Lookup with our blacklist API for FREE!

Minimal and Simple Anti-Abuse API for Everyone.

Our Blacklist API helps you know what users are legit or not.

Our Blacklist API helps you know what users are legit or not.

Log in

Find out in advance if your users will be good customers

Our anti-abuse API helps you know immediately if a user’s IP address, domain or email address is blacklisted so you can decide whether to block it or not.

Find out in advance if your users will be good customers

API for searching IPs, domains and emails blacklisted for abuse or fraud

We search the web for the best and most reliable blacklists and blocking lists. We extract, cleanse, aggregate and settle dozens of IP, domain and email blacklists around the world to help you know if the source is reliable or not.

OSINT Threat Intelligence

We analyze IP addresses, emails and domains for scoring based on our blacklists and algorithms. We test multiple parameters in real time to help developers and cybersecurity analysts make the best decisions.

Find out in advance if your users will be good customers

Find out in advance if your users will be good customers

Real-time alerts

Get ahead of your customers and find out which IP addresses are blacklisted as soon as it happens thanks to our real-time alert services. From a handful of IP addresses to a full range of Autonomous Systems networks

Customizable blacklist search API

Some blacklists are stricter than other ones, and not all companies need to be as restrictive as others. Choose the level of trustworthiness that best suits your needs. And, of course, adjust it as your needs evolve.

Find out in advance if your users will be good customers

Find out in advance if your users will be good customers

Always the best latency to your closest servers

Get the response your application needs in milliseconds with our entire constellation of servers deployed around the world.

Apility.io at a glance

Defend yourself! Use our anti abuse API in your apps and services!


IP addresses





IP addresses

Swiss Knife OSINT Threat Intelligence API

Get all the features you need to keep your users’ activity under control from a single service.

Identify a user as malicious

Find those users who try to abuse your service before it costs you money without impacting your on-boarding requirements.

OSINT Threat Intelligence as a Service

Check multiple blacklists of IP addresses, domains, and email messages from a single, unified management interface, either from the control panel, API or clients available.

Updated abuse blacklists in Realtime

Our lists are updated hourly from multiple sources. Don’t waste your time searching for unknown sources and implementing ad-hoc parsing and search processes.

GDPR data processing compliant

We understand that you are giving us data that can contain personal information. We have applied all the necessary measures to guarantee your data is processed safely.

Real-time alerts

It is no longer necessary to check every day whether your IP or the customers’ IP addresses have been blacklisted. Add your IP address list or CIDR and we will notify you when they are blacklisted straightaway.

Email Verification and Validation Service

We assess the legitimacy of an email address through a combination of scoring techniques with our own algorithms.

Consume our API with different clients

It does not matter if you are a developer, a system administrator, a DevOps or a cyber analyst. You will find the best way to use our API.


The best way to get the most out of all the features of our API. Read our detailed documentation to get started.

Python Client API

We’re a Python house. If you want to integrate our API into your applications, you can use the API bindings we use for our internal developments. Read our docs!

Command Line interface

If you are a console warrior, this tool is perfect for you. Take full advantage of our API right from your favorite shell on Windows, Mac or Linux. Go and install it!.

Google Spreadsheet add-on

It doesn’t matter if you have no technical background, you can install our Google Spreadsheet add-on and use our API right on your own spreadsheets. Go and get it!

NGINX integration

If you want to have your infrastructure under your control, you can integrate our API with the NGINX web server to use it as a WAF service. . Read our examples!

AWS CloudFront/Lambda@Edge or Cloudflare Workers integration

If you like cutting-edge technologies like Serverless, you’ll enjoy the ease of integration of Cloudflare Workers or AWS CloudFront/Lambda@Edge.

Ready to go?

Here you have some documents to help you get started

Product Documentation

Get to know our product and all its features.

Read more

Learn our API

Learn how to use our API in different languages and environments.

Read more

Need help?

Not sure how to perform a task? Don’t be shy, contact the community of users and share your experience.

Read more

Frecuently Asked Questions

Send us an email if you could not find a suitable answer to your question here.

What is Apility.io?

It is a collection of OSINT Threat Intelligence tools offered “as a Service” to help Product Managers, IT Departments, Enterprises and Start-ups know more about their potential visitors, users and customers.

What is a Hit?

A Hit is how Apility.io measures system usage. When you or your service request information from an API endpoint, one or more Hits will be consumed. Depending on the API endpoint type, it will consume a single Hit or several Hits. You can read more about the FAQ section of our Knowledge Base.

Can I use the API anonymously?

Yes, if you do not wish to register, you can try the API in anonymous mode. But we strongly recommend that you register and enjoy full access to all the features of the service.

You can learn the differences between an Anonymous and a Registered account here.

What is a Plan?

Until December 1st 2019 Apility.io had several paid plans. Since then now there is a single free plan for all the users equivalent to the old STARTUP plan with 40000 hits per day available.

Do you store all the requests and responses?

Yes, we believe that an Analytics and Big Data tool helps to better understand user behavior. You can use our tools in the control panel, but we strongly recommend that you import your data into your favorite Big Data and/or Analytics solution. 

How much data can you store?

The new free plan for all users stores 30 days of historical data.

Do you provide a Data Processing Agreement for your clients?

Yes, we sure do. Please send your request for a DPA to privacy@apility.io.

Are you GDPR ready?

Apìlity.io’s platform is GDPR ready.  If your company determines that you are subject to the GDPR and you do not yet have in place a Data Processing Agreement (DPA) with us, please send your request for a DPA to privacy@apility.io.

Latest Blog Posts

VPN shield description

VPN blacklisting – Custom-built databases

Apility.io’s philosophy has always been to be an aggregator of the best open-source intelligence data (OSINT). Over time we have discovered that open data sets cover a large percentage of users’ needs, but not all of them. For VPN blacklisting the available datasets are not enough, are not up to date, or simply do not exist.

Read more

Fighting against False Positives: List Sensitivity and Taxonomies

Since the inception of Apility.io the most recurrent question is ‘How can I fight against False Positives?’ and I must admit there is not an easy way. But let’s start for the beginning. What the hell is a False Positive and why is it so important? 

Read more
Apility.io logo

New Domain Blacklist November 2018: CoinBlockerLists cryptomining domains

We incorporate a new domain blacklist: COINBLOCKER-DOMAINS. CoinBlocker is a collection of lists that can help prevent illegal cryptomining in the browser or other applications. Most cryptocurrencies are generated through the process known as “mining.” Much like traditional mining operations, these procedures require the use of energy and resources to complete a process which yields a financial reward. In the case of cryptocurrency mining, the energy required is electricity and computing power. Lurking behind the legitimate cryptocurrency mining community is another group of individuals and organizations that try to mine for crypto using illicit methods.

Read more

View all