Thiago Teixeira

EN | PT

ABU

AbuseIPDB

Marathon Studios Inc.

Crowd-sourced IP reputation database used to check whether an IP has been reported for malicious activity.

Threat Intelligence Freemium Web App Practiced in lab Web

Homepage Docs

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Preparation

9 Detection & Analysis

10 Containment, Eradication & Recovery

11 Post-Incident Activity

Description

AbuseIPDB is a free, community-driven IP reputation service. Analysts submit abuse reports (SSH brute-force, web scanning, spam, DDoS) and consumers query the API to get a confidence score (0-100) and category breakdown for any IP.

For a SOC analyst it is the fastest OSINT enrichment step during triage: paste a suspicious source IP from a firewall or SIEM event, and within seconds you know whether the wider community has already flagged it — and for what.

Use cases

Triage enrichment of suspicious source IPs
Block-list curation for perimeter firewalls
Reporting your own attackers to help the community
SOAR playbook step (auto-lookup as an enrichment action)

Example

# Query the v2 API for an IP's abuse confidence score
curl -G https://api.abuseipdb.com/api/v2/check \
     -H "Key: $ABUSEIPDB_KEY" -H "Accept: application/json" \
     --data-urlencode "ipAddress=198.51.100.42" \
     --data-urlencode "maxAgeInDays=90"