### Example JSON Response Structure Source: https://docs.abuseipdb.com/ This is an example of the JSON response structure returned by the AbuseIPDB API for an IP address check. It includes details about the IP, its reputation, and associated reports. ```json { "data": { "ipAddress": "118.25.6.39", "isPublic": true, "ipVersion": 4, "isWhitelisted": false, "abuseConfidenceScore": 100, "countryCode": "CN", "countryName": "China", "usageType": "Data Center/Web Hosting/Transit", "isp": "Tencent Cloud Computing (Beijing) Co. Ltd", "domain": "tencent.com", "hostnames": [], "isTor": false, "totalReports": 1, "numDistinctUsers": 1, "lastReportedAt": "2018-12-20T20:55:14+00:00", "reports": [ { "reportedAt": "2018-12-20T20:55:14+00:00", "comment": "Dec 20 20:55:14 srv206 sshd[13937]: Invalid user oracle from 118.25.6.39", "categories": [ 18, 22 ], "reporterId": 1, "reporterCountryCode": "US", "reporterCountryName": "United States" } ] } } ``` -------------------------------- ### Example API Responses Source: https://docs.abuseipdb.com/ Sample JSON structures for successful reports and rate-limited error responses. ```json { "data": { "ipAddress": "127.0.0.1", "abuseConfidenceScore": 52 } } ``` ```json { "errors": [ { "detail": "You can only report the same IP address (`127.0.0.2`) once in 15 minutes.", "status": 429, "source": { "parameter": "ip" } } ] } ``` -------------------------------- ### Example Plaintext Response Source: https://docs.abuseipdb.com/ The format of the response when requesting plaintext output. ```text 5.188.10.179 185.222.209.14 95.70.0.46 191.96.249.183 115.238.245.8 122.226.181.164 122.226.181.167 ... ``` -------------------------------- ### Example JSON Response Source: https://docs.abuseipdb.com/ The structure of the JSON response returned by the blacklist endpoint. ```json { "meta": { "generatedAt": "2020-09-24T19:54:11+00:00" }, "data": [ { "ipAddress": "5.188.10.179", "abuseConfidenceScore": 100, "lastReportedAt": "2020-09-24T19:17:02+00:00" }, { "ipAddress": "185.222.209.14", "abuseConfidenceScore": 100, "lastReportedAt": "2020-09-24T19:17:02+00:00" }, { "ipAddress": "191.96.249.183", "abuseConfidenceScore": 100, "lastReportedAt": "2020-09-24T19:17:01+00:00" }, ... ] } ``` -------------------------------- ### Bulk Report Endpoint Implementation Source: https://docs.abuseipdb.com/ Examples for submitting bulk reports via CSV file upload. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('POST', 'bulk-report', [ 'multipart' => [ [ 'name' => 'csv', 'contents' => fopen('report.csv',r) ] ], 'headers' => [ 'Accept' => 'application/json', 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); // Store response as a PHP object. $status = json_decode($output, true); ?> ``` ```csharp using System; using RestSharp; using Newtonsoft.Json; public class BulkReportEndpoint { public static void Main() { var client = new RestClient("https://api.abuseipdb.com/api/v2/bulk-report"); var request = new RestRequest(Method.POST); request.AddHeader("Key", "YOUR_OWN_API_KEY"); request.AddHeader("Accept", "application/json"); request.AddFile("csv", "report.csv"); IRestResponse response = client.Execute(request); dynamic parsedJson = JsonConvert.DeserializeObject(response.Content); foreach (var item in parsedJson) { Console.WriteLine(item); } } } ``` -------------------------------- ### Bulk Report JSON Response Example Source: https://docs.abuseipdb.com/ Sample JSON structure returned after a bulk report request. ```json { "data": { "savedReports": 60, "invalidReports": [ { "error": "Duplicate IP", "input": "41.188.138.68", "rowNumber": 5 }, { "error": "Invalid IP", "input": "127.0.foo.bar", "rowNumber": 6 }, { "error": "Invalid Category", "input": "189.87.146.50", "rowNumber": 8 } ] } } ``` -------------------------------- ### Clear Address JSON Response Example Source: https://docs.abuseipdb.com/ Sample JSON structure returned after a clear address request. ```json { "data": { "numReportsDeleted": 0 } } ``` -------------------------------- ### GET /check Source: https://docs.abuseipdb.com/ Checks an IP address for abuse reports and returns reputation data. ```APIDOC ## GET /check ### Description Checks a single IPv4 or IPv6 address for abuse reports. Optionally filter reports by age and include verbose report details. ### Method GET ### Endpoint https://api.abuseipdb.com/api/v2/check ### Parameters #### Query Parameters - **ipAddress** (string) - Required - The IP address to check (v4 or v6). - **maxAgeInDays** (integer) - Optional - Only return reports within the last x days (default: 