Overview

Guardian Intel Lookup is a powerful resource for investigating IP addresses to assess their reputation, credibility, and potential abuse status. By querying an IP, users can access detailed intelligence to identify potential threats, report abuse, or initiate delisting processes. This guide walks you through accessing, interpreting, and acting on the results provided by Guardian Intel Lookup.

Getting Started

Accessing the Lookup Tool

To begin using the Abusix Lookup Tool:
  1. Navigate to the URL: Open your web browser and go to https://app.abusix.com/lookup/.
  2. Login or Sign-Up: Click on the “Login” or “Sign Up” option as appropriate in the upper right corner navigation area and complete the login or sign up process.

Searching for an IP

  1. Using the search bar in the middle of the Lookup tool, enter an IP to lookup.

Understanding the Results

Once you query an IP address, Guardian Intel Lookup returns a detailed page. The details can be broken down into the following key data fields:

Key Data Fields

  • IP Address: The queried IP.
  • Status: Whether the IP is listed as malicious, suspicious, or unknown.
  • Organization: The entity associated with the IP (e.g., an ISP or hosting provider).
  • Country: The geographic origin of the IP.
  • First Seen: The date and time the IP was first flagged or observed (e.g., “2/14/2025, 7:28:36 AM”).
  • Last Seen: The date and time the IP was last flagged or observed (e.g., “2/14/2025, 7:28:36 AM”).
  • Abuse Contact: An email address for reporting issues (e.g., [email protected]).
  • Autonomous System Number (ASN): The ASN shown manages the routing for the queried IP.
  • Reverse DNS (rDNS): ****The rDNS result can be resolved to this shown IP.
  • Guardian Mail blocklist: This shows the current listing status of an IP in Guardian Mail. The status itself may or may not be actionable, depending on context.
    • Listed: Displays a message prompting delisting (e.g., “Sign up for free to delist…”). Typically relevant if you manage the mail server.
    • Passive Listing: Shows a message like “This is only a concern if it is an SMTP server.”—informational, not always actionable.
    • Not Listed: Indicates no action is needed (e.g., “IP  is not listed. No action required.”).
While delisting in Guardian Mail can influence how an IP is viewed in Guardian Intel, it doesn’t guarantee a direct change—there’s no strict 1:1 relationship. The IP itself will display as:
  • RED if classified as Malicious
  • YELLOW if classified as Suspicious
  • GRAY if classified as Unknown

Using the Results

Analyzing the Data

  • Reputation Check: If the IP is marked as “malicious” or has a tag tied to abuse, it may be involved in spam, phishing, or other threats.
  • Contacting the Abuse Team: Use the provided “Abuse Contact” email to report issues directly to the network owner.
  • Delisting Process: If you manage the IP and believe it’s wrongly listed, follow the delisting instructions.