AbuseIPDB

6 tools available

AbuseIPDB is a project dedicated to helping make the internet safer by providing a central repository for reporting and checking IP addresses associated with malicious activities.

security & identity tools
Connect AbuseIPDB Visit AbuseIPDB ↗

Connect AbuseIPDB to Definable to automate repetitive tasks, sync data with the rest of your stack, trigger on real-world events. Personas call AbuseIPDB's 6 tools directly from chat or scheduled flows. You can wire it into any persona to read, write, and react when an event fires.

Common workflows with AbuseIPDB

01

Trigger on event

  1. Listen for a new event
  2. Parse and validate the payload
  3. Take an action with the linked tool
02

Daily summary

  1. Pull yesterday's activity
  2. Summarise with the model of your choice
  3. Send the digest via email or Slack
03

Cross-tool sync

  1. Read records from one app
  2. Transform with a persona
  3. Write the result back via this integration

AbuseIPDB actions 6

Every AbuseIPDB action below is a callable tool any Definable persona can invoke.

Retrieve IP Blacklist

Retrieves a list of the most reported malicious IP addresses from AbuseIPDB's database. Use this tool to build dynamic blocklists, threat intelligence feeds, or firewall rules. The blacklist is updated hourly and contains IPs with high abuse confidence scores. Free accounts receive up to 10,000 IPs. Paid subscriptions unlock filtering options (confidenceMinimum, country filters) and higher limits (up to 500,000 IPs).

Bulk Report

Submit multiple IP abuse reports to AbuseIPDB in bulk via CSV upload. Use this when you need to report many malicious IPs at once instead of one-by-one. Returns the count of successfully saved reports and details about any invalid entries.

Check Block

Tool to check the reputation of all IP addresses in a CIDR range. Use when you need aggregated abuse data for a network block.

Check IP Reputation

Tool to check the reputation of an IP address. Use when you need to determine if an IP address has been reported for abusive activity within a specified look-back period. Example: CheckIp(ipAddress='8.8.8.8', maxAgeInDays=90).

Clear Address Reports

Tool to remove all reports associated with a specific IP address. Use when you need to purge your own abuse records after verifying control of the IP.

Get Abuse Reports

Retrieve abuse reports for a specific IP address from AbuseIPDB. Use this tool to view the history of abuse complaints filed against an IP address, including the reported abuse categories, reporter details, and timestamps. Supports pagination for IPs with many reports.

More security & identity tools integrations

All security & identity tools →
1password
Password manager and digital vault for secure credential storage and team collaboration
Anonyflow
AnonyFlow offers a simple and powerful service for encryption-based data anonymization and community sharing, enabling GDPR, CCPA, and HIPAA data privacy protection compliance.
Bitwarden
Bitwarden is a secure password management solution providing encrypted vaults, cross-platform sync, and enterprise-grade security tools for storing and sharing credentials
Borneo
Borneo is a data security and privacy platform designed for sensitive data discovery and remediation.
Callerapi
CallerAPI provides a white-label caller identification API that enhances customer trust, stops spam, fraud, and robocalls by offering branded caller ID solutions.
Cloudflare
Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

Frequently asked questions

What can I automate with AbuseIPDB on Definable?

Anything AbuseIPDB exposes through its API. Common security & identity tools workflows on Definable include automate repetitive tasks, sync data with the rest of your stack, trigger on real-world events. Personas can call any of the 6 AbuseIPDB tools directly, then chain the result into another integration without you writing code.

How does AbuseIPDB authentication work?

AbuseIPDB uses API_KEY on Definable. You connect once from the integrations page, scoped to the permissions you choose, and from then on any persona that has the integration enabled can act on your behalf. Tokens are encrypted at rest and rotated automatically.

Is the AbuseIPDB integration included in my Definable plan?

Yes — every Definable plan, including Starter, includes access to all 6 AbuseIPDB tools. You only need a separate AbuseIPDB subscription if AbuseIPDB itself charges per seat or per API call.

Is using AbuseIPDB through Definable secure?

Every call from a persona to AbuseIPDB is logged with the user, persona, prompt, and response. Tokens never leave Definable's secrets vault, scopes are configurable per persona, and you can revoke access at any time from the integration page.

How do I get started with AbuseIPDB on Definable?

Sign up for Definable, open the integrations page, find AbuseIPDB, and connect via OAuth or API key. You can immediately attach AbuseIPDB to any persona and start running workflows. The free Starter plan includes 5,000 credits/month.

What AbuseIPDB actions does Definable expose?

Definable exposes all 6 AbuseIPDB actions as callable tools — including `Retrieve IP Blacklist`, `Bulk Report`, `Check Block`, plus 3 more. Each tool gets a typed parameter schema so personas know exactly how to call it.

Ready to automate with AbuseIPDB?

Wire it up in minutes. No coding required.

Start for free Schedule a demo
← All integrations