30, min: 1, max: 365). - **verbose** (boolean) - Optional - Include detailed report history in the response. ### Request Example GET /api/v2/check?ipAddress=118.25.6.39&maxAgeInDays=90&verbose= ### Response #### Success Response (200) - **data** (object) - Contains IP reputation details including abuseConfidenceScore, countryName, usageType, and reports. #### Response Example { "data": { "ipAddress": "118.25.6.39", "isPublic": true, "abuseConfidenceScore": 100, "countryName": "China", "usageType": "Data Center/Web Hosting/Transit", "totalReports": 1 } } ``` -------------------------------- ### Check IP Address with Guzzle (PHP) Source: https://docs.abuseipdb.com/ Uses Guzzle HTTP client to make a GET request to the AbuseIPDB check endpoint. Requires Guzzle to be installed. Replace 'YOUR_OWN_API_KEY' with your actual API key. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('GET', 'check', [ 'query' => [ 'ipAddress' => '118.25.6.39', 'maxAgeInDays' => '90', ], 'headers' => [ 'Accept' => 'application/json', 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); // Store response as a PHP object. $ipDetails = json_decode($output, true); ?> ``` -------------------------------- ### GET /blacklist Source: https://docs.abuseipdb.com/ Retrieves a list of IP addresses from the blacklist. You can filter the results by IP version. ```APIDOC ## GET /blacklist ### Description Retrieves a list of IP addresses from the blacklist. You can filter the results by IP version. ### Method GET ### Endpoint https://api.abuseipdb.com/api/v2/blacklist ### Query Parameters - **ipVersion** (integer) - Optional - Filters results by IP version. Accepts `4` or `6`. - **confidenceMinimum** (integer) - Optional - Filters results by a minimum abuse confidence score. Accepts values between 25 and 100. - **limit** (integer) - Optional - Limits the number of results returned. Maximum is 10,000. - **plaintext** (boolean) - Optional - Returns results in plaintext format. - **onlyCountries** (string) - Optional - Filters results to include only IPs from specified countries (comma-separated country codes). - **exceptCountries** (string) - Optional - Filters results to exclude IPs from specified countries (comma-separated country codes). ### Request Example ``` https://api.abuseipdb.com/api/v2/blacklist?ipVersion=6 ``` ### Response #### Success Response (200) - **meta** (object) - Metadata about the request. - **generatedAt** (string) - Timestamp when the response was generated. - **data** (array) - An array of IP address objects. - **ipAddress** (string) - The IP address. - **countryCode** (string) - The country code of the IP address. - **abuseConfidenceScore** (integer) - The abuse confidence score for the IP address. - **lastReportedAt** (string) - Timestamp when the IP address was last reported. #### Response Example ```json { "meta": { "generatedAt": "2023-05-16T21:24:30+00:00" }, "data": [ { "ipAddress": "2a10:cc45:100::30c0:a37c:7eb0:c8a9", "countryCode": "CH", "abuseConfidenceScore": 100, "lastReportedAt": "2023-05-16T21:15:13+00:00" } ] } ``` ``` -------------------------------- ### Clear Address Endpoint Implementation Source: https://docs.abuseipdb.com/ Examples for deleting reports associated with a specific IP address. ```bash curl -X DELETE https://api.abuseipdb.com/api/v2/clear-address \ --data-urlencode "ipAddress=118.25.6.39" \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" ``` ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/clear-address' querystring = { 'ipAddress': '118.25.6.39', } headers = { 'Accept': 'application/json', 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='DELETE', url=url, headers=headers, params=querystring) # Formatted output decodedResponse = json.loads(response.text) print json.dumps(decodedResponse, sort_keys=True, indent=4) ``` ```php 'https://api.abuseipdb.com/api/v2/clear-address' ]); $response = $client->request('DELETE', 'clear-address', [ 'query' => [ 'ipAddress' => '118.25.6.39', ], 'headers' => [ 'Accept' => 'application/json', 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); // Store response as a PHP object. $details = json_decode($output, true); ?