17 Jun 2021

The Power of AbuseIPDB Is Now In Maltego

Maltego Team

At Maltego, we work hard to bring you the best data sources for your investigations. Today, we are announcing our new integration with AbuseIPDB that makes their invaluable dataset readily available to Maltego investigators around the world.

In this article, we will walk you through the AbuseIPDB data and how to use its Maltego Transforms to speed up investigations involving suspicious IP addresses.

AbuseIPDB Transform Hub item in Maltego

What is AbuseIPDB? πŸ”—︎

AbuseIPDB is a project designed to help combat the spread of hackers, spammers, and other abusive activity on the internet by providing a central blacklist for IP addresses that have been associated with malicious activity online.

AbuseIPDB is a collaborative effort to track these bad IP addresses. It relies on the contributions of users and organizations across the web reporting malicious traffic on their sites and servers.

There are thousands of reports generated daily from users who detect suspicious traffic and report it to AbuseIPDB.

AbuseIPDB Reporting Statistics

(AbuseIPDB Reporting Statistics Taken from AbuseIPDB)

Consulting an OSINT resource like AbuseIPDB can help to confirm suspicions and provide corroboration during your investigations.

What Do I Need to Start Using the AbuseIPDB Transforms in Maltego? πŸ”—︎

To start making using of our new integration, simply install the Transforms from the Transform Hub in your Maltego Desktop Client and sign up for an AbuseIPDB API key.

Register for an account here to receive a free API key which will allow you to perform up to 1000 queries per day. Once you exhaust your API queries, a warning message will be displayed in the Transform Output window as shown below.

AbusePIDB Transform query limit warning messages

What Type of Information Can I Get from AbuseIPDB? πŸ”—︎

You can use our AbuseIPDB Transforms to gather the following information about IPv4 and IPv6 Addresses:

  • Abuse score
  • IP usage type
  • Hostname associated with the IP
  • Country
  • ISP Details, and more.

AbuseIPDB Transforms for IP address input

Abuse Score πŸ”—︎

You can use the Check Abuse Score [AbuseIPDB] Transform to retrieve the Abuse Score (Abuse Confidence) for the IP. This is a rating (scaled 0-100) of how confident AbuseIPDB is that a particular IP is malicious.

Abuse Score for an IP address

Hostname πŸ”—︎

The hostname associated with the IP.

Hostname of an IP retrieved using AbuseIPDB Transform

Report πŸ”—︎

This is the actual AbuseIPDB report for the IP Address. The country flag overlay reflects the country associated with the reporter’s IP Address.

AbuseIPDB report

Usage Type πŸ”—︎

The usage type of the IP address, such as Data Center, Web Hosting, Transit, Government, Commercial, and more. You can find the list of all Usage Types documented by AbuseIPDB here.

IP address usage type retrieved using AbuseIPDB Transform

By bringing AbuseIPDB data into Maltego, you can reduce the time it takes to confirm that a particular IP Address is malicious and that you are not the only one seeing traffic generated from that IP.

Investigating IP addresses using AbuseIPDB Transforms in Maltego

Report Suspicious IPs to AbuseIPDB Directly from within Maltego πŸ”—︎

Besides utilizing data from AbuseIPDB for your investigations, you can also contribute to AbuseIPDB’s effort by submitting suspicious IPs directly from Maltego.

All you need to do is select the IP Entity in Maltego and run the Report IP Address [AbuseIPDB] Transform.

Report Suspicious IPs to AbuseIPDB Directly from within Maltego

Maltego will open a pop-up window where you will need to enter some information, such as the categories and a comment explaining why you are submitting the report. The settings popup allows you to specify what type of abuse you would like to report for the API, as well as to enter a short textual explanation for the report.

Report pop-up screenshot

Start Using the AbuseIPDB Transforms to Accelerate Your IP Address Investigations in Maltego! πŸ”—︎

We hope you enjoyed the release of the AbuseIPDB data integration for Maltego.

Don’t forget to follow us on Twitter and LinkedIn and sign up for our email newsletter to stay updated on the latest news, tutorials, and events.

Happy Threat Hunting!

By clicking on "Subscribe", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.