IMPORTANT: All queries must use your API KEY. This can be retrieved from your Abusix Intelligence Dashboard

Query Basics

When querying for an IPv4 address, it must in reverse order. e.g. to check if IP address 1.2.3.4 is present on a DNS list, the octets must be reversed and you would query for 4.3.2.1.<list>.

For IPv6 addresses, these must be queried in reverse nibble format. e.g. to check if IPv6 address 2001:db8::1 is present on a DNS list, you would query for 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.<list>.

For domains, these are simply appended to the query e.g. to check if domain example.com is present, you would query for example.com.<list>.

If a lookup returns an address in the 127.0.0.0/8, then the entry is present on that list, if nothing is returned (NXDOMAIN), then it is not on the list.

Examples

To send a test query to the test point, run one of the following commands:

# UNIX systems

$ dig +short 2.0.0.127.APIKEY.combined.mail.abusix.zone.
127.0.0.2

# or

$ host -t A 2.0.0.127.APIKEY.combined.mail.abusix.zone.
2.0.0.127.APIKEY.combined.mail.abusix.zone. has address 127.0.0.2

# Windows

> nslookup 2.0.0.127.APIKEY.combined.mail.abusix.zone.
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: 2.0.0.127.APIKEY.combined.mail.abusix.zone
Address: 127.0.0.2


If you do not receive "127.0.0.2", then something is wrong. Check that you entered your API key correctly (it should be exactly 32 characters). 

Contact Abusix Intelligence Support if you need further help.

You can replace "combined" with any of the other zones

Here is an example using the domain test point:

$ dig +short baddomain.org.APIKEY.dblack.mail.abusix.zone
127.0.1.2

$ dig +short okdomain.org.APIKEY.dblack.mail.abusix.zone
Did this answer your question?