IPGeolocation-Logo

IP Abuse Contact API and Malicious Report Automation

IP Abuse Contact API provides valuable insights for maintaining network security and operational integrity in the current highly interconnected world, in which the rise of abusive IP addresses poses a significant threat to network integrity. The IP addresses involved in malicious activities such as phishing attacks, DDoS attacks, IP spoofing, and data breaches are reported to their managing organizations using abuse contact details.

Get Free API Access

Invalid 'Abuse' Query '10.3.181.160, 10.3.181.160' provided.

Abuse Contact Person

The abuse contact person or group includes details such as the role, handle, organization name, kind (e.g., group or individual), and postal address. This information helps identify the entity responsible for handling abuse reports. It adds legitimacy, enables comprehensive documentation, and is a critical asset for legal and compliance teams responsible for tracking or filing official complaints.

Request
curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0''
Response
1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "handle": "IRT-APNICRANDNET-AU",
7    "name": "IRT-APNICRANDNET-AU",
8    "organization": "",
9    "role": "abuse",
10    "kind": "group",
11    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
12 "..."
13  }
14}

Abuse Contact Emails

The email address listed is a direct communication channel to report malicious activity such as spam, DDoS attacks, or IP misuse. Using email allows for structured, documented reporting with attachments like logs or screenshots. It ensures faster response times, enables record keeping, and is the preferred method for most abuse handling teams globally.

Request
curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0'
Response
1{
2  "ip": "1.0.0.0",
3  "abuse": {
4  "..."
5    "emails": [
6      "helpdesk@apnic.net"
7    ],
8    "..."
9  }
10}

Abuse Contact Phone Numbers

The phone number serves as a real-time communication service when urgent abuse response is required. It is especially useful in time-sensitive cases like ongoing attacks or server compromise. Calling allows instant interaction, clarifications, and human support when email delays are unacceptable. It's a critical fallback when immediate action is needed.

Request
curl 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0'
Response
1{
2  "ip": "1.0.0.0",
3  "abuse": {
4  "..."
5    "phone_numbers": [
6      "+61 7 3858 3100"
7    ]
8  }
9}'

Response in Multiple Languages

You can retrieve the geolocation information for an IP address in the following languages:

English FlagEnglish German FlagGerman Russian FlagRussian Japanese FlagJapanese French FlagFrench Chinese Simplified FlagChinese Simplified Spanish FlagSpanish Czech Republic FlagCzech Republic Italian FlagItalian Korean FlagKorean Persian FlagPersian Portuguese FlagPortuguese Standard Arabic FlagStandard Arabic

Use Cases

Swift IP Abuse Reporting

Quickly identify and report abusive IP addresses generating malicious traffic to the relevant authorities. This rapid action significantly helps in preventing further abuse and protecting network integrity by promptly alerting internet service providers and network owners. This process minimizes the window for attackers and ensures a more secure online environment for all users and services.

cybersecurity

Phishing Attack Mitigation

Effectively spot and handle phishing attacks by accurately tracing and reporting the origin IP addresses. This helps protect users from clicking malicious links and leaking their personal and sensitive data. By disrupting the source of these attacks, we can reduce successful phishing attempts and enhance the protection of digital platforms for overall online safety.

route-optimization

Effective Spam Control

Monitor the IP Addresses that are sending spam and report to the relevant authorities in order to reduce its impact on email systems. This essential action creates smooth communication environment for businesses and individual users as well. By proactively identifying and blocking spam sources, we can ensure communication integrity and minimize unwanted disruptions.

business-analysis

Automated Abuse Detection

Integrate comprehensive abuse contact data directly into automated systems for real-time response to suspicious activities. This powerful automation enables immediate flagging and mitigation of threats, significantly reducing manual work. It ensures a proactive security measure to help take swift action against emerging online threats and protect critical infrastructure across the internet.

fraud-prevention

Compliance and Legal Action

Leverage abuse contact information to meet compliance requirements and effectively report abuse cases. This data is crucial for initiating legal proceedings against entities involved in harmful activities such as IP hijacking or data breaches. By providing concrete evidence, it ensures accountability and supports the enforcement of digital legal frameworks. This approach helps protect user data and safeguard online assets.

network-infra

Enhanced Network Security

Utilize comprehensive abuse contact data to significantly strengthen network defenses against online threats like DDoS attacks, malicious actors, and IP spoofing. This strategic approach ensures uninterrupted services and strong protection against cyber threats. By utilizing this data, organizations have the ability to prevent known threats and improve their defenses.

network-infra

Ready to get started?Get Started with Abuse Contact Lookup API Today

Get Started
CTA Illustration
Documentation

Included in

Advance Plan

Abuse Lookup API

The Abuse Contact API provides essential contact information to report abusive activity associated with IP addresses. By querying an IP address (IPv4 or IPv6), users receive detailed abuse contact data, including the responsible organization, abuse handling role, contact emails, phone numbers, and registered address. This enables users to swiftly take action to report and mitigate threats such as spam, DDoS attacks, and phishing.

