Overview
AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
AbuseIPDB’s mission is to help make the internet a safer place by providing a central blacklist for webmasters, system administrators, and other interested parties to report and find IP addresses that have been associated with malicious activity online.
With AbuseIPDB Transforms, you can discover information about IPv4 and IPv6 Addresses, such as abuse score, IP usage type, hostname associated with the IP, Country, and ISP Details.
Don't miss our blog article, The Power of AbuseIPDB is now in Maltego, where we walk you through AbuseIPDB data and illustrate how to use the AbuseIPDB Transforms in Maltego to speed up investigations involving suspicious IP addresses.
Access
Access to AbuseIPDB is free and can be used with any Maltego license and AbuseIPDB API key. Installation can be completed directly from the Data Hub in the Maltego Graph Client.
Register here for a free API key (limited to 1000 requests per day).
For more information about the AbuseIPDB integration visit our website here.
AbuseIPDB Transforms
Check Abuse Score [AbuseIPDB]
Description
This Transform returns the input IP address Entity with the confidence score in the detail view and a bookmark overlay
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| API Key | string | false | true | true |
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | Check Abuse Score [AbuseIPDB] |
| Owner | |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Short Description | This Transform returns the input IP address Entity with the confidence score in the detail view and a bookmark overlay |
Variants
| Transform Name | Input Entities | Output Entities |
|---|---|---|
| abuseipdb.ipv6AddressToReputation | maltego.IPv6Address | maltego.IPv6Address |
| abuseipdb.ipv4AddressToReputation | maltego.IPv4Address | maltego.IPv4Address |
To ISP Domain [AbuseIPDB]
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| API Key | string | false | true | true |
Transform Meta Info
| Information | Value |
|---|---|
Display Name Owner | To ISP Domain [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.Domain |
Variants
| Transform Name | Input Entities | Short Description |
|---|---|---|
| abuseipdb.ipv6AddressToDomain | maltego.IPv6Address | This Transform returns the ISP domain for the given IPv6 Address |
| abuseipdb.ipv4AddressToDomain | maltego.IPv4Address | This Transform returns the ISP domain for the given IPv4 Address |
Report IP Address [AbuseIPDB]
Description
Report the input IP address to AbuseIPDB
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| 1 DNS Compromise Altering DNS records resulting in improper redirection. | boolean | true | true | false | |
| 10 Web Spam Comment/forum spam, HTTP referer spam, or other CMS spam. | boolean | true | true | false | |
| 11 Email Spam Spam email content, infected attachments, and phishing emails. Note: Limit comments to only relevent information (instead of log dumps) and be sure to remove PII if you want to remain anonymous. | boolean | true | true | false | |
| 12 Blog Spam CMS blog comment spam. | boolean | true | true | false | |
| 13 VPN IP Conjunctive category. | boolean | true | true | false | |
| 14 Port Scan Scanning for open ports and vulnerable services. | boolean | true | true | false | |
| 15 Hacking | boolean | true | true | false | |
| 16 SQL Injection Attempts at SQL injection. | boolean | true | true | false | |
| 17 Spoofing Email sender spoofing. | boolean | true | true | false | |
| 18 Brute-Force Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc. This category is seperate from DDoS attacks. | boolean | true | true | false | |
| 19 Bad Web Bot Webpage scraping (for email addresses, content, etc) and crawlers that do not honor robots.txt. Excessive requests and user agent spoofing can also be reported here. | boolean | true | true | false | |
| 2 DNS Poisoning Falsifying domain server cache (cache poisoning). | boolean | true | true | false | |
| 20 Exploited Host Host is likely infected with malware and being used for other attacks or to host malicious content. The host owner may not be aware of the compromise. This category is often used in combination with other attack categories. | boolean | true | true | false | |
| 21 Web App Attack Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions. | boolean | true | true | false | |
| 22 SSH Secure Shell (SSH) abuse. Use this category in combination with more specific categories. | boolean | true | true | false | |
| 23 IoT Targeted Abuse was targeted at an “Internet of Things” type device. Include information about what type of device was targeted in the comments. | boolean | true | true | false | |
| 3 Fraud Orders Fraudulent orders. | boolean | true | true | false | |
| 4 DDoS Attack Participating in distributed denial-of-service (usually part of botnet). | boolean | true | true | false | |
