IPGeolocation-Logo

IP Abuse Contact API and Malicious Report Automation

IP Abuse Contact API provides valuable insights for maintaining network security and operational integrity in the current highly interconnected world, in which the rise of abusive IP addresses poses a significant threat to network integrity. The IP addresses involved in malicious activities such as phishing attacks, DDoS attacks, IP spoofing, and data breaches are reported to their managing organizations using abuse contact details.

Get Free API Access
    • stringip:"216.73.216.112" ,
    • objectabuse:Object,
      • stringroute:"216.73.216.0/22" ,
      • stringcountry:"" ,
      • stringhandle:"ANTHR5-ARIN" ,
      • stringname:"Anthropic" ,
      • stringorganization:"Anthropic" ,
      • stringrole:"technical" ,
      • stringkind:"group" ,
      • stringaddress:"548 Market St. PMB 90375 San Francisco CA 94104-5401 United States" ,
      • emails:Array[1],
        • stringemails[0]:"arin@anthropic.com" ,
      • phone_numbers:Array[1],
        • stringphone_numbers[0]:"+1-415-236-0599" ,

    • Abuse Contact Person

    The abuse contact person or group includes details such as the role, handle, organization name, kind (e.g., group or individual), and postal address. This information helps identify the entity responsible for handling abuse reports. It adds legitimacy, enables comprehensive documentation, and is a critical asset for legal and compliance teams responsible for tracking or filing official complaints.

    Request
    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0''
    Response
    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "handle": "IRT-APNICRANDNET-AU",
7    "name": "IRT-APNICRANDNET-AU",
8    "organization": "",
9    "role": "abuse",
10    "kind": "group",
11    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
12 "..."
13  }
14}

    Abuse Contact Emails

    The email address listed is a direct communication channel to report malicious activity such as spam, DDoS attacks, or IP misuse. Using email allows for structured, documented reporting with attachments like logs or screenshots. It ensures faster response times, enables record keeping, and is the preferred method for most abuse handling teams globally.

    Request
    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0'
    Response
    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4  "..."
5    "emails": [
6      "helpdesk@apnic.net"
7    ],
8    "..."
9  }
10}

    Abuse Contact Phone Numbers

    The phone number serves as a real-time communication service when urgent abuse response is required. It is especially useful in time-sensitive cases like ongoing attacks or server compromise. Calling allows instant interaction, clarifications, and human support when email delays are unacceptable. It's a critical fallback when immediate action is needed.

    Request
    curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0'
    Response
    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4  "..."
5    "phone_numbers": [
6      "+61 7 3858 3100"
7    ]
8  }
9}'

    Response in Multiple Languages

    You can retrieve the geolocation information for an IP address in the following languages:

    English FlagEnglish German FlagGerman Russian FlagRussian Japanese FlagJapanese French FlagFrench Chinese Simplified FlagChinese Simplified Spanish FlagSpanish Czech Republic FlagCzech Republic Italian FlagItalian Korean FlagKorean Persian FlagPersian Portuguese FlagPortuguese Standard Arabic FlagStandard Arabic

    Use Cases

    Swift IP Abuse Reporting

    Quickly identify and report abusive IP addresses generating malicious traffic to the relevant authorities. This rapid action significantly helps in preventing further abuse and protecting network integrity by promptly alerting internet service providers and network owners. This process minimizes the window for attackers and ensures a more secure online environment for all users and services.

    cybersecurity

    Phishing Attack Mitigation

    Effectively spot and handle phishing attacks by accurately tracing and reporting the origin IP addresses. This helps protect users from clicking malicious links and leaking their personal and sensitive data. By disrupting the source of these attacks, we can reduce successful phishing attempts and enhance the protection of digital platforms for overall online safety.

    route-optimization

    Effective Spam Control

    Monitor the IP Addresses that are sending spam and report to the relevant authorities in order to reduce its impact on email systems. This essential action creates smooth communication environment for businesses and individual users as well. By proactively identifying and blocking spam sources, we can ensure communication integrity and minimize unwanted disruptions.

    business-analysis

    Automated Abuse Detection

    Integrate comprehensive abuse contact data directly into automated systems for real-time response to suspicious activities. This powerful automation enables immediate flagging and mitigation of threats, significantly reducing manual work. It ensures a proactive security measure to help take swift action against emerging online threats and protect critical infrastructure across the internet.

    fraud-prevention

    Compliance and Legal Action

    Leverage abuse contact information to meet compliance requirements and effectively report abuse cases. This data is crucial for initiating legal proceedings against entities involved in harmful activities such as IP hijacking or data breaches. By providing concrete evidence, it ensures accountability and supports the enforcement of digital legal frameworks. This approach helps protect user data and safeguard online assets.

    network-infra

    Enhanced Network Security

    Utilize comprehensive abuse contact data to significantly strengthen network defenses against online threats like DDoS attacks, malicious actors, and IP spoofing. This strategic approach ensures uninterrupted services and strong protection against cyber threats. By utilizing this data, organizations have the ability to prevent known threats and improve their defenses.

    network-infra

    Ready to get started?Get Started with Abuse Contact Lookup API Today

    Get Started
    CTA Illustration
    Documentation

    Included in

    Advance Plan

    Abuse Lookup API

    The Abuse Contact API provides essential contact information to report abusive activity associated with IP addresses. By querying an IP address (IPv4 or IPv6), users receive detailed abuse contact data, including the responsible organization, abuse handling role, contact emails, phone numbers, and registered address. This enables users to swiftly take action to report and mitigate threats such as spam, DDoS attacks, and phishing.

    In addition to abuse-specific contacts, the API also includes registration metadata like the registered country and abuse handle. This empowers cybersecurity teams, hosting providers, and compliance entities to take appropriate legal or administrative action.

    Note

    For client-side calls to the endpoints mentioned below using the Request Origin (available on paid plans only), the apiKey parameter can be omitted.

    Lookup Abuse Contact

    Abuse contact details of an IP address (IPv4 or IPv6) can be obtained using the endpoint mentioned below:
    The URL for this API is https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0 and it's default JSON response below:

    Response
    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "handle": "IRT-APNICRANDNET-AU",
7    "name": "IRT-APNICRANDNET-AU",
8    "organization": "",
9    "role": "abuse",
10    "kind": "group",
11    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
12    "emails": [
13      "helpdesk@apnic.net"
14    ],
15    "phone_numbers": [
16      "+61 7 3858 3100"
17    ]
18  }
19}

    Get Specific fields

    You can customize the API response by using the fields parameter to include only the specific data you need. For example, to retrieve only the role and emails, specify these keys in the fields parameter as shown below.

    cUrl
    curl -X GET 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0&fields=abuse.role,abuse.emails'
    Response
    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "emails": [
5      "helpdesk@apnic.net"
6    ],
7    "role": "abuse"
8  }
9}

    Excluding Fields

    You can exclude specific fields from the API response (except the ip field) by listing them in the excludes parameter as a comma-separated list. For example, you want to remove emails and handle from api response, you can put the keys in excludes parameter like this.

    cUrl
    curl -X GET 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0&excludes=abuse.handle,abuse.emails'
    Response
    1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "name": "IRT-APNICRANDNET-AU",
7    "organization": "",
8    "role": "abuse",
9    "kind": "group",
10    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
11    "phone_numbers": [
12      "+61 7 3858 3100"
13    ]
14  }
15}

    Abuse Contact Details in /ipgeo

    The Abuse Contact API is part of the Advanced Plan . By subscribing to the Advanced plan, you can include abuse contact details in the /ipgeo endpoint along with other features such as ASN details, security information, and more.
    You can get basic Abuse Contact details in default response in abuse object as mentioned below.

    cUrl
    curl -X GET 'https://api.ipgeolocation.io/v2/ipgeo?apiKey=API_KEY&ip=1.0.0.0&include=abuse'
    Response
    1{
2    "ip": "1.0.0.0",
3    "location": {
4        "continent_code": "OC",
5        "continent_name": "Oceania",
6        "country_code2": "AU",
7        "country_code3": "AUS",
8        "country_name": "Australia",
9        "country_name_official": "Commonwealth of Australia",
10        "country_capital": "Canberra",
11        "state_prov": "Queensland",
12        "state_code": "AU-QLD",
13        "district": "Brisbane",
14        "city": "South Brisbane",
15        "locality": "South Brisbane",
16        "accuracy_radius": "5",
17        "confidence": "High",
18        "zipcode": "4101",
19        "latitude": "-27.47306",
20        "longitude": "153.01421",
21        "is_eu": false,
22        "country_flag": 
23            "https://ipgeolocation.io/static/flags/au_64.png",
24        "geoname_id": "10113228",
25        "country_emoji": "🇦🇺"
26    },
27    "country_metadata": {
28        "calling_code": "+61",
29        "tld": ".au",
30        "languages": [
31            "en-AU"
32        ]
33    },
34    "network": {
35        "asn": {
36            "as_number": "AS13335",
37            "organization": "Cloudflare, Inc.",
38            "country": "US",
39            "asn_name": "CLOUDFLARENET",
40            "type": "BUSINESS",
41            "domain": "cloudflare.com",
42            "date_allocated": "",
43            "allocation_status": "assigned",
44            "num_of_ipv4_routes": "2356",
45            "num_of_ipv6_routes": "2838",
46            "rir": "ARIN"
47        },
48        "connection_type": "",
49        "company": {
50            "name": "APNIC Research and Development",
51            "type": "Business",
52            "domain": "apnic.com"
53        }
54    },
55    "currency": {
56        "code": "AUD",
57        "name": "Australian Dollar",
58        "symbol": "A$"
59    },
60    "abuse": {
61        "route": "1.0.0.0/24",
62        "country": "AU",
63        "handle": "IRT-APNICRANDNET-AU",
64        "name": "IRT-APNICRANDNET-AU",
65        "organization": "",
66        "role": "abuse",
67        "kind": "group",
68        "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
69        "emails": [
70            "helpdesk@apnic.net"
71        ],
72        "phone_numbers": [
73            "+61 7 3858 3100"
74        ]
75    }
76}

    Reference to Abuse Contact API Response

    Below, we provide separate tables for each JSON object in the response, listing all possible fields available across the abuse contact endpoint.

