AbuseIPDB
Modified on: Tue, 10 Dec, 2024 at 9:41 PM
Overview
AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
AbuseIPDB’s mission is to help make the internet a safer place by providing a central blacklist for webmasters, system administrators, and other interested parties to report and find IP addresses that have been associated with malicious activity online.
With AbuseIPDB Transforms, you can discover information about IPv4 and IPv6 Addresses, such as abuse score, IP usage type, hostname associated with the IP, Country, and ISP Details.
Access
Access to AbuseIPDB is free and can be used with any Maltego license and AbuseIPDB API key. Installation can be completed directly from the Data Hub in the Maltego Graph Client.
For more information about the AbuseIPDB integration visit our website here.
Check Abuse Score [AbuseIPDB]
Description
This Transform returns the input IP address Entity with the confidence score in the detail view and a bookmark overlay
| API Key | string | | false | true | true |
| Display Name | Check Abuse Score [AbuseIPDB] |
| Owner | |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Short Description | This Transform returns the input IP address Entity with the confidence score in the detail view and a bookmark overlay |
Variants
| abuseipdb.ipv6AddressToReputation | maltego.IPv6Address | maltego.IPv6Address |
| abuseipdb.ipv4AddressToReputation | maltego.IPv4Address | maltego.IPv4Address |
To ISP Domain [AbuseIPDB]
| API Key | string | | false | true | true |
Display Name Owner | To ISP Domain [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.Domain |
Variants
| abuseipdb.ipv6AddressToDomain | maltego.IPv6Address | This Transform returns the ISP domain for the given IPv6 Address |
| abuseipdb.ipv4AddressToDomain | maltego.IPv4Address | This Transform returns the ISP domain for the given IPv4 Address |
Report IP Address [AbuseIPDB]
Description
Report the input IP address to AbuseIPDB
| 1 DNS Compromise Altering DNS records resulting in improper redirection. | boolean | | true | true | false |
| 10 Web Spam Comment/forum spam, HTTP referer spam, or other CMS spam. | boolean | | true | true | false |
| 11 Email Spam Spam email content, infected attachments, and phishing emails. Note: Limit comments to only relevent information (instead of log dumps) and be sure to remove PII if you want to remain anonymous. | boolean | | true | true | false |
| 12 Blog Spam CMS blog comment spam. | boolean | | true | true | false |
| 13 VPN IP Conjunctive category. | boolean | | true | true | false |
| 14 Port Scan Scanning for open ports and vulnerable services. | boolean | | true | true | false |
| 15 Hacking | boolean | | true | true | false |
| 16 SQL Injection Attempts at SQL injection. | boolean | | true | true | false |
| 17 Spoofing Email sender spoofing. | boolean | | true | true | false |
| 18 Brute-Force Credential brute-force attacks on webpage logins and services like SSH, FTP, SIP, SMTP, RDP, etc. This category is seperate from DDoS attacks. | boolean | | true | true | false |
| 19 Bad Web Bot Webpage scraping (for email addresses, content, etc) and crawlers that do not honor robots.txt. Excessive requests and user agent spoofing can also be reported here. | boolean | | true | true | false |
| 2 DNS Poisoning Falsifying domain server cache (cache poisoning). | boolean | | true | true | false |
| 20 Exploited Host Host is likely infected with malware and being used for other attacks or to host malicious content. The host owner may not be aware of the compromise. This category is often used in combination with other attack categories. | boolean | | true | true | false |
| 21 Web App Attack Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software plugins/solutions. | boolean | | true | true | false |
| 22 SSH Secure Shell (SSH) abuse. Use this category in combination with more specific categories. | boolean | | true | true | false |
| 23 IoT Targeted Abuse was targeted at an “Internet of Things” type device. Include information about what type of device was targeted in the comments. | boolean | | true | true | false |
