Since we launched threatYeti in 2023, we’ve seen the security community embrace our real-time search engine for risky domains and IP addresses. With our comprehensive intelligence, threatYeti has become a go-to replacement for the web-based versions of tools like VirusTotal.
You may have seen our announcement of our free threat intelligence feeds, and we’re now excited to announce that threatYeti Community and Pro editions now come with free API access.
alphaMountain Free Domain & IP Reputation API
You can now programmatically check domain categorization, URL threat score, or IP reputation with your free API key inside threatYeti.
Here’s how to generate your API key and a couple of example queries you can run to evaluate a host and our intelligence data.
Generate a Free Threat Intelligence API Key
If you don’t already have a free threatYeti community account, go ahead and create one by visiting threatYeti.com and clicking “Login” in the top right. Select your email service provider and you’re good to go.
With a free Community account, you get up to 25 free queries per day.
Next, generate your API key by clicking on your email address in the top right corner, then “Settings”.
In settings click “Generate API Key” and you’re all set.
Use the ‘Copy’ button to copy your API key to the clipboard so you can use it in the next steps.
Example Malicious URL Detection & Threat Rating
Next, let’s look at some curl commands you can use to try the API.
To check a threat rating, pass in the URL or URI value in “uri” and paste your API value in the “license” field.
***curl -X POST -H ‘Content-Type: application/json’ -d ‘{“uri”:”https://google.com/”,”license”:”<license key>”,”type”:”partner.info”,”version”:1, “scan_depth”: “low” }’ https://api.alphamountain.ai/threat/uri/***
Payload: The alphaMountain threat rating is returned as a high-fidelity score between 1.00 (safe) to 10.0 (malicious) in the “score” field.
{
“version”: 1,
“status”: {
“threat”: “Success”
},
“threat”: {
“score”: 1.1035714285714284,
“scope”: “domain”,
“source”: “αM-Labs”
},
“ttl”: 28800
}
You can also get the category for a URI. This is useful, for example, in cases such as web filtering where a corporate access policy might need to be enforced. Websites classified in certain categories such as Gambling or Adult should be blocked in certain contexts.
Of course, high-risk categorizations such as Phishing or Malicious are essential in security contexts as well.
In this example, we use a test URI that will return the Sports category using our sample URL.
***curl -X POST -H ‘Content-Type: application/json’ -d ‘{“uri”:”https://39.test.alphamountain.ai”,”license”:”<license key>”,”type”:”partner.info”,”version”:1}’ https://api.alphamountain.ai/category/uri/***
Payload: For performance, alphaMountain categories are returned as an integer. In this case, “64” is mapped to the “Sports” category and is returned in the “categories” array.
{
“version”: 1,
“status”: {
“category”: “Success”
},
“category”: {
“categories”: [
39
],
“scope”: “domain”,
“confidence”: 0.98
},
“ttl”: 28800
}
Use your alphaMountain API Key with These Integrations
We have a number of native BYOK (bring your own key) integrations with our API. The best way to try our domain classification and IP reputation API is to plug it into one of these SIEM, SOAR or TIP solutions. Enrich your investigations or workflows with a native integration.
ThreatConnect
Get a URL threat score, category and summary context including any domain impersonation with the Polarity integration in ThreatConnect.
Splunk
Enrich your Splunk investigations with a URL threat score and category from the alphaMountain Splunkbase app.
Swimlane
Automate your detection and response workflows with URL threat, category, impersonation and popularity enrichment inside Swimlane.
Custom API and Threat Feed Licensing
If you have a use case that requires more volume or OEM integration of our threat feeds, just request a free trial and we’ll put together a custom domain and IP threat intelligence package for you.