使用virustotal VT 查询情报——感觉远远没有微步、思科好用，10万条数据查出来5万条都有postives >0的记录，尼玛！！！

 1399  git clone https://github.com/VirusTotal/c-vtapi.git
 1400  cd c-vtapi/
 1402  sudo apt-get install automake autoconf libtool libjansson-dev libcurl4-openssl-dev
 1407  autoreconf -fi
 1408  ./configure --enable-examples
 1409  make
 1410  sudo make install
 1419  find . -name libcvtapi.so.1
 1420  sudo cp lib/.libs/* /lib64/
 1421  ./example_progs/ip_report --apikey xxxxx --report 106.38.75.154
 1422  sudo cp lib/.libs/* /lib/
 1423  ./example_progs/ip_report --apikey xxxx --report 106.38.75.154

 结果：

main:84: rescan ret=0
Response:
{
    "resolutions": [
        {
            "last_resolved": "2017-12-20 00:00:00",
            "hostname": "testratmal.ddns.net"
        }
    ],
    "undetected_urls": [],
    "detected_downloaded_samples": [],
    "detected_urls": [
        {
            "scan_date": "2018-01-15 10:53:25",
            "url": "http://106.38.75.154/",
            "positives": 1,
            "total": 66
        },
        {
            "scan_date": "2017-12-20 15:23:43",
            "url": "http://testratmal.ddns.net/",
            "positives": 1,
            "total": 66
        }
    ],
    "undetected_downloaded_samples": [],
    "verbose_msg": "IP address in dataset",
    "response_code": 1,
    "as_owner": "China Networks Inter-Exchange",
    "country": "CN",
    "asn": "4847"
}
main:117: Cleanup

 如果是使用python接口则pip install virustotal-api
然后：

from __future__ import print_function
import json
from virus_total_apis import PublicApi as VirusTotalPublicApi

API_KEY = '1？7？7440？eca037b88fd160ef6c8e04b69ba434bdd76ef2ab0ab52a567650157'
vt = VirusTotalPublicApi(API_KEY)

response = vt.get_ip_report("106.38.75.154")
print(json.dumps(response, sort_keys=False, indent=4))

？？？是你自己的api key，输出结果：

{
    "results": {
        "undetected_urls": [],
        "undetected_downloaded_samples": [],
        "detected_downloaded_samples": [],
        "response_code": 1,
        "as_owner": "China Networks Inter-Exchange",
        "detected_urls": [
            {
                "url": "http://106.38.75.154/",
                "positives": 1,
                "total": 66,
                "scan_date": "2018-01-15 10:53:25"
            },
            {
                "url": "http://testratmal.ddns.net/",
                "positives": 1,
                "total": 66,
                "scan_date": "2017-12-20 15:23:43"
            }
        ],
        "verbose_msg": "IP address in dataset",
        "country": "CN",
        "resolutions": [
            {
                "last_resolved": "2017-12-20 00:00:00",
                "hostname": "testratmal.ddns.net"
            }
        ],
        "asn": "4847"
    },
    "response_code": 200
}

alkdsjfalksjf abc 109321dlkaDsadfsa测试OK！