    FieldTypeDescriptionCan be empty?
    ipstring

    The IP address for which abuse contact details are returned.

    		Yes
    abuse.routestring

    The IP range or route associated with the IP address.

    		Yes
    abuse.countrystring

    Two-letter country code where the abuse contact is registered.

    		Yes
    abuse.handlestring

    The abuse handle or reference ID for the responsible organization.

    		Yes
    abuse.namestring

    The name/title of the abuse contact role or team.

    		Yes
    abuse.organizationstring

    The name of the organization managing provided IP Address.

    		Yes
    abuse.rolestring

    Role of the contact (typically "abuse").

    		Yes
    abuse.kindstring

    Type of contact (e.g., "group", "person").

    		Yes
    abuse.addressstring

    Registered address of the organization owning the queried IP.

    		Yes
    abuse.emailsarray

    List of email addresses for contacting the abuse team.

    		Yes
    abuse.phone_numbersarray

    List of phone numbers for abuse contact.

    		Yes

    Error Codes

    IP Abuse Contact API returns HTTP status code 200 for a successful API request along with the response.

    While, in case of a bad or invalid request, IP Abuse Contact API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.

    Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:

    HTTP StatusDescription
    400
    Bad Request

    It is returned for one of the following reasons:

    • If the provided IPv4 or IPv6 address is invalid.

    • If special character(s) ( ) [ ] { } | ^ ` is passed in the API URL either as parameter or its value. Specially in case of API key.

    401
    Unauthorized

    It is returned for one of the following reasons:

    • If API key (as apiKey URL parameter) is missing from the request to IP Abuse Contact API.

    • If an invalid (a random value) API key is provided.

    • If the API request is made from an unverified ipgeolocation.io account.

    • If your account has been disabled or locked to use by the admin due to abuse or illegal activity.

    • When the request to IP Abuse Contact API is made using API key for a database subscription

    • When the request to IP Abuse Contact API is made on the 'paused' subscription.

    • If you’re making API requests after your subscription trial has been expired.

    • If your active until date has passed and you need to upgrade your account.

    • If IP-Abuse lookup is called using free subsciption API key.

    404
    Not Found

    It is returned for one of the following reasons:

    • If the IPv4 or IPv6 does not not exists in our database.

    • If the IPv4 or IPv6 is passed as a path variable, instead of url parameter as ip= .

    • If the wrong endpoint is called, that does not exists in our API.

    405
    Method Not Allowed

    • If wrong HTTP request method is used for calling the endpoints. Only GET method is allowed.

    429
    Too Many Requests

    It is returned for one of the following reasons:

    • If the API usage limit has reached for the free subscriptions, or paid subscriptions with the status 'past due', 'deleted' or 'trial expired'.

    • If the surcharge API usage limit has reached against the subscribed plan.

    499
    Client Closed Request

    • If the client has set the very short request or connection timeout, leading to the server closing the request prematurely.

    5XX
    Server Side Error

    • If a 500 (Internal Server Error), 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout), or 505 (HTTP Version Not Supported) status code is returned, it indicates an issue on our end. Please contact us with your request at support@ipgeolocation.io for further assistance.

    API SDKs

    To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.

    Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:

    Frequently Asked Questions

    IP address abuse refers to the misuse of IP addresses for harmful activities such as spamming, phishing, DDoS attacks, and unauthorized access attempts.
    The abuse data is updated daily to ensure accuracy and provide the most current information available.
    Common forms of abuse include activities such as spamming, phishing, DDoS attacks, IP spoofing, and unauthorized IP address scanning and open ports.
    IP hijacking, also known as prefix hijacking, occurs when unauthorized entities take control of IP address blocks and redirect traffic.
    You can report abusive IP addresses by contacting the responsible organization managing those IPs using the abuse contact information associated with the IP address.
    Abuse contact information allows organizations to report malicious activities directly to responsible parties. It enables them to take swift action to mitigate threats.
    IP spoofing involves falsifying IP addresses to disguise malicious activities, making it challenging to trace and prevent unauthorized access.
    Businesses can implement security measures like firewalls, intrusion detection systems, and monitor network traffic to prevent IP abuse.