Included in
Advance PlanAbuse Lookup API
Overview
The Abuse Contact API provides essential contact information to report abusive activity associated with IP addresses. By querying an IP address (IPv4 or IPv6), users receive detailed abuse contact data, including the responsible organization, abuse handling role, contact emails, phone numbers, and registered address. This enables users to swiftly take action to report and mitigate threats such as spam, DDoS attacks, and phishing.
In addition to abuse-specific contacts, the API also includes registration metadata like the registered country and abuse handle. This empowers cybersecurity teams, hosting providers, and compliance entities to take appropriate legal or administrative action.
For client-side calls to the endpoints mentioned below using the Request Origin (available on paid plans only), the apiKey parameter can be omitted.
X-Credits-Charged response header shows the total credits charged for the request. For details, please refer to our Credits Usage Guide.Lookup Abuse Contact
Abuse contact details of an IP address (IPv4 or IPv6) can be obtained using the endpoint mentioned below:
The URL for this API is https://api.ipgeolocation.io/v3/abuse?apiKey=API_KEY&ip=1.0.0.0 and it's default JSON response below:
1{
2 "ip": "1.0.0.0",
3 "abuse": {
4 "route": "1.0.0.0/24",
5 "country": "AU",
6 "handle": "IRT-APNICRANDNET-AU",
7 "name": "IRT-APNICRANDNET-AU",
8 "organization": "",
9 "role": "abuse",
10 "kind": "group",
11 "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
12 "emails": [
13 "helpdesk@apnic.net"
14 ],
15 "phone_numbers": [
16 "+61 7 3858 3100"
17 ]
18 }
19}Get Specific fields
You can customize the API response by using the fields parameter to include only the specific data you need. For example, to retrieve only the role and emails, specify these keys in the fields parameter as shown below.
curl -X GET 'https://api.ipgeolocation.io/v3/abuse?apiKey=API_KEY&ip=1.0.0.0&fields=abuse.role,abuse.emails'1{
2 "ip": "1.0.0.0",
3 "abuse": {
4 "emails": [
5 "helpdesk@apnic.net"
6 ],
7 "role": "abuse"
8 }
9}Excluding Fields
You can exclude specific fields from the API response (except the ip field) by listing them in the excludes parameter as a comma-separated list. For example, you want to remove emails and handle from api response, you can put the keys in excludes parameter like this.
curl -X GET 'https://api.ipgeolocation.io/v3/abuse?apiKey=API_KEY&ip=1.0.0.0&excludes=abuse.handle,abuse.emails'1{
2 "ip": "1.0.0.0",
3 "abuse": {
4 "route": "1.0.0.0/24",
5 "country": "AU",
6 "name": "IRT-APNICRANDNET-AU",
7 "organization": "",
8 "role": "abuse",
9 "kind": "group",
10 "address": "PO Box 3646\nSouth Brisbane, QLD 4101\nAustralia",
11 "phone_numbers": [
12 "+61 7 3858 3100"
13 ]
14 }
15}Abuse Contact Details in /ipgeo
The Abuse Contact API is part of the Paid Plan . By subscribing to the Paid plan, you can include abuse contact details in the ipgeo endpoint along with other features such as ASN details, security information, and more.
You can get basic Abuse Contact details in /ipgeo endpoint by including abuse object as mentioned below.
curl -X GET 'https://api.ipgeolocation.io/v3/ipgeo?apiKey=API_KEY&ip=1.0.0.0&include=abuse'1{
2 "ip": "1.0.0.0",
3 "location": {
4 "continent_code": "OC",
5 "continent_name": "Oceania",
6 "country_code2": "AU",
7 "country_code3": "AUS",
8 "country_name": "Australia",
9 "country_name_official": "Commonwealth of Australia",
10 "country_capital": "Canberra",
11 "state_prov": "Queensland",
12 "state_code": "AU-QLD",
13 "district": "Brisbane",
14 "city": "South Brisbane",
15 "zipcode": "4101",
16 "latitude": "-27.47306",
17 "longitude": "153.01421",
18 "is_eu": false,
19 "country_flag": "https://ipgeolocation.io/static/flags/au_64.png",
20 "geoname_id": "10113228",
21 "country_emoji": "🇦🇺"
22 },
23 "country_metadata": {
24 "calling_code": "+61",
25 "tld": ".au",
26 "languages": [
27 "en-AU"
28 ]
29 },
30 "network": {
31 "connection_type": "",
32 "route": "1.0.0.0/24",
33 "is_anycast": true
34 },
35 "currency": {
36 "code": "AUD",
37 "name": "Australian Dollar",
38 "symbol": "A$"
39 },
40 "asn": {
41 "as_number": "AS13335",
42 "organization": "Cloudflare, Inc.",
43 "country": "US",
44 "type": "BUSINESS",
45 "domain": "cloudflare.com",
46 "date_allocated": "2017-02-17T00:00",
47 "rir": "ARIN"
48 },
49 "company": {
50 "name": "APNIC Research and Development",
51 "type": "",
52 "domain": ""
53 },
54 "abuse": {
55 "route": "1.0.0.0/24",
56 "country": "AU",
57 "name": "IRT-APNICRANDNET-AU",
58 "organization": "",
59 "kind": "group",
60 "address": "PO Box 3646
61South Brisbane, QLD 4101
62Australia",
63 "emails": [
64 "helpdesk@apnic.net"
65 ],
66 "phone_numbers": [
67 "+61 7 3858 3100"
68 ]
69 },
70 "time_zone": {
71 "name": "Australia/Brisbane",
72 "offset": 10,
73 "offset_with_dst": 10,
74 "current_time": "2026-02-11 15:31:28.074+1000",
75 "current_time_unix": 1770787888.074,
76 "current_tz_abbreviation": "AEST",
77 "current_tz_full_name": "Australian Eastern Standard Time",
78 "standard_tz_abbreviation": "AEST",
79 "standard_tz_full_name": "Australian Eastern Standard Time",
80 "is_dst": false,
81 "dst_savings": 0,
82 "dst_exists": false,
83 "dst_tz_abbreviation": "",
84 "dst_tz_full_name": "",
85 "dst_start": {},
86 "dst_end": {}
87 }
88}
89Reference to Abuse Contact API Response
Below, we provide separate tables for each JSON object in the response, listing all possible fields available across the abuse contact endpoint.
| Field | Type | Description | Can be empty? |
|---|---|---|---|
| ip | string | The IP address for which abuse contact details are returned. | Yes |
| abuse.route | string | The IP range or route associated with the IP address. | Yes |
| abuse.country | string | Two-letter country code where the abuse contact is registered. | Yes |
| abuse.handle | string | The abuse handle or reference ID for the responsible organization. | Yes |
| abuse.name | string | The name/title of the abuse contact role or team. | Yes |
| abuse.organization | string | The name of the organization managing provided IP Address. | Yes |
| abuse.role | string | Role of the contact (typically "abuse"). | Yes |
| abuse.kind | string | Type of contact (e.g., "group", "person"). | Yes |
| abuse.address | string | Registered address of the organization owning the queried IP. | Yes |
| abuse.emails | array | List of email addresses for contacting the abuse team. | Yes |
| abuse.phone_numbers | array | List of phone numbers for abuse contact. | Yes |
Error Codes
IP Abuse Contact API returns HTTP status code 200 for a successful API request along with the response.
While, in case of a bad or invalid request, IP Abuse Contact API returns 4xx HTTP status code along with a descriptive message explaining the reason for the error.
Below is a detailed explanation of the specific HTTP status codes and their corresponding error conditions:
| HTTP Status | Description |
|---|---|
| 400 Bad Request | It is returned for one of the following reasons:
|
| 401 Unauthorized | It is returned for one of the following reasons:
|
| 404 Not Found | It is returned for one of the following reasons:
|
| 405 Method Not Allowed |
|
| 429 Too Many Requests | It is returned for one of the following reasons:
|
| 499 Client Closed Request |
|
| 5XX Server Side Error |
|
API SDKs
To facilitate the developers, we have added some SDKs for various programming languages. The detailed documentation on how to use these SDKs is available in the respective SDK's documentation page linked below.
Our SDKs are also available on Github. Feel free to help us improve them. Following are the available SDKs:
