2023 was a banner year here at alphaMountain. We attended our first industry trade shows as a team, we launched threatYeti, we continued our support of Cisco’s high-profile events SOC, and we signed up a whole host of new customers for our domain and IP threat intelligence data. Phew.
While we are immensely grateful for all of our customers’ support and are looking forward to our continued growth in 2024, we thought it would be good to take a quick look back and share some of the highlights from a data perspective. If you’re into cyber threat intelligence (and why else would you be reading this?), you might enjoy this quick year in review.
Threat Risk
We scored nearly 217,812,197 hosts in 2023. That’s an average of 596,746 hosts per day. Using alphaMountain’s fast, AI-powered threat detection model, our threat rating engine assigns a threat score from 1.00 (low) to 10 (high) for every host it encounters. Here’s how those scans broke down by range of threat scores in 2023.
Distribution of Threat Scores by %:
| Score | Qty. | % |
| 1 | 7,064 | 0.00% |
| 2 | 721,666 | 0.33% |
| 3 | 75,562,066 | 34.69% |
| 4 | 87,196,193 | 40.03% |
| 5 | 45,600,681 | 20.94% |
| 6 | 240,998 | 0.11% |
| 7 | 2,343,368 | 1.08% |
| 8 | 928,532 | 0.43% |
| 9 | 5,211,512 | 2.39% |
| 10 | 117 | 0.00% |
| TOTAL | 217,812,197 |
Almost 96% of the hosts scored were in the 1 to 5 range. These hosts are generally considered “low risk,” and this is in line with what one might expect on the internet today. Another way to look at it is that about 4 out of every 100 hosts on the internet are risky.
In reality, however, the likelihood that a person would actually visit a risky site in normal day-to-day browsing activity is much lower than 4% because most people’s internet usage is confined to domains and this score distribution includes both domains and the raw IP addresses where many machine-to-machine connections occur.
Top 1M Sites Risk Distribution
As part of our API subscription, we also furnish the popularity of hosts, including whether the host is in the top five million most-trafficked sites. This popularity ranking provides valuable context in the course of an investigation as more popular sites are generally less risky than those higher-risk sites that tend to fly under the radar by design.
Here we see that 2.2% of the top one million sites were rated in the 7 to 10 or “risky” range.
| Score | Qty. | % |
| 1 | 9587 | 1.0% |
| 2 | 190732 | 19.1% |
| 3 | 464037 | 46.4% |
| 4 | 214315 | 21.4% |
| 5 | 93191 | 9.3% |
| 6 | 6281 | 0.6% |
| 7 | 4837 | 0.5% |
| 8 | 8807 | 0.9% |
| 9 | 7988 | 0.8% |
| 10 | 225 | 0.0% |
Categorization
In November 2023, we announced the expansion of our host categorization data with the addition of six new categories bringing our total number of available categories to 89. The new categories are:
- AI/ML Applications
- Alternative Currency
- Dynamic DNS
- Login/Verification
- Newly Registered Domains
- Promotional Compensation
Of our total hosts evaluated in 2023, we categorized 143,658,635 of them. Here’s how those hosts broke down by category.
Distribution of Host Categories by %
| Category Name | API ref. # | % |
| Business/Economy | 9 | 37.5% |
| Information Technology | 34 | 12.6% |
| Personal Sites/Blogs | 50 | 6.4% |
| Shopping | 66 | 4.3% |
| Entertainment | 18 | 3.4% |
| Phishing | 51 | 2.8% |
| Health | 29 | 2.7% |
| Education | 16 | 2.4% |
| Travel | 76 | 2.2% |
| Suspicious | 72 | 1.9% |
| Hosting | 31 | 1.9% |
| Malicious | 39 | 1.9% |
| Pornography | 54 | 1.8% |
| Society/Lifestyle | 68 | 1.6% |
| Finance | 21 | 1.6% |
| Sports | 71 | 1.2% |
| Real Estate | 58 | 1.1% |
| Government/Legal | 26 | 1.1% |
| News | 45 | < 1% |
| Restaurants/Food | 62 | < 1% |
| Games | 25 | < 1% |
| Content Servers | 12 | < 1% |
| Religion | 60 | < 1% |
| Vehicles | 78 | < 1% |
| Reference | 59 | < 1% |
| Gambling | 24 | < 1% |
| Parked Site | 48 | < 1% |
| Arts/Culture | 5 | < 1% |
| Video/Multimedia | 79 | < 1% |
| Search Engines/Portals | 64 | < 1% |
| Spam | 70 | < 1% |
| Adult/Mature | 3 | < 1% |
| Social Networking | 67 | < 1% |
| Ads/Analytics | 2 | < 1% |
| Audio | 7 | < 1% |
| Forums | 23 | < 1% |
| Job Search | 37 | < 1% |
| Hobbies/Recreation | 30 | < 1% |
