How to use AbuseIPDB

AbuseIPDB ia a third-party tool that provide a centralize database to report IP addresses that were used to abuse different companies or organizations.

The information about the malicious or suspicious IP addresses are coming from different sources such as Firewall, Proxies, Routers, Honeypots, Sandboxes or any sources use to monitors or detect malicious IP addresses.

The tool is accessible by clicking on the link: https://www.abuseipdb.com

 

Like you see, once the link is opened, 10 menus are available to your view, each of them has a different capability.

The first menu “Home” is the main page, the page contains the search menu to search information about IP addresses, Domain names or Subnets.

Let’s have a look at one example:

 

Like you see, we entered the IP address 117.199.172.28, the IP address was found in the database, which means that it was reported by someone.

Below, we can see that the IP address was reported 3 times of abuse and 24% of confidence.

On the picture, you may observe the details about the IP address such as:

The location, the owner, ASN number, the domain name associated to the IP address and the usage type.

By scrolling down, we may get more information about the entities that reported the IP address.

 

We can see on the picture, the reported name, the time it was reported and the comment about the reason it was reported.

That information helps us have better details about the IP address and make a recommendation to protect our environment.

You can click on WHOIS following with the IP address on the image to get more insight about it.

 

Result after clicking

If you wish to take down the IP address, you can scroll down and click on the button “takedown”

Feel the request form and submit to takedown the IP address.

Example of IP address takedown https://www.abuseipdb.com/blog/kv-solutions-takedown

You can find the recent reported IP address by scrolling at the end of the page

In the second menu “Report IP”

You can report an IP address an account.

On the third menu “Bulk Reported”

If you wish to report a group of IP addresses, a bulk report is possible, more details: https://www.abuseipdb.com/bulk-report

 On the fourth menus “Pricing”, “About”, “FAQ” are information related to the pricing, some details about the tool.

The seventh menu “Documentation”, contains information about how the tool can be integrated with others platforms:

The eighth menu “Statistics” contains information about IP addresses that have been reported. Scroll down to get more details.

The ninth menu “IP Tools” contains information about tools that can be used to perform some troubleshooting or get some details about IP addresses or DNS. Click on each of them to get more information.

Example: Click on the sub menu “Ping IP”

Like you see, the Ping failed on the IP address entered above.

The last menu “Contact”, contains information about how to contact AbuseIPDB team

Feel free to feel the fields to get in touch with the team.

Like you see, AbuseIPDB is very powerful tool, the tool has menus features described above to get more details about IP addresses and DNS or others. The tool should be one of the main tools you use daily if you work in SOC.

You can watch the video version by clicking on the link: