# AbuseIPDB AI integration on Definable

> AbuseIPDB is a project dedicated to helping make the internet safer by providing a central repository for reporting and checking IP addresses associated with malicious activities.

## What this connects

AbuseIPDB is a project dedicated to helping make the internet safer by providing a central repository for reporting and checking IP addresses associated with malicious activities.

Vendor: https://www.abuseipdb.com/

## Tools available

**6** tools available. First 6:

- `ABUSELPDB_BLACKLIST` — Retrieve IP Blacklist — Retrieves a list of the most reported malicious IP addresses from AbuseIPDB's database. Use this tool to build dynamic blocklists, threat intelligence feeds, or firewall rules. The blacklist is updated hourly and contains IPs with high abuse confidence scores. Free accounts receive up to 10,000 IPs. Paid subscriptions unlock filtering options (confidenceMinimum, country filters) and higher limits (up to 500,000 IPs).
- `ABUSELPDB_BULK_REPORT` — Bulk Report — Submit multiple IP abuse reports to AbuseIPDB in bulk via CSV upload. Use this when you need to report many malicious IPs at once instead of one-by-one. Returns the count of successfully saved reports and details about any invalid entries.
- `ABUSELPDB_CHECK_BLOCK` — Check Block — Tool to check the reputation of all IP addresses in a CIDR range. Use when you need aggregated abuse data for a network block.
- `ABUSELPDB_CHECK_IP` — Check IP Reputation — Tool to check the reputation of an IP address. Use when you need to determine if an IP address has been reported for abusive activity within a specified look-back period. Example: CheckIp(ipAddress='8.8.8.8', maxAgeInDays=90).
- `ABUSELPDB_CLEAR_ADDRESS` — Clear Address Reports — Tool to remove all reports associated with a specific IP address. Use when you need to purge your own abuse records after verifying control of the IP.
- `ABUSELPDB_GET_REPORTS` — Get Abuse Reports — Retrieve abuse reports for a specific IP address from AbuseIPDB. Use this tool to view the history of abuse complaints filed against an IP address, including the reported abuse categories, reporter details, and timestamps. Supports pagination for IPs with many reports.

## Auth

Auth schemes: `API_KEY`.

## How agents use AbuseIPDB

Inside a Definable workflow, AbuseIPDB is one of the tools the **Distributor specialist** can call. Example coordination patterns:

- **Researcher → AbuseIPDB** — the Researcher (GPT-5.5) pulls context from AbuseIPDB (records, threads, documents), synthesises findings, and briefs the rest of the team.
- **Writer → Distributor → AbuseIPDB** — the Writer (Claude Opus 4.7) drafts copy in brand voice, the Verifier passes it, then the Distributor writes the result into AbuseIPDB (create record, post message, draft email).
- **Designer / Engineer → Distributor → AbuseIPDB** — the Designer ships an asset or the Engineer ships a code change, the Distributor delivers it via AbuseIPDB (attach file, open PR comment, post status).

The Verifier checks every AbuseIPDB call. On rate limit, schema drift, or auth refresh it self-heals and retries — the workflow completes without manual intervention.

## Categories

- security & identity tools — https://definable.ai/apps/category/security-&-identity-tools/

## Related

- HTML page: https://definable.ai/apps/abuselpdb/
- Same category (security & identity tools): https://definable.ai/apps/category/security-&-identity-tools/
- All integrations: https://definable.ai/apps/
- Workflow (multi-agent loop): https://definable.ai/workflow/
- Apps llms.txt index: https://definable.ai/llms-apps.txt