What blacklists/blocklists are you using to investigate IP addresses, domains, URLs and emails?

At Apility.io we gather different blacklists/blocklists from multiple sources to let our users lookup for malicious IP addresses, domains, and URLs from a single access point.

We are always looking for new sources of data to aggregate into our database. We started with free and open license data sources, but last month we added our first paid data sources.

So my question is: what data sources of IP addresses, domains, URLs, and emails are you using in your IR tasks? It does not matter if it’s free or paid resources, backed by a company or a community. Or if they are offered as downloadable content, raw data, as a service…

Thank you!

1 Like

Ones that we see a lot of are VirusTotal, Cymon, Spamhaus, TCPutlis, AV OTX, and MXtoolbox. Lot of paid stuff as well on the threat intel and passive DNS front like Crowdstrike, Recorded Future, Farsight, and PassiveTotal.

1 Like

Thanks for sharing this information. It’s useful