In addition to abuse-specific contacts, the API also includes registration metadata like the registered country and abuse handle. This empowers cybersecurity teams, hosting providers, and compliance entities to take appropriate legal or administrative action.

Note

For client-side calls to the endpoints mentioned below using the Request Origin (available on paid plans only), the apiKey parameter can be omitted.

Lookup Abuse Contact

Abuse contact details of an IP address (IPv4 or IPv6) can be obtained using the endpoint mentioned below:
The URL for this API is https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0 and it's default JSON response below:

Response
1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "handle": "IRT-APNICRANDNET-AU",
7    "name": "IRT-APNICRANDNET-AU",
8    "organization": "",
9    "role": "abuse",
10    "kind": "group",
11    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
12    "emails": [
13      "helpdesk@apnic.net"
14    ],
15    "phone_numbers": [
16      "+61 7 3858 3100"
17    ]
18  }
19}

Get Specific fields

You can customize the API response by using the fields parameter to include only the specific data you need. For example, to retrieve only the role and emails, specify these keys in the fields parameter as shown below.

cUrl
curl -X GET 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0&fields=abuse.role,abuse.emails'
Response
1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "emails": [
5      "helpdesk@apnic.net"
6    ],
7    "role": "abuse"
8  }
9}

Excluding Fields

You can exclude specific fields from the API response (except the ip field) by listing them in the excludes parameter as a comma-separated list. For example, you want to remove emails and handle from api response, you can put the keys in excludes parameter like this.

cUrl
curl -X GET 'https://api.ipgeolocation.io/v2/abuse?apiKey=API_KEY&ip=1.0.0.0&excludes=abuse.handle,abuse.emails'
Response
1{
2  "ip": "1.0.0.0",
3  "abuse": {
4    "route": "1.0.0.0/24",
5    "country": "AU",
6    "name": "IRT-APNICRANDNET-AU",
7    "organization": "",
8    "role": "abuse",
9    "kind": "group",
10    "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
11    "phone_numbers": [
12      "+61 7 3858 3100"
13    ]
14  }
15}

Abuse Contact Details in /ipgeo

The Abuse Contact API is part of the Advanced Plan . By subscribing to the Advanced plan, you can include abuse contact details in the /ipgeo endpoint along with other features such as ASN details, security information, and more.
You can get basic Abuse Contact details in default response in abuse object as mentioned below.

cUrl
curl -X GET 'https://api.ipgeolocation.io/v2/ipgeo?apiKey=API_KEY&ip=1.0.0.0&include=abuse'
Response
1{
2    "ip": "1.0.0.0",
3    "location": {
4        "continent_code": "OC",
5        "continent_name": "Oceania",
6        "country_code2": "AU",
7        "country_code3": "AUS",
8        "country_name": "Australia",
9        "country_name_official": "Commonwealth of Australia",
10        "country_capital": "Canberra",
11        "state_prov": "Queensland",
12        "state_code": "AU-QLD",
13        "district": "Brisbane",
14        "city": "South Brisbane",
15        "locality": "South Brisbane",
16        "accuracy_radius": "5",
17        "confidence": "High",
18        "zipcode": "4101",
19        "latitude": "-27.47306",
20        "longitude": "153.01421",
21        "is_eu": false,
22        "country_flag": 
23            "https://ipgeolocation.io/static/flags/au_64.png",
24        "geoname_id": "10113228",
25        "country_emoji": "🇦🇺"
26    },
27    "country_metadata": {
28        "calling_code": "+61",
29        "tld": ".au",
30        "languages": [
31            "en-AU"
32        ]
33    },
34    "network": {
35        "asn": {
36            "as_number": "AS13335",
37            "organization": "Cloudflare, Inc.",
38            "country": "US",
39            "asn_name": "CLOUDFLARENET",
40            "type": "BUSINESS",
41            "domain": "cloudflare.com",
42            "date_allocated": "",
43            "allocation_status": "assigned",
44            "num_of_ipv4_routes": "2356",
45            "num_of_ipv6_routes": "2838",
46            "rir": "ARIN"
47        },
48        "connection_type": "",
49        "company": {
50            "name": "APNIC Research and Development",
51            "type": "Business",
52            "domain": "apnic.com"
53        }
54    },
55    "currency": {
56        "code": "AUD",
57        "name": "Australian Dollar",
58        "symbol": "A$"
59    },
60    "abuse": {
61        "route": "1.0.0.0/24",
62        "country": "AU",
63        "handle": "IRT-APNICRANDNET-AU",
64        "name": "IRT-APNICRANDNET-AU",
65        "organization": "",
66        "role": "abuse",
67        "kind": "group",
68        "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
69        "emails": [
70            "helpdesk@apnic.net"
71        ],
72        "phone_numbers": [
73            "+61 7 3858 3100"
74        ]
75    }
76}

Reference to Abuse Contact API Response

Below, we provide separate tables for each JSON object in the response, listing all possible fields available across the abuse contact endpoint.

