virustotal 有提供rest api 查詢
免費註冊後就可以在一定限制下免費使用
v2 語法如下
curl --request GET --url 'https://www.virustotal.com/vtapi/v2/ip-address/report?apikey="your api key"&ip=59.177.37.217'|jq
查詢結果如下
{
"asn": 17813,
"undetected_urls": [],
"undetected_downloaded_samples": [],
"country": "IN",
"response_code": 1,
"as_owner": "Mahanagar Telephone Nigam Limited",
"verbose_msg": "IP address in dataset",
"detected_downloaded_samples": [
{
"date": "2020-09-20 23:45:20",
"positives": 21,
"total": 72,
"sha256": "b5cf68c7cb5bb2d21d60bf6654926f61566d95bfd7c9f9e182d032f1da5b4605"
},
{
"date": "2020-09-20 20:37:59",
"positives": 33,
"total": 72,
"sha256": "c672798dca67f796972b42ad0c89e25d589d2e70eb41892d26adbb6a79f63887"
}
],
"detected_urls": [
{
"url": "http://59.177.37.217/",
"positives": 7,
"total": 79,
"scan_date": "2020-10-02 18:05:53"
},
{
"url": "http://59.177.37.217:58256/Mozi.m",
"positives": 8,
"total": 79,
"scan_date": "2020-09-24 02:04:33"
},
{
"url": "http://59.177.37.217:41901/Mozi.a",
"positives": 8,
"total": 79,
"scan_date": "2020-09-22 16:49:18"
},
{
"url": "https://59.177.37.217/",
"positives": 4,
"total": 79,
"scan_date": "2020-09-22 13:34:26"
},
{
"url": "http://59.177.37.217:39302/Mozi.m",
"positives": 9,
"total": 79,
"scan_date": "2020-09-20 21:52:26"
},
{
"url": "http://59.177.37.217/mozi.m",
"positives": 2,
"total": 79,
"scan_date": "2020-09-16 17:56:36"
},
{
"url": "http://59.177.37.217:58256/Mozi.m/",
"positives": 1,
"total": 79,
"scan_date": "2020-09-16 14:35:11"
}
],
"resolutions": []
}
v3 語法如下
curl --request GET --url 'https://www.virustotal.com/api/v3/search?query=209.59.217.36' --header 'x-apikey: your api key'
{
"data": [
{
"attributes": {
"as_owner": "The Endurance International Group, Inc.",
"asn": 29873,
"continent": "NA",
"country": "US",
"last_analysis_results": {
"ADMINUSLabs": {
"category": "harmless",
"engine_name": "ADMINUSLabs",
"method": "blacklist",
"result": "clean"
},
"AegisLab WebGuard": {
"category": "harmless",
"engine_name": "AegisLab WebGuard",
"method": "blacklist",
"result": "clean"
},
"AlienVault": {
"category": "harmless",
"engine_name": "AlienVault",
"method": "blacklist",
"result": "clean"
},
"Antiy-AVL": {
"category": "harmless",
"engine_name": "Antiy-AVL",
"method": "blacklist",
"result": "clean"
},
"AutoShun": {
"category": "harmless",
"engine_name": "AutoShun",
"method": "blacklist",
"result": "clean"
},
"Avira": {
"category": "harmless",
"engine_name": "Avira",
"method": "blacklist",
"result": "clean"
},
"BADWARE.INFO": {
"category": "harmless",
"engine_name": "BADWARE.INFO",
"method": "blacklist",
"result": "clean"
},
"Baidu-International": {
"category": "harmless",
"engine_name": "Baidu-International",
"method": "blacklist",
"result": "clean"
},
"BitDefender": {
"category": "harmless",
"engine_name": "BitDefender",
"method": "blacklist",
"result": "clean"
},
"Blueliv": {
"category": "harmless",
"engine_name": "Blueliv",
"method": "blacklist",
"result": "clean"
},
"CINS Army": {
"category": "harmless",
"engine_name": "CINS Army",
"method": "blacklist",
"result": "clean"
},
"CLEAN MX": {
"category": "harmless",
"engine_name": "CLEAN MX",
"method": "blacklist",
"result": "clean"
},
"CRDF": {
"category": "harmless",
"engine_name": "CRDF",
"method": "blacklist",
"result": "clean"
},
"Certego": {
"category": "harmless",
"engine_name": "Certego",
"method": "blacklist",
"result": "clean"
},
"Comodo Valkyrie Verdict": {
"category": "harmless",
"engine_name": "Comodo Valkyrie Verdict",
"method": "blacklist",
"result": "clean"
},
"CyRadar": {
"category": "harmless",
"engine_name": "CyRadar",
"method": "blacklist",
"result": "clean"
},
"Cyan": {
"category": "harmless",
"engine_name": "Cyan",
"method": "blacklist",
"result": "clean"
},
"CyberCrime": {
"category": "harmless",
"engine_name": "CyberCrime",
"method": "blacklist",
"result": "clean"
},
"DNS8": {
"category": "harmless",
"engine_name": "DNS8",
"method": "blacklist",
"result": "clean"
},
"Dr.Web": {
"category": "harmless",
"engine_name": "Dr.Web",
"method": "blacklist",
"result": "clean"
},
"ESET": {
"category": "harmless",
"engine_name": "ESET",
"method": "blacklist",
"result": "clean"
},
"ESTsecurity-Threat Inside": {
"category": "harmless",
"engine_name": "ESTsecurity-Threat Inside",
"method": "blacklist",
"result": "clean"
},
"EmergingThreats": {
"category": "harmless",
"engine_name": "EmergingThreats",
"method": "blacklist",
"result": "clean"
},
"Emsisoft": {
"category": "harmless",
"engine_name": "Emsisoft",
"method": "blacklist",
"result": "clean"
},
"EonScope": {
"category": "harmless",
"engine_name": "EonScope",
"method": "blacklist",
"result": "clean"
},
"Forcepoint ThreatSeeker": {
"category": "harmless",
"engine_name": "Forcepoint ThreatSeeker",
"method": "blacklist",
"result": "clean"
},
"Fortinet": {
"category": "harmless",
"engine_name": "Fortinet",
"method": "blacklist",
"result": "clean"
},
"FraudScore": {
"category": "harmless",
"engine_name": "FraudScore",
"method": "blacklist",
"result": "clean"
},
"G-Data": {
"category": "harmless",
"engine_name": "G-Data",
"method": "blacklist",
"result": "clean"
},
"Google Safebrowsing": {
"category": "harmless",
"engine_name": "Google Safebrowsing",
"method": "blacklist",
"result": "clean"
},
"GreenSnow": {
"category": "harmless",
"engine_name": "GreenSnow",
"method": "blacklist",
"result": "clean"
},
"Hoplite Industries": {
"category": "harmless",
"engine_name": "Hoplite Industries",
"method": "blacklist",
"result": "clean"
},
"IPsum": {
"category": "harmless",
"engine_name": "IPsum",
"method": "blacklist",
"result": "clean"
},
"K7AntiVirus": {
"category": "harmless",
"engine_name": "K7AntiVirus",
"method": "blacklist",
"result": "clean"
},
"Kaspersky": {
"category": "harmless",
"engine_name": "Kaspersky",
"method": "blacklist",
"result": "clean"
},
"Lumu": {
"category": "harmless",
"engine_name": "Lumu",
"method": "blacklist",
"result": "clean"
},
"MalSilo": {
"category": "harmless",
"engine_name": "MalSilo",
"method": "blacklist",
"result": "clean"
},
"Malware Domain Blocklist": {
"category": "harmless",
"engine_name": "Malware Domain Blocklist",
"method": "blacklist",
"result": "clean"
},
"MalwareDomainList": {
"category": "harmless",
"engine_name": "MalwareDomainList",
"method": "blacklist",
"result": "clean"
},
"MalwarePatrol": {
"category": "harmless",
"engine_name": "MalwarePatrol",
"method": "blacklist",
"result": "clean"
},
"Malwared": {
"category": "harmless",
"engine_name": "Malwared",
"method": "blacklist",
"result": "clean"
},
"Netcraft": {
"category": "harmless",
"engine_name": "Netcraft",
"method": "blacklist",
"result": "clean"
},
"NotMining": {
"category": "harmless",
"engine_name": "NotMining",
"method": "blacklist",
"result": "clean"
},
"Nucleon": {
"category": "harmless",
"engine_name": "Nucleon",
"method": "blacklist",
"result": "clean"
},
"OpenPhish": {
"category": "harmless",
"engine_name": "OpenPhish",
"method": "blacklist",
"result": "clean"
},
"PREBYTES": {
"category": "harmless",
"engine_name": "PREBYTES",
"method": "blacklist",
"result": "clean"
},
"PhishLabs": {
"category": "harmless",
"engine_name": "PhishLabs",
"method": "blacklist",
"result": "clean"
},
"Phishing Database": {
"category": "harmless",
"engine_name": "Phishing Database",
"method": "blacklist",
"result": "clean"
},
"Phishtank": {
"category": "harmless",
"engine_name": "Phishtank",
"method": "blacklist",
"result": "clean"
},
"Quick Heal": {
"category": "harmless",
"engine_name": "Quick Heal",
"method": "blacklist",
"result": "clean"
},
"Quttera": {
"category": "harmless",
"engine_name": "Quttera",
"method": "blacklist",
"result": "clean"
},
"SCUMWARE.org": {
"category": "harmless",
"engine_name": "SCUMWARE.org",
"method": "blacklist",
"result": "clean"
},
"SecureBrain": {
"category": "harmless",
"engine_name": "SecureBrain",
"method": "blacklist",
"result": "clean"
},
"Segasec": {
"category": "harmless",
"engine_name": "Segasec",
"method": "blacklist",
"result": "clean"
},
"Snort IP sample list": {
"category": "suspicious",
"engine_name": "Snort IP sample list",
"method": "blacklist",
"result": "suspicious"
},
"Sophos": {
"category": "harmless",
"engine_name": "Sophos",
"method": "blacklist",
"result": "clean"
},
"Spam404": {
"category": "harmless",
"engine_name": "Spam404",
"method": "blacklist",
"result": "clean"
},
"Spamhaus": {
"category": "harmless",
"engine_name": "Spamhaus",
"method": "blacklist",
"result": "clean"
},
"StopBadware": {
"category": "harmless",
"engine_name": "StopBadware",
"method": "blacklist",
"result": "clean"
},
"StopForumSpam": {
"category": "harmless",
"engine_name": "StopForumSpam",
"method": "blacklist",
"result": "clean"
},
"Sucuri SiteCheck": {
"category": "harmless",
"engine_name": "Sucuri SiteCheck",
"method": "blacklist",
"result": "clean"
},
"Tencent": {
"category": "harmless",
"engine_name": "Tencent",
"method": "blacklist",
"result": "clean"
},
"ThreatHive": {
"category": "harmless",
"engine_name": "ThreatHive",
"method": "blacklist",
"result": "clean"
},
"Threatsourcing": {
"category": "suspicious",
"engine_name": "Threatsourcing",
"method": "blacklist",
"result": "suspicious"
},
"Trustwave": {
"category": "harmless",
"engine_name": "Trustwave",
"method": "blacklist",
"result": "clean"
},
"URLhaus": {
"category": "harmless",
"engine_name": "URLhaus",
"method": "blacklist",
"result": "clean"
},
"VX Vault": {
"category": "harmless",
"engine_name": "VX Vault",
"method": "blacklist",
"result": "clean"
},
"Virusdie External Site Scan": {
"category": "harmless",
"engine_name": "Virusdie External Site Scan",
"method": "blacklist",
"result": "clean"
},
"Web Security Guard": {
"category": "harmless",
"engine_name": "Web Security Guard",
"method": "blacklist",
"result": "clean"
},
"Yandex Safebrowsing": {
"category": "harmless",
"engine_name": "Yandex Safebrowsing",
"method": "blacklist",
"result": "clean"
},
"ZeroCERT": {
"category": "harmless",
"engine_name": "ZeroCERT",
"method": "blacklist",
"result": "clean"
},
"desenmascara.me": {
"category": "harmless",
"engine_name": "desenmascara.me",
"method": "blacklist",
"result": "clean"
},
"malwares.com URL checker": {
"category": "harmless",
"engine_name": "malwares.com URL checker",
"method": "blacklist",
"result": "clean"
},
"securolytics": {
"category": "harmless",
"engine_name": "securolytics",
"method": "blacklist",
"result": "clean"
},
"zvelo": {
"category": "harmless",
"engine_name": "zvelo",
"method": "blacklist",
"result": "clean"
}
},
"last_analysis_stats": {
"harmless": 74,
"malicious": 0,
"suspicious": 2,
"timeout": 0,
"undetected": 0
},
"last_modification_date": 1601705254,
"network": "209.59.192.0/19",
"regional_internet_registry": "ARIN",
"reputation": 0,
"tags": [],
"total_votes": {
"harmless": 0,
"malicious": 0
},
"whois": "NetRange: 209.59.192.0 - 209.59.223.255\nCIDR: 209.59.192.0/19\nNetName: BIZLAND-FC02\nNetHandle: NET-209-59-192-0-1\nParent: NET209 (NET-209-0-0-0-0)\nNetType: Direct Allocation\nOriginAS: AS29873\nOrganization: The Endurance International Group, Inc. (EIG-12)\nRegDate: 2004-07-30\nUpdated: 2012-03-02\nRef: https://rdap.arin.net/registry/ip/209.59.192.0\nOrgName: The Endurance International Group, Inc.\nOrgId: EIG-12\nAddress: 10 Corporate Drive\nAddress: Suite 300\nCity: Burlington\nStateProv: MA\nPostalCode: 01803\nCountry: US\nRegDate: 2005-02-07\nUpdated: 2018-06-14\nRef: https://rdap.arin.net/registry/entity/EIG-12\nOrgTechHandle: EIGAR-ARIN\nOrgTechName: eig-arin\nOrgTechPhone: +1-866-897-5421 \nOrgTechEmail: eig-arin@endurance.com\nOrgTechRef: https://rdap.arin.net/registry/entity/EIGAR-ARIN\nOrgAbuseHandle: EIGAB-ARIN\nOrgAbuseName: eig-abuse\nOrgAbusePhone: +1-877-659-6181 \nOrgAbuseEmail: eig-abuse@endurance.com\nOrgAbuseRef: https://rdap.arin.net/registry/entity/EIGAB-ARIN\nOrgNOCHandle: ENO91-ARIN\nOrgNOCName: EIG Network Operations\nOrgNOCPhone: +1-877-659-6181 \nOrgNOCEmail: eig-noc@endurance.com\nOrgNOCRef: https://rdap.arin.net/registry/entity/ENO91-ARIN\n",
"whois_date": 1568088719
},
"id": "209.59.217.36",
"links": {
"self": "https://www.virustotal.com/api/v3/ip_addresses/209.59.217.36"
},
"type": "ip_address"
}
],
"links": {
"self": "https://www.virustotal.com/api/v3/search?query=209.59.217.36"
}
方便用來判斷該ip是否為惡意ip
沒有留言:
張貼留言