Frequently Asked Questions - AbuseIPDB

  1. What is AbuseIPDB.com?
  2. AbuseIPDB is a project dedicated to helping systems administrators and webmasters check and report IP addresses that are involved in malicious activity such as spamming, hack attempts, DDoS attacks, etc.

    We provide a free API for both reporting malicious IP addresses detected on your systems, and checking IP addresses for reported malicious activity.

  3. What is malicious activity?
  4. At AbuseIPDB, we consider any illegal, abusive or inappropriate activity detected from an IP address to be malicious, such as attempted DDoS, any type of spam, fraudulent orders, hacking attempts, phishing, spoofing, SQL injection, etc.

  5. There is illicit content on example.com. Should I report it to AbuseIPDB?
  6. Your first step should be to contact the website's hosting provider. In most countries, hosting providers have legal obligations to remove illict content in a reasonable timeframe. AbuseIPDB may be used as a final resort against bulletproof hosts.

  7. How much does it cost to use AbuseIPDB?
  8. Our mission is to help make the Web a safer place, so we will always have free plans available for most of our users. We have paid plans for corporate or advanced users.

  9. Can I integrate your API with my web site, blog, application, or server?
  10. Absolutely! We provide a free API for checking and reporting IP addresses, that can be used to integrate with any website or application. We're proud to be used by thousands of websites and companies, big and small. To be able to use our API, you have to register an account.

    If you are a webmaster or sysadmin interested in automatically reporting abusive IPs to AbuseIPDB, we recommend you also see the Fail2Ban integration tutorial.

  11. Are there any restrictions or limitations?
  12. Due to limited resources, free accounts currently have 1,000 requests/day for both IP check and report actions through our free API. Verified webmasters are allowed 3,000 requests/day. Supports are allowed 5,000 requests/day. The web version of our service does not have any usage limitations.

    APIv1: The rate limiter is a 24-hour sliding window. In simple terms, if you hit your limit of 1,000 requests, and your first request was made 23 hours ago, then in one hour you gain that one request back. So on and so forth for each nth request. All requests that exceeded the limit will be served will a 429 Too Many Requests response.

    APIv2: The rate limiter resets at 00:00 UTC.

  13. I didn't receive my confirmation / password reset email!
  14. Please be sure to check your spam filter! We use Mailgun to send transactional emails, but every so often one may get flagged as spam. Please add postmaster@abuseipdb.com to your whitelist to make sure you get account updates.

  15. Oops.. I included my email or IP address in the comment section. Can you remove it?
  16. If you reported an IP anonymously we cannot change the comment for you. If you have an account, you can delete and re-submit your reports if needed. We strongly encourage you to limit your comments to only the key information about the abuse you are reporting.

  17. How often should I report continuous abuse?
  18. If an IP address is engaging in continuous abuse on your system (like attempting to brute-force SSH), we ask that you report the IP roughly once per day. To prevent duplicate reports being submitted automatically through our API, we limit each account to reporting the same IP once per 15 minutes. After 15 minutes, if the same IP is reported within a 24-hours window with the same comment, a new report is not created. Rather, the timestamp of the original report is updated.

  19. Is there any type of abuse that I cannot report?
  20. Yes, reporting a SYN flood is disallowed because you are likely reporting a innocent IP address. Reporting UDP connections is disallowed entirely since the source IP cannot be verified.

  21. What is the "Confidence of Abuse" rating? How is it calculated?
  22. Our confidence of abuse is a rating (scaled 0-100) of how confident we are, based on user reports, that an IP address is entirely malicious. So a rating of 100 means we are sure an IP address is malicious, while a rating of 0 means we have no reason to suspect it is malicious. Don't be disheartened if your report only increases this value by a few percentage points; the confidence rating is a very conservative value. Because this metric may be used as a basis to block connections, we take great care to only condemn addresses that a strong number of AbuseIPDB users testify against.

    The confidence rating is determined by reports and their age. The base value is the natural logarithmic value of distinct user reports. All report weights decay with time. Confidence ratings for all reported addresses are recalculated daily to apply the time decay. Certain user traits can also slightly increase weight such as webmaster and supporter statuses.

    The formula is carefully designed to ensure no one reporter can overpower the ratings. Only by working together can we build an effective net of trust.

  23. Why register as a webmaster?
  24. Regular users get 1,000 API requests per day. Verified webmasters get 3,000 API requests per day. You can upgrade to a webmaster account at any time.

  25. When accessing your API via cURL, I receive sslv3 handshake failure. What does this mean?
  26. SSLv2 & SSLv3 protocols are vulnerable to POODLE attacks. Our servers will refuse them. You MUST use TLS >= 1.0. We recommend TLS >= 1.2. You can specify this option in cURL with --tlsv1.0 or --tlsv1.2 respectively.

  27. I don't want to use the API. Can't I just scrape your web pages?
  28. Please do not scrape our web pages. It's brutal on our web server and we do not want to blacklist your IP(s). We want all user-generated data to available to everyone, and hammering our website with your scraper hurts everyone involved. Our JSON API is much more lightweight, saving time and bytes for the both of us.

  29. Why do you use Google Analytics and ads on AbuseIPDB?
  30. AbuseIPDB uses Google Analytics to track anonymous statistics on how AbuseIPDB is used so we can continue to improve the project. We recognize that some of our users may use Ghostery or a similar script blocker to block certain scripts, and we respect your decision.

    We place one or two respectful ads on certain pages to fund AbuseIPDB for free users. Pages for subscribers are ad-free.

  31. How can I support AbuseIPDB?
  32. Thank you for your interest in supporting AbuseIPDB! There are many ways to show your support.

    First, you can support us by making a donation. Second, we are currently working to build a repository of code used to report and check IPs automatically. If you have written your own custom scripts to integrate with AbuseIPDB and are willing to share your code, contact us.

    Finally, you can show your support by telling others about AbuseIPDB. If you are a webmaster, consider linking to AbuseIPDB.com or adding a contributor badge to your site. Linking to AbuseIPDB helps others find the site and the more people using and reporting IPs the safer we all are!

    If you have supported AbuseIPDB by donating or linking to us, please contact us so we can give you a special "supporter" badge and remove all ads from your account. Thank you for supporting!

  33. Who is responsible for AbuseIPDB?
  34. As of March 2016, AbuseIPDB is now maintained and supported by Marathon Studios Inc., based in Pennsylvania, USA. We have taken over management of AbuseIPDB from the previous developers, and are hoping to expand and improve on this project.


Recently Reported IPs: