AbuseIPDB

Modified on: Thu, 17 Jun, 2021 at 4:37 PM

Overview

AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.


AbuseIPDB’s mission is to help make the internet a safer place by providing a central blacklist for webmasters, system administrators, and other interested parties to report and find IP addresses that have been associated with malicious activity online.


With AbuseIPDB Transforms, you can discover information about IPv4 and IPv6 Addresses, such as abuse score, IP usage type, hostname associated with the IP, Country, and ISP Details.


Don't miss our blog article, The Power of AbuseIPDB is now in Maltego, where we walk you through AbuseIPDB data and illustrate how to use the AbuseIPDB Transforms in Maltego to speed up investigations involving suspicious IP addresses.


Access

Access to AbuseIPDB is free and can be used with any Maltego license and AbuseIPDB API key. Installation can be completed directly from the Transform Hub in the Maltego Desktop Client.


Register here for a free API key (limited to 1000 requests per day).


For more information about the AbuseIPDB integration visit our website here.


AbuseIPDB Transforms

Check Abuse Score [AbuseIPDB]

Description

This Transform returns the input IP address Entity with the confidence score in the detail view and a bookmark overlay


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string false true true

Transform Meta Info

Information Value
Display Name Check Abuse Score [AbuseIPDB]
Owner
Author Maltego
Data Source AbuseIPDB
Short Description This Transform returns the input IP address Entity with the confidence score in the detail view and a bookmark overlay

Variants

Transform Name Input Entities Output Entities
abuseipdb.ipv6AddressToReputation maltego.IPv6Address maltego.IPv6Address
abuseipdb.ipv4AddressToReputation maltego.IPv4Address maltego.IPv4Address

To ISP Domain [AbuseIPDB]

Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string false true true

Transform Meta Info

Information Value

Display Name Owner

To ISP Domain [AbuseIPDB]

Author Maltego
Data Source AbuseIPDB
Output Entities maltego.Domain

Variants

Transform Name Input Entities Short Description
abuseipdb.ipv6AddressToDomain maltego.IPv6Address This Transform returns the ISP domain for the given IPv6 Address
abuseipdb.ipv4AddressToDomain maltego.IPv4Address This Transform returns the ISP domain for the given IPv4 Address

Report IP Address [AbuseIPDB]

Description

Report the input IP address to AbuseIPDB


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
1 DNS Compromise Altering DNS records resulting in improper redirection. boolean true true false
10 Web Spam Comment/forum spam, HTTP referer spam, or other CMS spam. boolean true true false
11 Email Spam Spam email content, infected attachments, and phishing emails. Note: Limit comments to only relevent information (instead of log dumps) and be sure to remove PII if you want to remain anonymous. boolean true true false
12 Blog Spam CMS blog comment spam. boolean true true false
13 VPN IP Conjunctive category. boolean true true false
14 Port Scan Scanning for open ports and vulnerable services. boolean true true false
15 Hacking boolean true true false
16 SQL Injection Attempts at SQL injection. boolean true true false
17 Spoofing Email sender spoofing. boolean true true false
18 Brute-Force Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc. This category is seperate from DDoS attacks. boolean true true false
19 Bad Web Bot Webpage scraping (for email addresses, content, etc) and crawlers that do not honor robots.txt. Excessive requests and user agent spoofing can also be reported here. boolean true true false
2 DNS Poisoning Falsifying domain server cache (cache poisoning). boolean true true false
20 Exploited Host Host is likely infected with malware and being used for other attacks or to host malicious content. The host owner may not be aware of the compromise. This category is often used in combination with other attack categories. boolean true true false
21 Web App Attack Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions. boolean true true false
22 SSH Secure Shell (SSH) abuse. Use this category in combination with more specific categories. boolean true true false
23 IoT Targeted Abuse was targeted at an “Internet of Things” type device. Include information about what type of device was targeted in the comments. boolean true true false
3 Fraud Orders Fraudulent orders. boolean true true false
4 DDoS Attack Participating in distributed denial-of-service (usually part of botnet). boolean true true false
5 FTP Brute-Force boolean true true false
6 Ping of Death Oversized IP packet. boolean true true false
7 Phishing Phishing websites and/or email. boolean true true false
8 Fraud VoIP boolean true true false
9 Open Proxy Open proxy, open relay, or Tor exit node. boolean true true false
API Key string false true true
Comment string true true false

