What blacklists/blocklists are you using to investigate IP addresses, domains, URLs and emails?

logronoide · March 5, 2018, 2:29pm

At Apility.io we gather different blacklists/blocklists from multiple sources to let our users lookup for malicious IP addresses, domains, and URLs from a single access point.

We are always looking for new sources of data to aggregate into our database. We started with free and open license data sources, but last month we added our first paid data sources.

So my question is: what data sources of IP addresses, domains, URLs, and emails are you using in your IR tasks? It does not matter if it’s free or paid resources, backed by a company or a community. Or if they are offered as downloadable content, raw data, as a service…

Thank you!

cody.cornell · March 6, 2018, 1:27am

Ones that we see a lot of are VirusTotal, Cymon, Spamhaus, TCPutlis, AV OTX, and MXtoolbox. Lot of paid stuff as well on the threat intel and passive DNS front like Crowdstrike, Recorded Future, Farsight, and PassiveTotal.

MARKRONSON · November 30, 2019, 3:20pm

Thanks for sharing this information. It’s useful

Topic		Replies	Views
Free/open source investigation tools for IR? Threat intel	7	3472	February 12, 2018
Looking for plugin or task to search emails of a domain Tools help	0	1276	April 16, 2021
Community Access to AnyRun - Malware Analysis Threat hunting	3	2538	March 27, 2018
Tool Bracketology Contest Tools	23	6072	March 28, 2020
Automated Domain Enumeration with DNSDumpster Threat hunting	0	3209	December 20, 2017

What blacklists/blocklists are you using to investigate IP addresses, domains, URLs and emails?

Related topics