发布于 19 小时前
发布于 19 小时前
川建国
更新于 19 小时前
0
0
在浏览器中打开长亭百川云平台的 空间控制台 ,点击「生成 Token」,权限勾选「百川威胁情报」
通过请求 「威胁情报的」 的 「用户信息」 接口测试 Token 可用性
1curl -k 'https://intelligence.rivers.chaitin.cn/api/v1/user/info' \ 2 3-H 'Accept: application/json, text/plain, */*' \ 4 5-H 'X-CA-Token: <Your_Safepoint_Token>'
如果看到接口返回如下格式的数据,则证明 Token 及相关程序正常可用
1{
2 "message": "",
3 "success": true,
4 "data": {
5 "id": "66**********845",
6 "payment": "Ultimate",
7 "token": "om**********pe",
8 "expired_at": 0
9 }
10}
请求:
1curl -k 'https://intelligence.rivers.chaitin.cn/api/v1/user/info' \ 2 3-H 'Accept: application/json, text/plain, */*' \ 4 5-H 'X-CA-Token: <Your_Safepoint_Token>' 6
响应:
1{
2 "message": "",
3 "success": true,
4 "data": {
5 // 用户 ID
6 "id": "66**********845",
7 // 用户版本
8 "payment": "Ultimate",
9 // 用户 app Token
10 "token": "om**********pe",
11 // 当前版本过期时间,0 为永久
12 "expired_at": 0
13 }
14}
请求:
1curl -k 'https://intelligence.rivers.chaitin.cn/api/v1/ip_info?ip=87.26.82.93' \ 2 3-H 'Accept: application/json, text/plain, */*' \ 4 5-H 'X-CA-Token: <Your_Safepoint_Token>' 6
响应:
1{
2 "message": "",
3 "success": true,
4 "data": {
5 // IP地址
6 "ip": "103.195.194.250",
7 // IP威胁等级: 0-未知 1-安全 2-疑似 3-恶意
8 "status": 3,
9 // IP历史攻击行为统计
10 "behaviors": {
11 "Backdoor": 3,
12 "Web Attack": 16,
13 "SQL Injection": 5,
14 "XXE Injection": 2,
15 "CRLF Injection": 2,
16 "Code Injection": 16,
17 "Path Traversal": 3,
18 "Command Injection": 4,
19 "Template Injection": 1,
20 "Unauthorized Access": 3,
21 "Upload Malicious File": 2
22 },
23 // IP标签列表,(IDC、家宽等)
24 "labels": [],
25 // IP地理位置信息
26 "address": {
27 "ip": "103.195.194.250",
28 "country": "China",
29 "province": "Hongkong",
30 "city": "Hongkong",
31 "isp": "Power Line (HK) Co., Limited",
32 "owner": "Power Line (HK) Co., Limited",
33 "asn": "AS132839",
34 "lng": "114.184921",
35 "lat": "22.350617",
36 "scene": "Hosting",
37 "radius": "40.0088",
38 "timezone": "UTC+8"
39 },
40 // IP活动历史记录
41 "activities": [
42 {
43 "ip": "103.195.194.250",
44 "date": "2025-05-05",
45 // 当日恶意等级
46 "malicious_level": 0
47 },
48 {
49 "ip": "103.195.194.250",
50 "date": "2025-05-06",
51 "malicious_level": 3
52 }
53 ]
54 }
55}
请求:
1curl -k 'https://intelligence.rivers.chaitin.cn/api/v1/intelligences/list?page=1&per_page=1000&ip=142.93.230.252' \ 2 3-H 'Accept: application/json, text/plain, */*' \ 4 5-H 'X-CA-Token: <Your_Safepoint_Token>' 6
响应:
1{
2 // 接口响应信息
3 "message": "",
4 // 请求是否成功
5 "success": true,
6 "data": {
7 // 总记录数
8 "total": 821,
9 // 历史恶意行为记录列表
10 "data": [
11 {
12 // 记录唯一标识
13 "id": "01973a2d-fa2c-75b1-b836-80d68d4d6a80",
14 // IP类型
15 "type": "IPv4",
16 // 详细的恶意行为描述
