Step 1: Figure out who owns the IP using the MyIPNow WHOIS Lookup.
How to report IP-based abuse
Here's the thing-you need to send your abuse report to the right place and back it up with real technical evidence that actually proves something happened.
Download CSVDownloadable templates
Got some ready-made templates here so you can bang out abuse reports faster. Just swap in the details like [IP_ADDRESS] and [ABUSE_TYPE] where you see them.
| Abuse type | Evidence required | Who to contact | Notes |
|---|---|---|---|
| Spam email | Full email headers | Mail provider / DNSBL | Make sure you include the full headers |
| Port scanning | Firewall logs | Hosting provider | Gotta have timestamps |
| Brute-force login | Auth logs | ISP / hosting provider | Show multiple failed attempts |
| DDoS traffic | Traffic graphs / logs | Hosting provider | Prove the traffic volume |
| Malware C2 | IDS alerts | Security org | Need solid confidence on this one |
| Web scraping abuse | Web server logs | Hosting provider | Show how fast the requests are coming in |
| Proxy/VPN abuse | Reputation signals | Blacklist operator | Watch out for false positives here |
Examples: how to report abuse
Example 1: Reporting spam email
Received: from unknown (203.0.113.45)
by mail.example.com;
Tue, 02 Jan 2026 10:14:32 +0000
1. Grab the full email headers.
2. Look up who owns that IP using WHOIS.
3. Send them a short, clear report with the headers and when it happened.
Subject: Spam originating from 203.0.113.45 Date/time (UTC): 2026-01-02 10:14:32 Source IP: 203.0.113.45 Evidence: Full email headers attached.
Example 2: Reporting brute-force or scanning attempts
Jan 02 09:33:21 sshd[4123]: Failed password for root from 198.51.100.72 Jan 02 09:33:25 sshd[4123]: Failed password for root from 198.51.100.72
Throw in your logs, how often it's happening, and what service they were going after (like SSH).
Example 3: Reporting false blacklist listings
1. Check if your IP's on any blacklists using the IP Blacklist tool.
2. Figure out which blacklist has you listed.
3. Contact them and follow their delisting steps.
What NOT to do
- Don't try to call the actual users involved.
- Don't submit a report if you've got no proof.
- Don't assume an IP's location is where the person physically is.