Abuse Lookup API
Overview
The Abuse Contact API provides essential contact information to report abusive activity associated with IP addresses. By querying an IP address (IPv4 or IPv6), users receive detailed abuse contact data, including the responsible organization, abuse handling role, contact emails, phone numbers, and registered address. This enables users to swiftly take action to report and mitigate threats such as spam, DDoS attacks, and phishing.
In addition to abuse-specific contacts, the API also includes registration metadata like the registered country and abuse handle. This empowers cybersecurity teams, hosting providers, and compliance entities to take appropriate legal or administrative action.
Lookup Abuse Contact
Abuse contact details of an IP address (IPv4 or IPv6) can be obtained using the endpoint mentioned below:
The URL for this API is https://api.ipgeolocation.io/v3/abuse?apiKey=API_KEY&ip=1.0.0.0 and it's default JSON response below:
curl -X GET 'https://api.ipgeolocation.io/v3/abuse?apiKey=API_KEY&ip=1.0.0.0'1{
2 "ip": "1.0.0.0",
3 "abuse": {
4 "route": "1.0.0.0/24",
5 "country": "AU",
6 "name": "IRT-APNICRANDNET-AU",
7 "organization": "",
8 "kind": "group",
9 "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
10 "emails": [
11 "helpdesk@apnic.net"
12 ],
13 "phone_numbers": [
14 "+61 7 3858 3100"
15 ]
16 }
17}Get Specific Fields
You can customize the API response by using the fields parameter to include only the specific data you need. For example, to retrieve only the role and emails, specify these keys in the fields parameter as shown below.
curl -X GET 'https://api.ipgeolocation.io/v3/abuse?apiKey=API_KEY&ip=1.0.0.0&fields=abuse.emails'1{
2 "ip": "1.0.0.0",
3 "abuse": {
4 "emails": [
5 "helpdesk@apnic.net"
6 ]
7 }
8}Excluding Fields
You can exclude specific fields from the API response (except the ip field) by listing them in the excludes parameter as a comma-separated list. For example, you want to remove emails api response, you can put the keys in excludes parameter like this.
curl -X GET 'https://api.ipgeolocation.io/v3/abuse?apiKey=API_KEY&ip=1.0.0.0&excludes=abuse.emails'1{
2 "ip": "1.0.0.0",
3 "abuse": {
4 "route": "1.0.0.0/24",
5 "country": "AU",
6 "name": "IRT-APNICRANDNET-AU",
7 "organization": "",
8 "kind": "group",
9 "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
10 "phone_numbers": [
11 "+61 7 3858 3100"
12 ]
13 }
14}Abuse Contact Details in Main IPGeolocation Endpoint
Abuse contact data is available only on the Paid plan of the IP Geolocation API. See the Pricing page for plan details.
You can retrieve Abuse details using the /v3/ipgeo endpoint by explicitly including include=abuse in the query parameters. When requested, the response includes abuse contact information along with location, security, timezone, ASN data, user-agent, network, company and other fields described in the IP Location API documentation.
Abuse contact details are returned in the /v3/ipgeo response once the abuse object is enabled, as shown below.
