Guardian Intel Lookup is a powerful resource for investigating IP addresses to assess their reputation, credibility, and potential abuse status. By querying an IP, users can access detailed intelligence to identify potential threats, report abuse, or initiate delisting processes. This guide walks you through accessing, interpreting, and acting on the results provided by Guardian Intel Lookup.
Navigate to the URL: Open your web browser and go to https://app.abusix.com/lookup/.
Login or Sign-Up: Click on the “Login” or “Sign Up” option as appropriate in the upper right corner navigation area and complete the login or sign up process.
Status: Whether the IP is listed as malicious, suspicious, or unknown.
Organization: The entity associated with the IP (e.g., an ISP or hosting provider).
Country: The geographic origin of the IP.
First Seen: The date and time the IP was first flagged or observed (e.g., “2/14/2025, 7:28:36 AM”).
Last Seen: The date and time the IP was last flagged or observed (e.g., “2/14/2025, 7:28:36 AM”).
Abuse Contact: An email address for reporting issues (e.g., [email protected]).
Autonomous System Number (ASN): The ASN shown manages the routing for the queried IP.
Reverse DNS (rDNS): ****The rDNS result can be resolved to this shown IP.
Guardian Mail blocklist: This shows the current listing status of an IP in Guardian Mail. The status itself may or may not be actionable, depending on context.
Listed: Displays a message prompting delisting (e.g., “Sign up for free to delist…”). Typically relevant if you manage the mail server.
Passive Listing: Shows a message like “This is only a concern if it is an SMTP server.”—informational, not always actionable.
Not Listed: Indicates no action is needed (e.g., “IP is not listed. No action required.”).
While delisting in Guardian Mail can influence how an IP is viewed in Guardian Intel, it doesn’t guarantee a direct change—there’s no strict 1:1 relationship.The IP itself will display as: