to significantly strengthen network defenses against online threats like DDoS attacks, malicious actors, and IP spoofing. This strategic approach ensures uninterrupted services and strong protection against cyber threats. By utilizing this data, organizations have the ability to prevent known threats and improve their defenses.

    network-infra

    Ready to get started?Get Started with Abuse Contact Lookup API Today

    Get Started
    CTA Illustration

    IP Abuse Contact Lookup API Documentation

    Abuse Lookup API

    The Abuse Contact API provides essential contact information to report abusive activity associated with IP addresses. By querying an IP address (IPv4 or IPv6), users receive detailed abuse contact data, including the responsible organization, abuse handling role, contact emails, phone numbers, and registered address. This enables users to swiftly take action to report and mitigate threats such as spam, DDoS attacks, and phishing.

    In addition to abuse-specific contacts, the API also includes registration metadata like the registered country and abuse handle. This empowers cybersecurity teams, hosting providers, and compliance entities to take appropriate legal or administrative action.

    Note: For client-side calls to the endpoints mentioned below using the Request Origin (available on paid plans only), the apiKey parameter can be omitted.

    Lookup Abuse Contact

    Abuse contact details of an IP address (IPv4 or IPv6) can be obtained using the endpoint mentioned below:
    The URL for this API is https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0 and it's default JSON response below:

    Response

    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "handle": "IRT-APNICRANDNET-AU",
7    "name": "IRT-APNICRANDNET-AU",
8    "organization": "",
9    "role": "abuse",
10    "kind": "group",
11    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
12    "emails": [
13      "helpdesk@apnic.net"
14    ],
15    "phone_numbers": [
16      "+61 7 3858 3100"
17    ]
18  }
19}

    Get Specific fields

    You can customize the API response by using the fields parameter to include only the specific data you need. For example, to retrieve only the role and emails, specify these keys in the fields parameter as shown below.

    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0&fields=abuse.role,abuse.emails'

    Response

    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "emails": [
5      "helpdesk@apnic.net"
6    ],
7    "role": "abuse"
8  }
9}

    Excluding Fields

    You can exclude specific fields from the API response (except the ip field) by listing them in the excludes parameter as a comma-separated list. For example, you want to remove emails and handle from api response, you can put the keys in excludes parameter like this.

    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0&excludes=abuse.handle,abuse.emails'

    Response

    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "name": "IRT-APNICRANDNET-AU",
7    "organization": "",
8    "role": "abuse",
9    "kind": "group",
10    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
11    "phone_numbers": [
12      "+61 7 3858 3100"
13    ]
14  }
15}

    Abuse Contact Details in /ipgeo

    The Abuse Contact API is part of the Advanced Plan . By subscribing to the Advanced plan, you can include abuse contact details in the /ipgeo endpoint along with other features such as ASN details, security information, and more.
    You can get basic Abuse Contact details in default response in abuse object as mentioned below.

    curl 'https://api.ipgeolocation.io/v2/ipgeo?apiKey=API_KEY&ip=1.0.0.0&include=abuse'

    Response

    1{
2    "ip": "1.0.0.0",
3    "location": {
4        "continent_code": "OC",
5        "continent_name": "Oceania",
6        "country_code2": "AU",
7        "country_code3": "AUS",
8        "country_name": "Australia",
9        "country_name_official": "Commonwealth of Australia",
10        "country_capital": "Canberra",
11        "state_prov": "Queensland",
12        "state_code": "AU-QLD",
13        "district": "Brisbane",
14        "city": "South Brisbane",
15        "locality": "South Brisbane",
16        "accuracy_radius": "",
17        "zipcode": "4101",
18        "latitude": "-27.47306",
19        "longitude": "153.01421",
20        "is_eu": false,
21        "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
22        "geoname_id": "10113228",
23        "country_emoji": "🇦🇺"
24    },
25    "country_metadata": {
26        "calling_code": "+61",
27        "tld": ".au",
28        "languages": [
29            "en-AU"
30        ]
31    },
32    "network": {
33        "asn": {
34            "as_number": "AS13335",
35            "organization": "Cloudflare, Inc.",
36            "country": "US",
37            "asn_name": "CLOUDFLARENET",
38            "type": "BUSINESS",
39            "domain": "cloudflare.com",
40            "date_allocated": "",
41            "allocation_status": "assigned",
42            "num_of_ipv4_routes": "2356",
43            "num_of_ipv6_routes": "2838",
44            "rir": "ARIN"
45        },
46        "connection_type": "",
47        "company": {
48            "name": "APNIC Research and Development",
49            "type": "Business",
50            "domain": "apnic.com"
51        }
52    },
53    "currency": {
54        "code": "AUD",
55        "name": "Australian Dollar",
56        "symbol": "A$"
57    },
58    "abuse": {
59        "route": "1.0.0.0/24",
60        "country": "AU",
61        "handle": "IRT-APNICRANDNET-AU",
62        "name": "IRT-APNICRANDNET-AU",
63        "organization": "",
64        "role": "abuse",
65        "kind": "group",
66        "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
67        "emails": [
68            "helpdesk@apnic.net"
69        ],
70        "phone_numbers": [
71            "+61 7 3858 3100"
72        ]
73    }
74}
75