| 3 Fraud Orders Fraudulent orders. | boolean | | true | true | false |
| 4 DDoS Attack Participating in distributed denial-of-service (usually part of botnet). | boolean | | true | true | false |
| 5 FTP Brute-Force | boolean | | true | true | false |
| 6 Ping of Death Oversized IP packet. | boolean | | true | true | false |
| 7 Phishing Phishing websites and/or email. | boolean | | true | true | false |
| 8 Fraud VoIP | boolean | | true | true | false |
| 9 Open Proxy Open proxy, open relay, or Tor exit node. | boolean | | true | true | false |
| API Key | string | | false | true | true |
| Comment | string | | true | true | false |
Display Name Owner | Report IP Address [AbuseIPDB] |
| Author | Maltego |
Data Source Output Entities | AbuseIPDB |
| Short Description | Report the input IP address to AbuseIPDB |
Variants
| abuseipdb.reportIpv6Address | maltego.IPv6Address |
| abuseipdb.reportIpv4Address | maltego.IPv4Address |
To Usage Type [AbuseIPDB]
| API Key | string | | false | true | true |
Display Name Owner | To Usage Type [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.Phrase |
Variants
| abuseipdb.ipv4AddressToUsageType | maltego.IPv4Address | This Transform returns the usage type for the IPv4 address |
| abuseipdb.ipv6AddressToUsageType | maltego.IPv6Address | This Transform returns the usage type for the IPv6 address |
To Reporter [AbuseIPDB]
Description
This Transform returns the reporter ID to the report
| Display Name | To Reporter [AbuseIPDB] |
| Owner | |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Transform Name | abuseipdb.reportToReporterId |
| Input Entities | maltego.abuseipdb.Report |
| Output Entities | maltego.Alias |
| Short Description | This Transform returns the reporter ID in the report |
To Category [AbuseIPDB]
Description
This Transform returns the categories mentioned in the report for the given IPv4 Address
| Display Name | To Category [AbuseIPDB] |
| Owner | |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Transform Name | abuseipdb.reportToCategories |
| Input Entities | maltego.abuseipdb.Report |
| Output Entities | maltego.maltego.abuseipdb.Tag |
| Short Description | This Transform returns the categories mentioned in the report for the given IPv4 Address |
To Report [AbuseIPDB]
| API Key | string | | false | true | true |
Display Name Owner | To Report [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.abuseipdb.Report |
Variants
| abuseipdb.ipv4AddressToAbuseReport | maltego.IPv4Address | This Transform returns the AbuseIPDB report for the IPv4 address |
| abuseipdb.ipv6AddressToAbuseReport | maltego.IPv6Address | This Transform returns the AbuseIPDB report for the IPv6 address |
To ISP [AbuseIPDB]
| API Key | string | | false | true | true |
Display Name Owner | To ISP [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.ISP |
Variants
| abuseipdb.ipv6AddressToIsp | maltego.IPv6Address | This Transform returns the AbuseIPDB report for the IPv6 address |
| abuseipdb.ipv4AddressToIsp | maltego.IPv4Address | This Transform returns the AbuseIPDB report for the IPv4 address |
To Hostnames [AbuseIPDB]
| API Key | string | | false | true | true |
Display Name Owner | To Hostnames [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.DNSName |
Variants
| abuseipdb.ipv4AddressToHostnames | maltego.IPv4Address | This Transform returns the host names seen on the given IPv4 Address |
| abuseipdb.ipv6AddressToHostnames | maltego.IPv6Address | This Transform returns the host names seen on the given IPv6 Address |
To Country [AbuseIPDB]
| API Key | string | | false | true | true |
Display Name Owner | To Country [AbuseIPDB] |
| Author | Maltego |
| Data Source | AbuseIPDB |
| Output Entities | maltego.Country |
Variants
| abuseipdb.ipv4AddressToCountry | maltego.IPv4Address | This Transform returns the AbuseIPDB report for the IPv4 address |
| abuseipdb.ipv6AddressToCountry | maltego.IPv6Address | This Transform returns the AbuseIPDB report for the IPv6 address |