There are many paid and open source external lookup sites that expose APIs to get information about IOCs. Some of the most famous ones include the following:

• IPvoid: http://www.ipvoid.com/
• URLvoid: https://www.urlvoid.com/
• Cymon: https://api.cymon.io/v2/ioc/search/
• Malware Domain: http://www.malwaredomainlist.com/mdl.php
• Threat Miner: https://www.threatminer.org/
• Threatcrowd: https://www.threatcrowd.org/

Many of these have exposed APIs with which the process of the IOC lookup can be completely automated. For example, let's take a look at the following code snippet that automates the IOC lookup with the help of the API exposed by Cymon:

import requests 
from urllib.parse import urljoin
from urllib.parse import urlparse
cymon_url='https://api.cymon.io/v2/ioc/search/'
type_="ip-src"
ip="31.148.219.11"
if type_ in ["ip-src","ip-dst","domain|ip","ip-dst|port","ip-src|port","ip"]:
                    cymon_url=urljoin(cymon_url,"ip/")
                    cymon_url=urljoin(cymon_url,ip)
response = requests.get(cymon_url, data={},  headers=headers)
print(response)

We can search on these websites and read the API documentation in order to automate the process of IOC lookup against these websites.