From Blueliv we believe that sharing expertise and intelligence is the key to get the upper hand in an ever-changing war on cyber crime. But the issue, usually, is where to acquire this information.
We think that fighting e-crime should be a possibility for everyone, and for that reason, we are launching a free API from which you can download information about malicious hosts.
What can you do with that info you say?
Whatever you want. Feed it into your IDS, to your SIEM or give it to your fraud detection service, use it to take down a botnet, or check if your hosting service has been infected. Just check it out, you won’t regret it!
I’d like to go through some of the things you’ll get. First of all, let me say that using the API is actually pretty easy, all the information comes in JSON format, and is accessible using the oauth2 token we will provide you with, once you have registered on our site.
Let’s see an example. This is the JSON representation of a malicious server:
"url" : "http://0rrkut2012.je.ro",
"type" : "PHISHING",
"country" : "KR",
"status" : "ONLINE",
"latitude" : 37.57,
"longitude" : 126.98,
"ip" : "126.96.36.199",
"updatedAt" : "2014-11-25T13:53:25+0100",
"firstSeenAt" : "2011-01-19T21:34:59+0100",
"lastSeenAt" : "2011-01-19T21:34:59+0100"
For each of the malicious server we have on our cache, you will get the URL, the type of malicious server (malware distribution, exploit kit, backdoor and C&C), the IP, if it’s online or not, and some other helpful information!
In addition, in our Github you will find the full documentation of our API:
In order to access it, you can use our SDK for Python. Installing it is pretty easy; you can even do it with pip:
- pip install git+git://github.com/BluelivSecurity/api-python-sdk
We invite you to visit the Cyber Threat Map and join Blueliv Community to get access to the free API. We would love to hear your feedback, so don’t think twice before sending us your opinion about the API to: firstname.lastname@example.org
Threat Intelligence Analyst