> ``` ```csharp using System; using RestSharp; using Newtonsoft.Json; public class ClearAddressEndpoint { public static void Main() { var client = new RestClient("https://api.abuseipdb.com/api/v2/clear-address"); var request = new RestRequest(Method.DELETE); request.AddHeader("Key", "YOUR_API_KEY"); request.AddHeader("Accept", "application/json"); request.AddParameter("ipAddress", "118.25.6.39"); IRestResponse response = client.Execute(request); dynamic parsedJson = JsonConvert.DeserializeObject(response.Content); foreach (var item in parsedJson) { Console.WriteLine(item); } } } ``` -------------------------------- ### GET /api/v2/blacklist Source: https://docs.abuseipdb.com/ Retrieves a list of blacklisted IP addresses based on confidence level. ```APIDOC ## GET /api/v2/blacklist ### Description Fetches a list of IP addresses that are blacklisted, with an option to filter by a minimum confidence score. ### Method GET ### Endpoint https://api.abuseipdb.com/api/v2/blacklist ### Parameters #### Query Parameters - **confidenceMinimum** (integer) - Required - The minimum confidence score (0-100) for an IP address to be included in the blacklist. (min: 0, max: 100) ### Request Example ```json { "confidenceMinimum": 90 } ``` ### Response #### Success Response (200) - **data** (object) - Contains the blacklist information. - **ipAddress** (string) - The blacklisted IP address. - **confidence** (integer) - The confidence score for the blacklist entry. - ** அறிக்கைகள்** (integer) - The number of reports associated with the IP address. - **countryCode** (string) - The country code of the IP address. - **domain** (string) - The domain name associated with the IP address, if available. - **usageType** (string) - The usage type of the IP address (e.g., 'Residential', 'Business'). - **isPublic** (boolean) - Indicates if the IP address is public. - **ipVersion** (integer) - The version of the IP address (4 or 6). - **firstReportedAt** (string) - Timestamp when the IP address was first reported. #### Response Example ```json { "data": [ { "ipAddress": "1.1.1.1", "confidence": 100, "reports": 500, "countryCode": "US", "domain": "example.com", "usageType": "Business", "isPublic": true, "ipVersion": 4, "firstReportedAt": "2020-01-01T12:00:00+00:00" } ] } ``` ``` -------------------------------- ### Check Network Block via Python Source: https://docs.abuseipdb.com/ Uses the requests library to perform a GET request with query parameters. ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/check-block' querystring = { 'network':'127.0.0.1/24', 'maxAgeInDays':'15', } headers = { 'Accept': 'application/json', 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='GET', url=url, headers=headers, params=querystring) ``` -------------------------------- ### Check IP Address Endpoint Source: https://docs.abuseipdb.com/ This section provides documentation for the CHECK endpoint, which allows you to query the AbuseIPDB database for information about a specific IP address. Examples are provided in cURL and Python. ```APIDOC ## GET /api/v2/check ### Description Retrieves information about a specific IP address from the AbuseIPDB database. ### Method GET ### Endpoint https://api.abuseipdb.com/api/v2/check ### Parameters #### Query Parameters - **ipAddress** (string) - Required - The IP address to check. - **maxAgeInDays** (integer) - Optional - The maximum age in days for reports to consider. - **verbose** (boolean) - Optional - If true, returns more detailed information. #### Headers - **Accept**: application/json - **Key**: Your AbuseIPDB API key ### Request Example (cURL) ```bash curl -G https://api.abuseipdb.com/api/v2/check \ --data-urlencode "ipAddress=118.25.6.39" \ -d maxAgeInDays=90 \ -d verbose \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" ``` ### Request Example (Python) ```python import requests import json url = 'https://api.abuseipdb.com/api/v2/check' querystring = { 'ipAddress': '118.25.6.39', 'maxAgeInDays': '90' } headers = { 'Accept': 'application/json', 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='GET', url=url, headers=headers, params=querystring) print(response.text) ``` ### Response #### Success Response (200) - **data** (object) - Contains detailed information about the IP address. - **ipAddress** (string) - The IP address that was checked. - **isWhitelisted** (boolean) - Indicates if the IP is whitelisted. - **abuseConfidenceScore** (integer) - The abuse confidence score for the IP. - **totalReports** (integer) - The total number of reports for the IP. - **numDistinctUsers** (integer) - The number of distinct users who reported the IP. - **lastReportedAt** (string) - The timestamp of the last report. - **reports** (array) - A list of individual reports. - **reportedAt** (string) - Timestamp of the report. - **comment** (string) - Comment from the reporter. - **categories** (array) - List of abuse categories. - **reporterCountryCode** (string) - Country code of the