Transform Meta Info

Information Value

Display Name Owner

Report IP Address [AbuseIPDB]

Author Maltego

Data Source Output Entities

AbuseIPDB

Short Description Report the input IP address to AbuseIPDB

Variants

Transform Name Input Entities
abuseipdb.reportIpv6Address maltego.IPv6Address
abuseipdb.reportIpv4Address maltego.IPv4Address

To Usage Type [AbuseIPDB]

Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string false true true

Transform Meta Info

Information Value

Display Name Owner

To Usage Type [AbuseIPDB]

Author Maltego
Data Source AbuseIPDB
Output Entities maltego.Phrase

Variants

Transform Name Input Entities Short Description
abuseipdb.ipv4AddressToUsageType maltego.IPv4Address This Transform returns the usage type for the IPv4 address
abuseipdb.ipv6AddressToUsageType maltego.IPv6Address This Transform returns the usage type for the IPv6 address

To Reporter [AbuseIPDB]

Description

This Transform returns the reporter ID to the report


Transform Meta Info

Information Value
Display Name To Reporter [AbuseIPDB]
Owner
Author Maltego
Data Source AbuseIPDB
Transform Name abuseipdb.reportToReporterId
Input Entities maltego.abuseipdb.Report
Output Entities maltego.Alias
Short Description This Transform returns the reporter ID in the report

To Category [AbuseIPDB]

Description

This Transform returns the categories mentioned in the report for the given IPv4 Address


Transform Meta Info

Information Value
Display Name To Category [AbuseIPDB]
Owner
Author Maltego
Data Source AbuseIPDB
Transform Name abuseipdb.reportToCategories
Input Entities maltego.abuseipdb.Report
Output Entities maltego.maltego.abuseipdb.Tag
Short Description This Transform returns the categories mentioned in the report for the given IPv4 Address

To Report [AbuseIPDB]

Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string false true true

Transform Meta Info

Information Value

Display Name Owner

To Report [AbuseIPDB]

Author Maltego
Data Source AbuseIPDB
Output Entities maltego.abuseipdb.Report

Variants

Transform Name Input Entities Short Description
abuseipdb.ipv4AddressToAbuseReport maltego.IPv4Address This Transform returns the AbuseIPDB report for the IPv4 address
abuseipdb.ipv6AddressToAbuseReport maltego.IPv6Address This Transform returns the AbuseIPDB report for the IPv6 address

To ISP [AbuseIPDB]

Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string false true true

Transform Meta Info

Information Value

Display Name Owner

To ISP [AbuseIPDB]

Author Maltego
Data Source AbuseIPDB
Output Entities maltego.ISP

Variants

Transform Name Input Entities Short Description
abuseipdb.ipv6AddressToIsp maltego.IPv6Address This Transform returns the AbuseIPDB report for the IPv6 address
abuseipdb.ipv4AddressToIsp maltego.IPv4Address This Transform returns the AbuseIPDB report for the IPv4 address

To Hostnames [AbuseIPDB]

Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string false true true

Transform Meta Info

Information Value

Display Name Owner

To Hostnames [AbuseIPDB]

Author Maltego
Data Source AbuseIPDB
Output Entities maltego.DNSName

Variants

Transform Name Input Entities Short Description
abuseipdb.ipv4AddressToHostnames maltego.IPv4Address This Transform returns the host names seen on the given IPv4 Address
abuseipdb.ipv6AddressToHostnames maltego.IPv6Address This Transform returns the host names seen on the given IPv6 Address

To Country [AbuseIPDB]

Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string false true true

Transform Meta Info

Information Value

Display Name Owner

To Country [AbuseIPDB]

Author Maltego
Data Source AbuseIPDB
Output Entities maltego.Country

Variants

Transform Name Input Entities Short Description
abuseipdb.ipv4AddressToCountry maltego.IPv4Address This Transform returns the AbuseIPDB report for the IPv4 address
abuseipdb.ipv6AddressToCountry maltego.IPv6Address This Transform returns the AbuseIPDB report for the IPv6 address

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.