DEV Community

Alex Spinov
Alex Spinov

Posted on

AbuseIPDB Has a Free API — Check If Any IP Address Is Malicious in One Request

#python #api #security #tutorial

The Story

Last month I noticed unusual traffic hitting one of my scraping servers. Thousands of requests from a handful of IPs. Before blocking them, I needed to know: are these actual attackers, or just aggressive bots?

That is when I found AbuseIPDB — a crowdsourced IP reputation database with a free API.

The API 

# Check an IP address
curl -s "https://api.abuseipdb.com/api/v2/check" \
  -H "Key: YOUR_API_KEY" \
  -H "Accept: application/json" \
  -G -d "ipAddress=118.25.6.39" -d "maxAgeInDays=90"
Enter fullscreen mode Exit fullscreen mode

Response:

{
  "data": {
    "ipAddress": "118.25.6.39",
    "isPublic": true,
    "abuseConfidenceScore": 100,
    "countryCode": "CN",
    "isp": "Tencent Cloud Computing",
    "totalReports": 1847,
    "lastReportedAt": "2026-03-24T12:00:00+00:00"
  }
}
Enter fullscreen mode Exit fullscreen mode

abuseConfidenceScore: 100 = definitely malicious. Block it.

What You Get

For any IP address:

  • Abuse confidence score (0-100)
  • Country and ISP
  • Number of reports from the community
  • Categories of abuse (brute force, DDoS, spam, etc.)
  • Last reported date

Practical Use: Auto-Block Malicious IPs 

import requests

API_KEY = "your-free-key"

def check_ip(ip):
    r = requests.get(
        "https://api.abuseipdb.com/api/v2/check",
        headers={"Key": API_KEY, "Accept": "application/json"},
        params={"ipAddress": ip, "maxAgeInDays": 90}
    )
    data = r.json()["data"]
    return {
        "ip": ip,
        "score": data["abuseConfidenceScore"],
        "country": data["countryCode"],
        "reports": data["totalReports"],
        "isp": data["isp"]
    }

# Check suspicious IPs from your logs
suspicious_ips = ["118.25.6.39", "45.33.32.156", "185.220.101.1"]
for ip in suspicious_ips:
    result = check_ip(ip)
    action = "BLOCK" if result["score"] > 80 else "MONITOR" if result["score"] > 25 else "OK"
    print(f"{result["ip"]} ({result["country"]}) — Score: {result["score"]}{action}")
Enter fullscreen mode Exit fullscreen mode

Free Tier

  • 1,000 checks per day (free account)
  • 5 checks per second rate limit
  • Enough for monitoring a small-to-medium server

Combine With Other Security APIs

For comprehensive threat intelligence, stack these free APIs:

API What It Does Free Tier
AbuseIPDB IP reputation 1,000/day
VirusTotal File/URL scanning 4/min
Shodan Device search 100 results
HIBP Email breach check 10/min
EmailRep Email reputation 20/day

I maintain a full list at 200+ Free APIs.

Do you check IPs that hit your servers? What tools do you use for threat intelligence? I would love to compare setups — drop a comment!

Follow me for daily discoveries of free security APIs and developer tools.

Top comments (0)