đź’ˇ
Analyze IPs for inbound scenarios, provide IP's geographic location and ASN information, accurately determine whether IPs are malicious, risk severity level, and credibility level through decision rules; identify threat types, such as exploit, zombie, and suspicious, as well as related security events or group labels.

Request

Request method

Request address Request method
https://t.ruhr/api/ip_reputation POST GET

Description of request parameters

Parameter Name Type Description Required
access_key string The identifier of the API request true
resource string IP address true

Response

Description of response parameters

Parameter Name Type Description
success boolean A normal response will return true
date string Intelligence was last updated
is_malicious boolean Whether the IP is malicious or not. boolean type, true for malicious, false for non-malicious
confidence_level number Credibility. The degree of credibility of malicious intent as determined by the source of intelligence and the credibility model, which is categorized as 1 (low), 2 (medium), or 3 (high)
severity string Severity Level. Indicates the degree of danger of the information, and is categorized into five degree types: critical, high, medium, low and info
scene string Application Scenario. E.g., Infrastructure, Cloud Provider, etc. For the full collection, please see: Application Scene Classification
tags_classes array Relevant attack group or security event information, JSON array, each item contains field descriptions as follows:
  • tags_type tag category, e.g. “industry”, “gangs”, “virus_family”, etc.
  • tags specific attack groups or security event tags, such as: APT, Sea Lotus, etc.
basic object The return is a JSON object with the following field descriptions:
  • carrier carrier/service provider
  • location the location of the ip, JSON object, the description is as follows:
    • country country
    • country_code country code
    • province province
    • city city
    • longitude longitude
    • latitude latitude
asn object ASN information. A JSON object containing:
  • number ASN number
  • info AS name
  • rank risk value (0~4, higher means higher risk)
judgments array Analyzed from threat intelligence, extracted from a comprehensive determination of threat types, JSON array.
  1. The types judged as malicious in this interface contain:
    • Spam spam
    • Zombie puppet machine
    • Scanner scanning
    • Exploit vulnerability exploitation
    • Botnet botnet
    • Suspicious suspicious
    • Brute Force brute force
      The Brute Force subclass is related, see: Threat Type Complete for a description.
  2. Types determined to be non-malicious are included in this interface:
    • Whitelist whitelist
    • Info basic information

Request Example

T.ruhr API supports requests in cURL, Python, PHP, Java, and Go languages, taking Python as an example:

import requests

url = "https://t.ruhr/api/ip_reputation"

query = {
  "access_key": "<YOUR-ACCESS-KEY>",
  "resource": "0.0.0.0"
}

response = requests.request("GET", url, params=query)

print(response.json())

Please replace <YOUR-ACCESS-KEY> with your access key.

or cURL:

curl -v -X GET \
  'https://t.ruhr/api/ip_reputation?access_key=<YOUR-ACCESS-KEY>&resource=0.0.0.0'

Please replace <YOUR-ACCESS-KEY> with your access key.

or PHP:

<?php

// get cURL resource
$ch = curl_init();

// set url
curl_setopt($ch, CURLOPT_URL, "https://t.ruhr/api/ip_reputation?access_key=<YOUR-ACCESS-KEY>&resource=0.0.0.0");
// set method
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
// return the transfer as a string
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

// send the request and save response to $response
$response = curl_exec($ch);

header("Content-Type: text/plain");
if ($response !== false) {
    echo 'HTTP Status Code: ' . curl_getinfo($ch, CURLINFO_HTTP_CODE) . PHP_EOL;
    echo 'Response Body: ' . $response . PHP_EOL;
} else {
    echo 'Error: "' . curl_error($ch) . '" - Code: ' . curl_errno($ch) . PHP_EOL;
}

// close curl resource to free up system resources
curl_close($ch);

Please replace <YOUR-ACCESS-KEY> with your access key.

or Java:

import java.io.IOException;
import org.apache.http.client.fluent.*;

public class FileReport
{
  public static void main(String[] args) {
    sendRequest();
  }

  private static void sendRequest() {

    // file/upload Duplicate (GET )

    try {

      // Create request
      Content content = Request.Get("https://t.ruhr/api/ip_reputation?access_key=<YOUR-ACCESS-KEY>&resource=0.0.0.0")

      // Fetch request and return content
      .execute().returnContent();

      // Print content
      System.out.println(content);
    }
    catch (IOException e) { System.out.println(e); }
  }
}

Please replace <YOUR-ACCESS-KEY> with your access key.

or Go:

package main

import (
    "fmt"
    "net/http"
    "io/ioutil"
)

func main() {

    url := "https://t.ruhr/api/ip_reputation?access_key=<YOUR-ACCESS-KEY>&resource=0.0.0.0"

    req, _ := http.NewRequest("GET", url, nil)

    res, _ := http.DefaultClient.Do(req)

    defer res.Body.Close()
    body, _ := ioutil.ReadAll(res.Body)

    fmt.Println(res)
    fmt.Println(string(body))

}

Please replace <YOUR-ACCESS-KEY> with your access key.

Sample response (JSON)

{
    "success": true,
    "date": "2025-01-01 08:00:00",
    "is_malicious": false,
    "confidence_level": 3,
    "severity": "info",
    "scene": "Cloud Provider",
    "tags_classes": [],
    "basic": {
        "carrier": "China Unicom",
        "location": {
            "country": "China",
            "country_code": "CN",
            "province": "Shanghai",
            "city": "Shanghai",
            "longitude": "123.456789",
            "latitude": "123.456789"
        }
    },
    "asn": {
        "number": 37963,
        "rank": 0,
        "info": "ALIBABA-CN-NET"
    },
    "judgments": [
        "Dynamic IP",
        "Zombie",
        "Spam",
        "IoT Device"
    ]
}

This JSON data is only a demo and does not represent the actual request output.