FieldTypeDescriptionCan be empty?
ipstring

The IP address for which abuse contact details are returned.

Yes
abuse.routestring

The IP range or route associated with the IP address.

Yes
abuse.countrystring

Two-letter country code where the abuse contact is registered.

Yes
abuse.handlestring

The abuse handle or reference ID for the responsible organization.

Yes
abuse.namestring

The name/title of the abuse contact role or team.

Yes
abuse.organizationstring

The name of the organization managing provided IP Address.

Yes
abuse.rolestring

Role of the contact (typically "abuse").

Yes
abuse.kindstring

Type of contact (e.g., "group", "person").

Yes
abuse.addressstring

Registered address of the organization owning the queried IP.

Yes
abuse.emailsarray

List of email addresses for contacting the abuse team.

Yes
abuse.phone_numbersarray

List of phone numbers for abuse contact.

Yes

Error Codes

IP Abuse Contact API returns HTTP status code 200 for a successful API request along with the response.

While, in case of a bad or invalid request, IP Abuse Contact API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.

Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:

HTTP StatusDescription
400
Bad Request

It is returned for one of the following reasons:

  • If the provided IPv4 or IPv6 address is invalid.

  • If special character(s) ( ) [ ] { } | ^ ` is passed in the API URL either as parameter or its value. Specially in case of API key.

401
Unauthorized

It is returned for one of the following reasons:

  • If API key (as apiKey URL parameter) is missing from the request to IP Abuse Contact API.

  • If an invalid (a random value) API key is provided.

  • If the API request is made from an unverified ipgeolocation.io account.

  • If your account has been disabled or locked to use by the admin due to abuse or illegal activity.

  • When the request to IP Abuse Contact API is made using API key for a database subscription

  • When the request to IP Abuse Contact API is made on the 'paused' subscription.

  • If you’re making API requests after your subscription trial has been expired.

  • If your active until date has passed and you need to upgrade your account.

  • If IP-Abuse lookup is called using free subsciption API key.

404
Not Found

It is returned for one of the following reasons:

  • If the IPv4 or IPv6 does not not exists in our database.

  • If the IPv4 or IPv6 is passed as a path variable, instead of url parameter as ip=.

  • If the wrong endpoint is called, that does not exists in our API.

405
Method Not Allowed

  • If wrong HTTP request method is used for calling the endpoints. Only GET method is allowed.

429
Too Many Requests

It is returned for one of the following reasons:

  • If the API usage limit has reached for the free subscriptions, or paid subscriptions with the status 'past due', 'deleted' or 'trial expired'.

  • If the surcharge API usage limit has reached against the subscribed plan.

499
Client Closed Request

  • If the client has set the very short request or connection timeout, leading to the server closing the request prematurely.

5XX
Server Side Error

  • If a 500 (Internal Server Error), 502 (Bad Gateway), 503 (Service Unavailable), 504 (Gateway Timeout), or 505 (HTTP Version Not Supported) status code is returned, it indicates an issue on our end. Please contact us with your request at support@ipgeolocation.io for further assistance.

API SDKs

To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.

Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:

Frequently Asked Questions

IP address abuse refers to the misuse of IP addresses for harmful activities such as spamming, phishing, DDoS attacks, and unauthorized access attempts.
The abuse data is updated daily to ensure accuracy and provide the most current information available.
Common forms of abuse include activities such as spamming, phishing, DDoS attacks, IP spoofing, and unauthorized IP address scanning and open ports.
IP hijacking, also known as prefix hijacking, occurs when unauthorized entities take control of IP address blocks and redirect traffic.
You can report abusive IP addresses by contacting the responsible organization managing those IPs using the abuse contact information associated with the IP address.
Abuse contact information allows organizations to report malicious activities directly to responsible parties. It enables them to take swift action to mitigate threats.
IP spoofing involves falsifying IP addresses to disguise malicious activities, making it challenging to trace and prevent unauthorized access.
Businesses can implement security measures like firewalls, intrusion detection systems, and monitor network traffic to prevent IP abuse.