Please, do not use or report to AbuseIPDB

AbuseIPDB is “an IP address blacklist for webmasters and sysadmins to report IP addresses engaging in abusive behavior on their networks, or check the report history of any IP”.

However, unlike, AbuseIPDB is useless for a couple of reasons:

  1. To (automatically) access the blocklist, account registration is required. You can argue that this is not an issue at all, furthermore it is for preventing service abuse. Nevertheless, neither nor Spamhaus require sign-up to be able to use their DNSBL service (, Spamhaus).
  2. Hosting-provider (system administrator responsible for handling abuse complaints) cannot see complaints submitted to AbuseIPDB unless their restricted API is used. Unlike, AbuseIPDB, since their start back in early 2010’s, haven’t ever notified responsible abuse contacts for any of the received reports.

We ( report more than 70,000 attacks every 12 hours in real time using Whois (abuse-mailbox, abuse@, security@, email, remarks), the Ripe-Abuse-Finder, and the contact-database from so we may find the abuse-address assigned to the offending host. Our reports are based on X-Arf (Network Abuse Reporting 2.0), so the abuse-department of the provider for the attacking host may parse our reports automatically.

  1. Their restricted API?
StandardWebmasterSupporterBasic SubscriptionPremium Subscription

Check-Block Limits

fieldStandardBasic SubscriptionPremium Subscription
networkUp to /24Up to /20Up to /16
maxAgeInDaysUp to 30Up to 60Up to 365

(IPv6 lookup restrictions are not mentioned for some reason.)

Given the above, without paid subscription, at the most you can lookup 500x /24 IPv4 prefixes once a day and 5000x single IPv4/IPv6 addresses. If you need to increase the precision of your alert system to, lets say, 1 hour, you can only lookup 20x /24 IPv4 prefixes and 208x single IPv4/IPv6 addresses.

Those restrictions may sound pretty reasonable, however I found this limitations too intrusive and purely financially-driven. In this case, both reporters and abused devices owners are charged for using this service. I understand that they really require funds to be operating, however these practices make me wonder why AbuseIPDB is still so goddamn popular despite their policy, given the variety of alternatives? Gosh, there is even multiple ways (1, 2) to make Fail2ban send abuse complaints directly to the hosting-providers without intermediaries like AbuseIPDB!