reporter. - **reporterName** (string) - Name of the reporter. - **reporterUrl** (string) - URL of the reporter. #### Response Example ```json { "data": { "ipAddress": "118.25.6.39", "isWhitelisted": false, "abuseConfidenceScore": 100, "totalReports": 5, "numDistinctUsers": 3, "lastReportedAt": "2024-01-01T12:00:00Z", "reports": [ { "reportedAt": "2024-01-01T12:00:00Z", "comment": "Spamming emails", "categories": [4, 18], "reporterCountryCode": "US", "reporterName": "Example Reporter", "reporterUrl": "http://example.com" } ] } } ``` ``` -------------------------------- ### Rate Limit Error Response Source: https://docs.abuseipdb.com/ Example of the JSON error returned when daily API rate limits are exceeded. ```json { "errors": [ { "detail": "Daily rate limit of 1000 requests exceeded for this endpoint. See headers for additional details.", "status": 429 } ] } ``` -------------------------------- ### GET /api/v2/reports Source: https://docs.abuseipdb.com/ Retrieves reports for a given IP address. Supports pagination and filtering by age. ```APIDOC ## GET /api/v2/reports ### Description Retrieves reports associated with a specific IP address. This endpoint allows for pagination and filtering of results based on the age of the reports. ### Method GET ### Endpoint https://api.abuseipdb.com/api/v2/reports ### Parameters #### Query Parameters - **ipAddress** (string) - Required - The IP address (v4 or v6) to query reports for. - **maxAgeInDays** (integer) - Optional - Filters reports to include only those within the last specified number of days. Defaults to 30. (min: 1, max: 365) - **page** (integer) - Optional - Specifies the page number for pagination. Defaults to 1. (min: 1) - **perPage** (integer) - Optional - Specifies the number of results per page. Defaults to 25. (min: 1, max: 100) ### Request Example ```json { "ipAddress": "176.111.173.242", "page": 5, "perPage": 25 } ``` ### Response #### Success Response (200) - **data** (object) - Contains the pagination information and a list of report results. - **total** (integer) - Total number of reports found. - **page** (integer) - Current page number. - **count** (integer) - Number of reports on the current page. - **perPage** (integer) - Number of reports per page. - **lastPage** (integer) - The last available page number. - **nextPageUrl** (string) - URL for the next page of results. - **previousPageUrl** (string) - URL for the previous page of results. - **results** (array) - An array of report objects. - **reportedAt** (string) - Timestamp when the report was made. - **comment** (string) - User-provided comment for the report. - **categories** (array of integers) - List of category IDs for the report. - **reporterId** (integer) - The ID of the reporter. - **reporterCountryCode** (string) - The country code of the reporter. - **reporterCountryName** (string) - The name of the reporter's country. #### Response Example ```json { "data": { "total": 2840, "page": 5, "count": 25, "perPage": 25, "lastPage": 114, "nextPageUrl": "https://api.abuseipdb.com/api/v2/reports?ipAddress=176.111.173.242&maxAgeInDays=30&perPage=25&page=6", "previousPageUrl": "https://api.abuseipdb.com/api/v2/reports?ipAddress=176.111.173.242&maxAgeInDays=30&perPage=25&page=4", "results": [ { "reportedAt": "2022-05-01T21:00:03+00:00", "comment": "Invalid user joseph from 176.111.173.242 port 53860", "categories": [ 18, 22 ], "reporterId": 43121, "reporterCountryCode": "DE", "reporterCountryName": "Germany" } ] } } ``` ``` -------------------------------- ### Get Blacklist Data (PHP) Source: https://docs.abuseipdb.com/ Retrieves a large blacklist of IP addresses using Guzzle HTTP client. Ensure your API key is correctly set. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('GET', 'blacklist', [ 'query' => [ 'limit' => '500000' ], 'headers' => [ 'Accept' => 'text/plain', 'Key' => $YOUR_API_KEY ], ]); $output = $response->getBody(); echo $output; ?> ``` -------------------------------- ### Get Blacklist Data (C#) Source: https://docs.abuseipdb.com/ Fetches blacklist data using RestSharp. Replace 'YOUR_OWN_API_KEY' with your actual API key. The limit parameter can be adjusted based on your subscription. ```csharp using System; using RestSharp; public class BlacklistEndpoint { public static void Main() { var client = new RestClient("https://api.abuseipdb.com/api/v2/blacklist"); var request = new RestRequest(Method.GET); request.AddHeader("Key", "YOUR_OWN_API_KEY"); request.AddHeader("Accept", "text/plain"); request.AddParameter("limit", "500000"); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); } } ``` -------------------------------- ### Check IP status via API Source: https://docs.abuseipdb.com/ Perform a GET request to the CHECK endpoint to retrieve IP reputation data. ```bash # The -G option will convert form parameters (-d options) into query parameters. # The CHECK endpoint is a GET request. curl -G https://api.abuseipdb.com/api/v2/check \ --data-urlencode "ipAddress=118.25.6.39" \ -d maxAgeInDays=90 \ -d verbose \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" ``` ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/check' querystring = { 'ipAddress': '118.25.6.39', 'maxAgeInDays': '90' } headers = { 'Accept': 'application/json', 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='GET', url=url, headers=headers, params=querystring) ``` -------------------------------- ### Report Abuse API Source: https://docs.abuseipdb.com/ This section details how to report IP addresses for abusive behavior using the AbuseIPDB API, primarily shown through a cURL example configured for Fail2Ban. ```APIDOC ## POST /api/v2/report ### Description Reports an IP address for abusive behavior. This endpoint is commonly used with tools like Fail2Ban. ### Method POST ### Endpoint https://api.abuseipdb.com/api/v2/report ### Parameters #### Query Parameters - **ip** (string) - Required - The IP address to report. - **comment** (string) - Required - A comment describing the abuse. - **categories** (string) - Required - A comma-separated list of abuse categories. #### Headers - **Accept**: application/json - **Key**: Your AbuseIPDB API key ### Request Example ```bash curl --fail 'https://api.abuseipdb.com/api/v2/report' \ -H 'Accept: application/json' \ -H 'Key: ' \ --data-urlencode 'comment=' \ --data-urlencode 'ip=' \ --data 'categories=' ``` ``` -------------------------------- ### Check Network Block via cURL Source: https://docs.abuseipdb.com/ Uses the -G flag to convert form parameters into query parameters for the GET request. ```bash # The -G option will convert form parameters (-d options) into query parameters. # The CHECK-BLOCK endpoint is a GET request. curl -G https://api.abuseipdb.com/api/v2/check-block \ --data-urlencode "network=127.0.0.1/24" \ -d maxAgeInDays=15 \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" ``` -------------------------------- ### AbuseIPDB API - REPORTS Endpoint Source: https://docs.abuseipdb.com/ This comment indicates that the REPORTS endpoint is a GET request and that the '-G' option converts form parameters into query parameters. No code is provided for this snippet. ```bash # The -G option will convert form parameters (-d options) into query parameters. # The REPORTS endpoint is a GET request. ``` -------------------------------- ### Query IP Reports via cURL Source: https://docs.abuseipdb.com/ Retrieves report history for a specific IP address using the GET method with query parameters. ```bash curl -G https://api.abuseipdb.com/api/v2/reports \ --data-urlencode "ipAddress=176.111.173.242" \ -d page=5 \ -d perPage=25 \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" ``` -------------------------------- ### Configure Fail2Ban actionban Source: https://docs.abuseipdb.com/ Use this configuration in abuseipdb.conf to report IPs to AbuseIPDB via Fail2Ban. ```bash actionban = curl --fail 'https://api.abuseipdb.com/api/v2/report' \ -H 'Accept: application/json' \ -H 'Key: ' \ --data-urlencode 'comment=' \ --data-urlencode 'ip=' \ --data 'categories=' ``` -------------------------------- ### Retrieve Blacklist Data with PHP Source: https://docs.abuseipdb.com/ Uses GuzzleHttp to fetch the blacklist for IPv6 addresses. Requires a valid API key. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('GET', 'blacklist', [ 'query' => [ 'ipVersion' => 6 ], 'headers' => [ 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); echo $output; ?> ``` -------------------------------- ### Security Guidelines Source: https://docs.abuseipdb.com/ Essential security practices for interacting with the AbuseIPDB API. ```APIDOC ## Security All interactions with the AbuseIPDB API must use HTTPS to ensure secure communication. ### API Key Management API keys can be provided as a query parameter, form parameter, or header. Using the `Authorization` header is recommended to prevent exposure in server logs. - **Recommended**: Use the `Authorization` header. - **Alternative**: Use a query parameter (`?key=YOUR_API_KEY`). Note that query parameters are case-sensitive (use lowercase `key`). **Caution**: API keys should be treated as private. AbuseIPDB support will never request your API key or password. ### Cross-Origin Resource Sharing (CORS) CORS headers are not provided to prevent misimplementation. APIv2 keys are intended for server-side use only and should not be exposed in client-side code. ``` -------------------------------- ### Bulk Report via cURL Source: https://docs.abuseipdb.com/ Submit a CSV file for bulk reporting using a POST request. ```bash # POST the submission. curl https://api.abuseipdb.com/api/v2/bulk-report \ -F csv=@report.csv \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" \ > output.json ``` -------------------------------- ### Fetch Blacklist with PHP Source: https://docs.abuseipdb.com/ Uses GuzzleHttp to retrieve the blacklist and decode the JSON response into an associative array. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('GET', 'blacklist', [ 'query' => [ 'confidenceMinimum' => '90' ], 'headers' => [ 'Accept' => 'application/json', 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); // Store response as a PHP object. $blacklist = json_decode($output, true); ?> ``` -------------------------------- ### Submit Report with Python Source: https://docs.abuseipdb.com/ Uses the requests library to post report data to the AbuseIPDB API. ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/report' # String holding parameters to pass in json format params = { 'ip':'180.126.219.126', 'categories':'18,20', 'comment':'SSH login attempts with user root.' 'timestamp':'2023-10-18T11:25:11-04:00' } headers = { 'Accept': 'application/json', 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='POST', url=url, headers=headers, params=params) ``` -------------------------------- ### Fetch Blacklist with C# Source: https://docs.abuseipdb.com/ Uses RestSharp to query the blacklist endpoint and deserialize the JSON content. ```csharp using System; using RestSharp; using Newtonsoft.Json; public class BlacklistEndpoint { public static void Main() { var client = new RestClient("https://api.abuseipdb.com/api/v2/blacklist"); var request = new RestRequest(Method.GET); request.AddHeader("Key", "YOUR_OWN_API_KEY"); request.AddHeader("Accept", "application/json"); request.AddParameter("confidenceMinimum", "90"); IRestResponse response = client.Execute(request); dynamic parsedJson = JsonConvert.DeserializeObject(response.Content); foreach (var item in parsedJson) { Console.WriteLine(item); } } } ``` -------------------------------- ### POST /report Source: https://docs.abuseipdb.com/ Submits a report for a malicious IP address. ```APIDOC ## POST /report ### Description Submits a report for a malicious IP address. ### Method POST ### Endpoint https://api.abuseipdb.com/api/v2/report ### Parameters #### Request Body - **ip** (string) - Required - The IP address to report. - **categories** (string) - Required - A comma-separated list of category IDs for the abuse. - **comment** (string) - Optional - A comment describing the abuse. - **timestamp** (string) - Optional - The timestamp of the abuse event in ISO 8601 format. ### Request Example ```curl curl https://api.abuseipdb.com/api/v2/report \ --data-urlencode "ip=127.0.0.1" \ -d categories=18,22 \ --data-urlencode "comment=SSH login attempts with user root." \ --data-urlencode "timestamp=2023-10-18T11:25:11-04:00" \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" ``` ### Response #### Success Response (200) - **message** (string) - A success message indicating the report was submitted. #### Response Example ```json { "message": "Report submitted successfully." } ``` ``` -------------------------------- ### Bulk Report in Python Source: https://docs.abuseipdb.com/ Upload a CSV file to the bulk-report endpoint using the requests library. ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/bulk-report' files = { 'csv': ('report.csv', open('report.csv', 'rb')) } headers = { 'Accept': 'application/json', 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='POST', url=url, headers=headers, files=files) ``` -------------------------------- ### Report IP Address via Classic ASP Source: https://docs.abuseipdb.com/ Uses Msxml2.SERVERXMLHTTP to send a form-encoded POST request. ```asp <% Dim obj_post Set obj_post=Server.CreateObject("Msxml2.SERVERXMLHTTP") Dim str_data str_data="ip=127.0.0.1&categories=14,18&comment=Attack port 3389 (RDP)×tamp=2023-10-18T11:25:11-04:00" Dim api_key api_key="YOUR_OWN_API_KEY" obj_post.Open "POST", "https://api.abuseipdb.com/api/v2/report", False obj_post.setRequestHeader "content-type", "application/x-www-form-urlencoded" obj_post.setRequestHeader "Key", api_key obj_post.Send str_data Response.Write(obj_post.responseText) %> ``` -------------------------------- ### Filter Blacklist by Country (Python) Source: https://docs.abuseipdb.com/ Uses the requests library to fetch blacklist data, filtering by specific countries. Ensure your API key is provided. ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/blacklist' querystring = { 'onlyCountries':'US,MX,CA' } headers = { 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='GET', url=url, headers=headers, params=querystring) # Formatted output print response.text ``` -------------------------------- ### Filter Blacklist by IP Version (Python) Source: https://docs.abuseipdb.com/ Uses the requests library to fetch blacklist data, filtering for IPv6 addresses. Ensure your API key is provided. ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/blacklist' querystring = { 'ipVersion': 6 } headers = { 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='GET', url=url, headers=headers, params=querystring) ``` -------------------------------- ### Retrieve Blacklist via cURL and Python Source: https://docs.abuseipdb.com/ Fetches the current blacklist of IP addresses filtered by a minimum confidence score. ```bash # The -G option will convert form parameters (-d options) into query parameters. # The BLACKLIST endpoint is a GET request. curl -G https://api.abuseipdb.com/api/v2/blacklist \ -d confidenceMinimum=90 \ -H "Key: YOUR_OWN_API_KEY" \ -H "Accept: application/json" ``` ```python import requests import json # Defining the api-endpoint url = 'https://api.abuseipdb.com/api/v2/blacklist' querystring = { 'confidenceMinimum':'90' } headers = { 'Accept': 'application/json', 'Key': 'YOUR_OWN_API_KEY' } response = requests.request(method='GET', url=url, headers=headers, params=querystring) ``` -------------------------------- ### Retrieve Blacklist Data with C# Source: https://docs.abuseipdb.com/ Uses RestSharp to query the blacklist endpoint for IPv6 addresses. ```csharp using System; using RestSharp; public class BlacklistEndpoint { public static void Main() { var client = new RestClient("https://api.abuseipdb.com/api/v2/blacklist"); var request = new RestRequest(Method.GET); request.AddHeader("Key", "YOUR_OWN_API_KEY"); request.AddParameter("ipVersion", 6); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); } } ``` -------------------------------- ### Format API Response as JSON Source: https://docs.abuseipdb.com/ Loads a JSON response from the API and prints it in a human-readable, sorted format. Ensure the 'response' object is available from a prior API call. ```python decodedResponse = json.loads(response.text) print json.dumps(decodedResponse, sort_keys=True, indent=4) ``` -------------------------------- ### Report IP Address via PHP Source: https://docs.abuseipdb.com/ Uses GuzzleHttp to send a POST request to the report endpoint. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('POST', 'report', [ 'form_params' => [ 'ip' => '127.0.0.1', 'categories' => '18,22', 'comment' => 'SSH login attempts with user root.', 'timestamp' => '2023-10-18T11:25:11-04:00' ], 'headers' => [ 'Accept' => 'application/json', 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); // Store response as a PHP object. $ipDetails = json_decode($output, true); ?> ``` -------------------------------- ### Check IP Address with RestSharp (C#) Source: https://docs.abuseipdb.com/ Utilizes RestSharp to query the AbuseIPDB check endpoint. Requires RestSharp and Newtonsoft.Json NuGet packages. Replace 'YOUR_OWN_API_KEY' with your actual API key. ```csharp using System; using RestSharp; using Newtonsoft.Json; public class CheckEndpoint { public static void Main() { var client = new RestClient("https://api.abuseipdb.com/api/v2/check"); var request = new RestRequest(Method.GET); request.AddHeader("Key", "YOUR_OWN_API_KEY"); request.AddHeader("Accept", "application/json"); request.AddParameter("ipAddress", "118.25.6.39"); request.AddParameter("maxAgeInDays", "90"); request.AddParameter("verbose", ""); IRestResponse response = client.Execute(request); dynamic parsedJson = JsonConvert.DeserializeObject(response.Content); foreach (var item in parsedJson) { Console.WriteLine(item); } } } ``` -------------------------------- ### Fetch Plaintext Blacklist with cURL Source: https://docs.abuseipdb.com/ Retrieves the blacklist in plaintext format using cURL, either via a query parameter or an Accept header. ```bash curl -G https://api.abuseipdb.com/api/v2/blacklist \ -d confidenceMinimum=90 \ -d plaintext \ -H "Key: $YOUR_API_KEY" \ -H "Accept: application/json" ``` ```bash curl -G https://api.abuseipdb.com/api/v2/blacklist \ -d confidenceMinimum=90 \ -H "Key: $YOUR_API_KEY" \ -H "Accept: text/plain" ``` -------------------------------- ### Bulk Report API Source: https://docs.abuseipdb.com/ Submit a CSV file containing IP addresses and their associated abuse categories to report them in bulk. The response indicates the number of successfully reported IPs and any invalid or duplicate entries. ```APIDOC ## POST /bulk-report ### Description Submits a CSV file containing IP addresses and their associated abuse categories for bulk reporting. ### Method POST ### Endpoint https://api.abuseipdb.com/api/v2/bulk-report ### Parameters #### Request Body - **csv** (file) - Required - A CSV file containing IP addresses and abuse categories. ### Request Example ```json { "csv": "report.csv" } ``` ### Response #### Success Response (200) - **data** (object) - Contains details about the reporting results. - **savedReports** (integer) - The number of IP addresses successfully reported. - **invalidReports** (array) - A list of reports that were rejected, with reasons. - **error** (string) - The reason for rejection (e.g., "Duplicate IP", "Invalid IP"). - **input** (string) - The IP address that was rejected. - **rowNumber** (integer) - The row number in the CSV file where the error occurred. #### Response Example ```json { "data": { "savedReports": 60, "invalidReports": [ { "error": "Duplicate IP", "input": "41.188.138.68", "rowNumber": 5 }, { "error": "Invalid IP", "input": "127.0.foo.bar", "rowNumber": 6 }, { "error": "Invalid Category", "input": "189.87.146.50", "rowNumber": 8 } ] } } ``` ``` -------------------------------- ### Rate Limiting and Response Headers Source: https://docs.abuseipdb.com/ Information about API rate limits and the headers returned to indicate usage status. ```APIDOC ## Rate Limiting The API enforces daily rate limits based on subscription tiers. Key headers to monitor are: - **X-RateLimit-Limit**: The maximum number of requests allowed per day. - **X-RateLimit-Remaining**: The number of requests remaining for the current day. - **X-RateLimit-Reset**: The epoch timestamp indicating when the daily limit resets. Upon reaching the daily limit, a `HTTP 429 Too Many Requests` status code is returned. ### Example Rate Limits (Requests per day): | Feature | Standard | Webmaster | Supporter | Basic Subscription | Premium Subscription | |-----------------|----------|-----------|-----------|--------------------|----------------------| | check | 1,000 | 3,000 | 5,000 | 10,000 | 50,000 | | reports | 100 | 500 | 1,000 | 5,000 | 25,000 | | blacklist | 5 | 10 | 20 | 100 | 500 | | report | 1,000 | 3,000 | 1,000 | 10,000 | 50,000 | | check-block | 100 | 250 | 500 | 1,000 | 5,000 | | bulk-report | 5 | 10 | 20 | 100 | 500 | | clear-address | 5 | 10 | 20 | 100 | 500 | ``` -------------------------------- ### Check Network Block in PHP Source: https://docs.abuseipdb.com/ Query the check-block endpoint using GuzzleHttp to retrieve network details. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('GET', 'check-block', [ 'query' => [ 'network' => '127.0.0.1/24', 'maxAgeInDays' => '15' ], 'headers' => [ 'Accept' => 'application/json', 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); // Store response as a PHP object. $blockDetails = json_decode($output, true); ?> ``` -------------------------------- ### API Daily Rate Limits Source: https://docs.abuseipdb.com/ Information regarding the daily request limits for the AbuseIPDB API and useful response headers. ```APIDOC # API Daily Rate Limits With the request header "Accept: application/json" ```json { "errors": [ { "detail": "Daily rate limit of 1000 requests exceeded for this endpoint. See headers for additional details.", "status": 429 } ] } ``` > Useful response headers ``` # Retry-After - Seconds a client should wait until a retry. # X-RateLimit-Limit - Your daily limit. # X-RateLimit-Remaining - Remaining requests available for this endpoint. ``` ``` -------------------------------- ### Filter Blacklist by Country (PHP) Source: https://docs.abuseipdb.com/ Uses Guzzle HTTP client to retrieve blacklist data, filtering by country codes. Replace 'YOUR_OWN_API_KEY' with your key. ```php 'https://api.abuseipdb.com/api/v2/' ]); $response = $client->request('GET', 'blacklist', [ 'query' => [ 'onlyCountries' => 'US,MX,CA' ], 'headers' => [ 'Key' => 'YOUR_OWN_API_KEY' ], ]); $output = $response->getBody(); echo $output; ?> ```