curl -X GET 'https://api.ipgeolocation.io/v3/ipgeo?apiKey=API_KEY&ip=49.12.0.0&include=abuse'1{
2 "ip": "49.12.0.0",
3 "abuse": {
4 "route": "49.12.0.0/20",
5 "country": "DE",
6 "name": "Hetzner Online GmbH - Contact Role",
7 "organization": "ORG-HOA1-RIPE",
8 "kind": "group",
9 "address": "Hetzner Online GmbH\nIndustriestrasse 25\nD-91710 Gunzenhausen\nGermany",
10 "emails": [
11 "abuse@hetzner.com"
12 ],
13 "phone_numbers": [
14 "+49 9831 505-3",
15 " +49 9831 505-0"
16 ]
17 },
18 "location": {
19 "continent_code": "EU",
20 "continent_name": "Europe",
21 "country_code2": "DE",
22 "country_code3": "DEU",
23 "country_name": "Germany",
24 "country_name_official": "Federal Republic of Germany",
25 "country_capital": "Berlin",
26 "state_prov": "Bavaria",
27 "state_code": "DE-BY",
28 "district": "Cham",
29 "city": "Falkenstein",
30 "zipcode": "93167",
31 "latitude": "49.09745",
32 "longitude": "12.48637",
33 "is_eu": true,
34 "country_flag": "https://ipgeolocation.io/static/flags/de_64.png",
35 "geoname_id": "2927917",
36 "country_emoji": "🇩🇪"
37 },
38 "country_metadata": {
39 "calling_code": "+49",
40 "tld": ".de",
41 "languages": [
42 "de"
43 ]
44 },
45 "network": {
46 "connection_type": "",
47 "route": "49.12.0.0/16",
48 "is_anycast": false
49 },
50 "currency": {
51 "code": "EUR",
52 "name": "Euro",
53 "symbol": "€"
54 },
55 "asn": {
56 "as_number": "AS24940",
57 "organization": "Hetzner Online GmbH",
58 "country": "DE",
59 "type": "HOSTING",
60 "domain": "hetzner.com",
61 "date_allocated": "2002-06-03",
62 "rir": "RIPE"
63 },
64 "company": {
65 "name": "Hetzner Online GmbH",
66 "type": "HOSTING",
67 "domain": "hetzner.com"
68 },
69 "time_zone": {
70 "name": "Europe/Berlin",
71 "offset": 1,
72 "offset_with_dst": 1,
73 "current_time": "2026-03-07 10:37:40.895+0100",
74 "current_time_unix": 1772876260.895,
75 "current_tz_abbreviation": "CET",
76 "current_tz_full_name": "Central European Standard Time",
77 "standard_tz_abbreviation": "CET",
78 "standard_tz_full_name": "Central European Standard Time",
79 "is_dst": false,
80 "dst_savings": 0,
81 "dst_exists": true,
82 "dst_tz_abbreviation": "CEST",
83 "dst_tz_full_name": "Central European Summer Time",
84 "dst_start": {
85 "utc_time": "2026-03-29 TIME 01:00",
86 "duration": "+1.00H",
87 "gap": true,
88 "date_time_after": "2026-03-29 TIME 03:00",
89 "date_time_before": "2026-03-29 TIME 02:00",
90 "overlap": false
91 },
92 "dst_end": {
93 "utc_time": "2026-10-25 TIME 01:00",
94 "duration": "-1.00H",
95 "gap": false,
96 "date_time_after": "2026-10-25 TIME 02:00",
97 "date_time_before": "2026-10-25 TIME 03:00",
98 "overlap": true
99 }
100 }
101}Reference to Abuse Contact API Response
Below, we provide separate tables for each JSON object in the response, listing all possible fields available across the abuse contact endpoint.
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| ip | string | The IP address for which abuse contact details are returned. | Yes |
| abuse.route | string | Abuse-handling IP range in CIDR notation ( | Yes |
| abuse.country | string | The ISO 3166-1 alpha-2 country code (two uppercase letters) representing the country where the abuse contact is registered, for example | Yes |
| abuse.name | string | The name/title of the abuse contact role or team. | Yes |
| abuse.organization | string | The name of the organization managing provided IP Address. | Yes |
| abuse.kind | string | Contact type from registry data, possible values | Yes |
| abuse.address | string | Registered address of the organization owning the queried IP. | Yes |
| abuse.emails | array | List of email addresses for contacting the abuse team. | Yes |
| abuse.phone_numbers | array | List of phone numbers for abuse contact. | Yes |
Error Codes
IP Abuse Contact API returns HTTP status code 200 for a successful API request along with the response.
In case of a bad or invalid request, IP Abuse Contact API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.
Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:
| HTTP Status | Description |
|---|---|
| 400 Bad Request | It is returned for one of the following reasons:
|
| 401 Unauthorized | It is returned for one of the following reasons:
|
| 404 Not Found | It is returned for one of the following reasons:
|
| 405 Method Not Allowed |
|
| 423 Locked |
|
| 429 Too Many Requests | It is returned for one of the following reasons:
|
| 499 Client Closed Request |
|
| 5XX Server Side Error |
|
API SDKs
To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.
Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:
