Step 1: Identify the IP owner using the MyIPNow WHOIS Lookup.
How to report IP-based abuse
Effective abuse reports must be sent to the correct authority and include verifiable technical evidence.
Download CSVDownloadable templates
Use these copy-paste templates to file abuse reports faster. Replace placeholders like [IP_ADDRESS] and [ABUSE_TYPE].
| Abuse type | Evidence required | Who to contact | Notes |
|---|---|---|---|
| Spam email | Full email headers | Mail provider / DNSBL | Include full headers |
| Port scanning | Firewall logs | Hosting provider | Timestamps required |
| Brute-force login | Auth logs | ISP / hosting provider | Repeated attempts |
| DDoS traffic | Traffic graphs / logs | Hosting provider | Volume evidence |
| Malware C2 | IDS alerts | Security org | High confidence |
| Web scraping abuse | Web server logs | Hosting provider | Show request rate |
| Proxy/VPN abuse | Reputation signals | Blacklist operator | False positives possible |
Examples: how to report abuse
Example 1: Reporting spam email
Received: from unknown (203.0.113.45)
by mail.example.com;
Tue, 02 Jan 2026 10:14:32 +0000
1. Extract full email headers.
2. Identify the IP owner using WHOIS.
3. Send a concise report including headers and timestamps.
Subject: Spam originating from 203.0.113.45 Date/time (UTC): 2026-01-02 10:14:32 Source IP: 203.0.113.45 Evidence: Full email headers attached.
Example 2: Reporting brute-force or scanning attempts
Jan 02 09:33:21 sshd[4123]: Failed password for root from 198.51.100.72 Jan 02 09:33:25 sshd[4123]: Failed password for root from 198.51.100.72
Include logs, frequency, and service targeted (e.g., SSH).
Example 3: Reporting false blacklist listings
1. Check blacklist status using the IP Blacklist tool.
2. Identify the listing source.
3. Follow the blacklist’s official delisting procedure.
What NOT to do
- Do not contact end users directly.
- Do not submit reports without evidence.
- Do not assume IP location equals physical location.