| Productivity Applications | 56 | < 1% |
| Alcohol | 4 | < 1% |
| Anonymizers | 57 | < 1% |
| Scam/Illegal/Unethical | 63 | < 1% |
| Politics/Opinion | 53 | < 1% |
| Tobacco | 74 | < 1% |
| Non-Profit/Advocacy | 46 | < 1% |
| Dating/Personals | 13 | < 1% |
| 17 | < 1% | |
| Military | 43 | < 1% |
| Virtual Meetings | 81 | < 1% |
| File Sharing/Storage | 20 | < 1% |
| Brokerage/Trading | 8 | < 1% |
| Alternative Ideology | 33 | < 1% |
| Translation | 75 | < 1% |
| Software Downloads | 69 | < 1% |
| Weapons | 82 | < 1% |
| Auctions/Classifieds | 6 | < 1% |
| Chat/IM/SMS | 10 | < 1% |
| Marketing/Merchandising | 41 | < 1% |
| Media Sharing | 42 | < 1% |
| Marijuana | 40 | < 1% |
| Mixed Content/Potentially Adult | 44 | < 1% |
| Information/Computer Security | 35 | < 1% |
| Lingerie/Swimsuit | 38 | < 1% |
| Peer-to-Peer (P2P) | 49 | < 1% |
| Piracy/Plagiarism | 52 | < 1% |
| Remote Access | 61 | < 1% |
| Digital Postcards | 14 | < 1% |
| Telephony | 73 | < 1% |
| For Kids | 22 | < 1% |
| Sex Education | 65 | < 1% |
| Infrastructure/IOT | 36 | < 1% |
| Hacking | 27 | < 1% |
| Drugs/Controlled Substances | 15 | < 1% |
| Nudity | 47 | < 1% |
| Potentially Unwanted Programs | 55 | < 1% |
| Child Pornography/Abuse | 11 | < 1% |
| Humor/Comics | 32 | < 1% |
| Abortion | 1 | < 1% |
| Violence | 80 | < 1% |
| Hate/Discrimination | 28 | < 1% |
| Extreme/Gruesome | 19 | < 1% |
| URL Redirect | 77 | < 1% |
| Dynamic DNS | 85 | < 1% |
| AI/ML Applications | 83 | < 1% |
| Login/Challenge | 86 | < 1% |
| Alternative Currency | 84 | < 1% |
| Promotional Compensation | 88 | < 1% |
| Newly Registered | 87 | < 1% |
Naturally, with the six new categories introduced late in 2023, they do not yet contribute significantly to the total number of hosts categorized. As our dataset continues to grow, we expect these new categories to contribute substantially in 2024 and beyond.
Application Scale
In March 2023, we launched threatYeti, our domain and IP threat research platform for security analysts and threat hunters. In that time, our threatYeti community has taken off, with over 900 subscribers conducting an average of 13.75 queries per user.
We have watched in awe as the cybersecurity community has thoroughly embraced threatYeti as a bona fide alternative to other URL threat lookup services such as VirusTotal or URLScan.io. Considering that threatYeti is powered by our first-party data API, perhaps we shouldn’t be so surprised as more and more cybersecurity professionals are demanding fresh threat verdicts rendered in real time for mission-critical investigations. In any case, it has been a pleasure to see the platform earn its spot in the toolkits of nearly a thousand users.
With that, let’s look at some stats on how our domain and IP threat intelligence data was used in 2023.
API Usage Statistics
Number of API requests: 359,982,323
Number of threatYeti registered users: 950
Number of threatYeti queries: 13,066
Queries by Type
| Type | Qty. |
| category | 174,740,828 |
| threat | 174,247,416 |
| popularity | 54,941 |
| feed/threat | 35,086 |
| batch/category | 18,674 |
| batch/threat | 10,308 |
| feed/category | 9,631 |
With the lion’s share of our customers’ activity coming from Threat and Category lookups, it’s worth noting that the other variations and calculations of usage are representative of the flexibility in our licensing model which include “batch” and “bulk” lookups and updates to our datasets, respectively.
As mentioned, “popularity” is useful in providing enhanced context for thorough threat investigations, and with almost 55,000 lookups for this data, we wrap up 2023 with a great sense of contentment knowing that our data is indeed adding value to the mission of cybersecurity teams across the globe.
Looking Ahead
We already have a full slate of new updates and events planned for 2024, including attendance at the SANS Institute CTI Summit on January 29 in Washington DC, a return to the Early Stage Expo at RSA Conference on May 6th in San Francisco, and a return to InfosecurityEurope in London on June 4th. We’d love to see you at any of these events, so please let us know if you’d like to meet, and we will reach out to get you scheduled. Cheers to a great and prosperous 2024!