17 "comment": "These IPs are constantly performing port scanning on my honeypot \"honeypot_qingdao_2\".\n\nProtocols: tcp\nAttack times: 738\nPorts: 10000, 10008, 10015, 10023, 10046, 10059, 10082, 101, 1011, 10120, 10175, 10225, 10240-10241, 10247, 10259, 1027, 1028, 1032, 10357, 10628, 1080, 10989, 1099, 10997, 11, 110, 1109, 11112, 11234, 11443, 11551, 1189, 119, 1200, 12000, 12001, 12022, 12088, 12262, 1234, 12346, 12349, 12350, 12351, 12357, 12358, 12360, 12366, 12369, 12607, 12694, 1282, 12852, 1311, 1314, 13228, 13306, 13320, 13322, 1338, 13898, 13975, 14142, 1433, 14443, 1458, 14817, 15042, 1521, 153, 15305, 15443, 15901, 15944, 16041, 16467, 16825, 16966, 16981, 16993, 17102, 1723, 17389, 17554, 17600, 17811, 179, 18050, 18080, 18118, 1828, 18400, 18456, 18574, 18607, 1883, 1909, 19158, 1963, 19895, and more 637 ports\nStarts at: 2025-06-04T08:00:00.000Z\nEnds at: 2025-06-04T09:00:00.000Z",
18 // 检测到的恶意行为类型
19 "behaviors": [
20 "Port Scanning"
21 ],
22 // 本次情报内包含的 IP 数量
23 "count": "714",
24 // 记录创建时间戳
25 "created_at": 1749027781,
26 // 创建者信息
27 "creator": {
28 // 创建者名称
29 "name": "Scanning-honeypot",
30 // 创建者头像
31 "avatar": "https://safepoint.oss-rg-china-mainland.aliyuncs.com/prod/avatar/943f0ad23af80967207b15b55900cbfb.png"
32 }
33 }]
34 }
35}
请求:
1curl -k 'https://intelligence.rivers.chaitin.cn/api/v1/ja4?ja4=t13d1516h2_8daaf6152771_02713d6af862' \ 2 3-H 'Accept: application/json, text/plain, */*' \ 4 5-H 'X-CA-Token: <Your_Safepoint_Token>' 6
响应:
1
2{
3 "message": "",
4 "success": true,
5 "data": {
6 // JA4 指纹后缀
7 "ja4_fingerprint": "1d37bd780c83_b26ce05bbdd6",
8 // 识别到的恶意行为
9 "behaviors": {},
10 // 识别到的非恶意属性
11 "labels": [],
12 // JA4 威胁等级: 0-未知 1-安全 2-疑似 3-恶意
13 "status": 3,
14 // JA4 对应的应用列表,true 为认证数据,false 为非认证数据
15 "application": {
16 "Chrome ": true,
17 "Chrome 119.0 ": true,
18 "Chrome 120.0 ": true,
19 "Chrome 121.0 ": true,
20 "Chrome 126.0 Beta ": true,
21 "Chromium Browser": true
22 },
23 // JA4 对应的底层应用列表,true 为认证数据,false 为非认证数据
24 "library": {
25 "golang": false
26 },
27 // JA4 对应的硬件设备列表,true 为认证数据,false 为非认证数据
28 "device": {
29 "Google Pixel 5": true
30 },
31 // JA4 对应的操作系统列表,true 为认证数据,false 为非认证数据
32 "os": {
33 "android 13 .0": true
34 },
35 // JA4 对应的 User-Agent 列表,count 为捕获到的次数
36 "related_uas": {
37 "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)": 10218,
38 "Mozilla/5.0 Firefox/33.0": 1,
39 "Mozilla/5.0 X11; Ubuntu; Linux x86_64; rv:126.0 Gecko/20100101 Firefox/126.0": 8,
40 "curl/7.88.1": 1,
41 "curl/8.5.0": 7,
42 "webpage-rs - https://crates.io/crates/webpage": 2
43 },
44 // JA4 对应的 IP 列表
45 "related_ips": {}
46 }
47}
可以通过 F12 查看页面请求的方式,查看更多 API 的调用方式