    Reference to Abuse Contact API Response

    FieldTypeDescriptionCan be empty?
    ipstringThe IP address for which abuse contact details are returned.Yes
    abuse.routestringThe IP range or route associated with the IP address.Yes
    abuse.countrystring Two-letter country code where the abuse contact is registered.Yes
    abuse.handlestring The abuse handle or reference ID for the responsible organization.Yes
    abuse.namestring The name/title of the abuse contact role or team.Yes
    abuse.organizationstringThe name of the organization managing provided IP Address.Yes
    abuse.roleStringRole of the contact (typically "abuse").Yes
    abuse.kindstringType of contact (e.g., "group", "person").Yes
    abuse.addressstringRegistered address of the organization owning the queried IP.Yes
    abuse.emailsarray List of email addresses for contacting the abuse team.Yes
    abuse.phone_numbersarrayList of phone numbers for abuse contact.Yes

    Error Codes

    IP Abuse API returns HTTP status code 200 for a successful API request along with the response.

    While, in case of a bad or invalid request, IP Abuse Contact API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.

    Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:

    HTTP StatusDescription
    400
    Bad Request

    It is returned for one of the following reasons:

    • If the provided IPv4 or IPv6 address is invalid.

    • If special character(s) ( ) [ ] { } | ^ ` is passed in the API URL either as parameter or its value. Specially in case of API key.

    401
    Unauthorized

    It is returned for one of the following reasons:

    • If API key (as apiKey URL parameter) is missing from the request to IP Abuse Contact API.

    • If an invalid (a random value) API key is provided.

    • If the API request is made from an unverified ipgeolocation.io account.

    • If your account has been disabled or locked to use by the admin due to abuse or illegal activity.

    • When the request to IP Abuse Contact API is made using API key for a database subscription

    • When the request to IP Abuse Contact API is made on the 'paused' subscription.

    • If you’re making API requests after your subscription trial has been expired.

    • If your active until date has passed and you need to upgrade your account.

    • If IP-Abuse lookup is called using free subsciption API key.

    404
    Not Found

    It is returned for one of the following reasons:

    • If the IPv4 or IPv6 does not not exists in our database.

    • If the IPv4 or IPv6 is passed as a path variable, instead of url parameter as ip=.

    • If the wrong endpoint is called, that does not exists in our API.

    405
    Method Not Allowed

    • If wrong HTTP request method is used for calling the endpoints. Only GET method is allowed.

    429
    Too Many Requests

    It is returned for one of the following reasons:

    • If the API usage limit has reached for the free subscriptions, or paid subscriptions with the status 'past due', 'deleted' or 'trial expired'.

    • If the surcharge API usage limit has reached against the subscribed plan.

    499
    Client Closed Request

    • If the client has set the very short request or connection timeout, leading to the server closing the request prematurely.

    5XX
    Server Side Error

    • If a 500 (Internal Server Error), 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout), or 505 (HTTP Version Not Supported) status code is returned, it indicates an issue on our end. Please contact us with your request at support@ipgeolocation.io for further assistance.

    API SDKs

    To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.

    Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:

    Abuse Contact API FAQs

    What is IP address abuse?
    How can I report an abusive IP address?
    How often is abuse data updated?
    Why is abuse contact information important?
    What are common forms of IP abuse?
    How does IP spoofing affect network security?
    What is IP hijacking?
    How can businesses prevent IP abuse?