| 5 FTP Brute-Force | boolean | true | true | false | |
| 6 Ping of Death Oversized IP packet. | boolean | true | true | false | |
| 7 Phishing Phishing websites and/or email. | boolean | true | true | false | |
| 8 Fraud VoIP | boolean | true | true | false | |
| 9 Open Proxy Open proxy, open relay, or Tor exit node. | boolean | true | true | false | |
| API Key | string | false | true | true | |
| Comment | string | true | true | false |
Transform Meta Info
| Information | Value |
|---|---|
Display Name Owner | Report IP Address [AbuseIPDB] |
| Author | Maltego |
Data Source Output Entities | AbuseIPDB |
| Short Description | Report the input IP address to AbuseIPDB |
Variants
| Transform Name | Input Entities |
|---|---|
| abuseipdb.reportIpv6Address | maltego.IPv6Address |
| abuseipdb.reportIpv4Address | maltego.IPv4Address |
To Usage Type [AbuseIPDB]
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| API Key | string | false | true | true |
Transform Meta Info
| Information | Value |
|---|---|
Display Name Owner | To Usage Type [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.Phrase |
Variants
| Transform Name | Input Entities | Short Description |
|---|---|---|
| abuseipdb.ipv4AddressToUsageType | maltego.IPv4Address | This Transform returns the usage type for the IPv4 address |
| abuseipdb.ipv6AddressToUsageType | maltego.IPv6Address | This Transform returns the usage type for the IPv6 address |
To Reporter [AbuseIPDB]
Description
This Transform returns the reporter ID to the report
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | To Reporter [AbuseIPDB] |
| Owner | |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Transform Name | abuseipdb.reportToReporterId |
| Input Entities | maltego.abuseipdb.Report |
| Output Entities | maltego.Alias |
| Short Description | This Transform returns the reporter ID in the report |
To Category [AbuseIPDB]
Description
This Transform returns the categories mentioned in the report for the given IPv4 Address
Transform Meta Info
| Information | Value |
|---|---|
| Display Name | To Category [AbuseIPDB] |
| Owner | |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Transform Name | abuseipdb.reportToCategories |
| Input Entities | maltego.abuseipdb.Report |
| Output Entities | maltego.maltego.abuseipdb.Tag |
| Short Description | This Transform returns the categories mentioned in the report for the given IPv4 Address |
To Report [AbuseIPDB]
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| API Key | string | false | true | true |
Transform Meta Info
| Information | Value |
|---|---|
Display Name Owner | To Report [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.abuseipdb.Report |
Variants
| Transform Name | Input Entities | Short Description |
|---|---|---|
| abuseipdb.ipv4AddressToAbuseReport | maltego.IPv4Address | This Transform returns the AbuseIPDB report for the IPv4 address |
| abuseipdb.ipv6AddressToAbuseReport | maltego.IPv6Address | This Transform returns the AbuseIPDB report for the IPv6 address |
To ISP [AbuseIPDB]
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| API Key | string | false | true | true |
Transform Meta Info
| Information | Value |
|---|---|
Display Name Owner | To ISP [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.ISP |
Variants
| Transform Name | Input Entities | Short Description |
|---|---|---|
| abuseipdb.ipv6AddressToIsp | maltego.IPv6Address | This Transform returns the AbuseIPDB report for the IPv6 address |
| abuseipdb.ipv4AddressToIsp | maltego.IPv4Address | This Transform returns the AbuseIPDB report for the IPv4 address |
To Hostnames [AbuseIPDB]
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| API Key | string | false | true | true |
Transform Meta Info
| Information | Value |
|---|---|
Display Name Owner | To Hostnames [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.DNSName |
Variants
| Transform Name | Input Entities | Short Description |
|---|---|---|
| abuseipdb.ipv4AddressToHostnames | maltego.IPv4Address | This Transform returns the host names seen on the given IPv4 Address |
| abuseipdb.ipv6AddressToHostnames | maltego.IPv6Address | This Transform returns the host names seen on the given IPv6 Address |
To Country [AbuseIPDB]
Transform Settings
| Display Name | Setting Type | Default Value | Optional | Popup | Authentication |
|---|---|---|---|---|---|
| API Key | string | false | true | true |
Transform Meta Info
| Information | Value |
|---|---|
Display Name Owner | To Country [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.Country |
Variants
| Transform Name | Input Entities | Short Description |
|---|---|---|
| abuseipdb.ipv4AddressToCountry | maltego.IPv4Address | This Transform returns the AbuseIPDB report for the IPv4 address |
| abuseipdb.ipv6AddressToCountry | maltego.IPv6Address | This Transform returns the AbuseIPDB report for the IPv6 address |