def obtain_ip(self):
print("** NS Lookup Result **")
current_ip = socket.gethostbyname(self.base_url)
print("IP Address: " + current_ip)
print("FQDN: " + socket.getfqdn(self.base_url))
distinct_ips = []
socket_info = socket.getaddrinfo(self.base_url, 0, 0, 0, 0)
for result in socket_info:
ns_ip = result[4][0]
if distinct_ips.count(ns_ip) == 0:
distinct_ips.append(ns_ip)
print('NS IP Address: ' + ns_ip)
distinct_ips = list(set(distinct_ips))
return current_ip
def obtain_ip(self):
print("__LOOKUP____________________________________________")
currnet_ip = socket.gethostbyname(self.base_url)
print("ip: " + currnet_ip)
print("FQDN: " + socket.getfqdn(self.base_url))
distinct_ips = []
# 0,0,0,0 is for (family, type, proto, canonname, sockaddr)
socket_info = socket.getaddrinfo(self.base_url, 0, 0, 0, 0)
for result in socket_info:
ns_ip = result[4][0]
if distinct_ips.count(ns_ip) == 0:
distinct_ips.append(ns_ip)
print(ns_ip)
distinct_ips = list(set(distinct_ips))
return currnet_ip
def obtain_ip(self):
print("__LOOKUP____________________________________________")
currnet_ip = socket.gethostbyname(self.base_url)
print("ip: "+currnet_ip)
print("FQDN: "+socket.getfqdn(self.base_url))
distinct_ips = []
# 0,0,0,0 is for (family, type, proto, canonname, sockaddr)
socket_info = socket.getaddrinfo(self.base_url,0,0,0,0)
for result in socket_info:
ns_ip = result[4][0]
if distinct_ips.count(ns_ip)==0:
distinct_ips.append(ns_ip)
print(ns_ip)
distinct_ips = list(set(distinct_ips))
return currnet_ip
def statistical_report(url,tldextract_output):
topips=['64.70.19.203', '216.218.185.162', '172.217.14.161', '175.126.123.219', '156.251.148.212', '54.83.43.69', '47.91.170.222', '173.230.141.80', '103.44.28.169', '103.44.28.181', '108.61.203.22', '23.20.239.12', '153.92.0.100', '141.8.224.221', '184.168.131.241', '122.10.109.175', '209.202.252.66', '199.59.242.153', '69.172.201.153', '91.227.52.108', '35.186.238.101', '185.164.136.124', '69.16.230.42', '18.216.20.136', '211.231.99.250', '59.188.232.88', '160.121.242.52', '91.195.240.126', '37.157.192.102', '67.227.226.240', '52.58.78.16', '198.11.172.242', '3.234.181.234', '172.120.69.45', '204.95.99.26', '193.109.247.10', '52.69.166.231', '23.89.1.166', '18.211.9.206', '72.52.178.23', '204.11.56.48', '193.109.247.224', '47.75.126.218', '156.234.215.125', '23.253.126.58', '23.236.62.147', '47.245.9.22', '104.239.157.210', '208.91.197.46', '209.99.40.223']
topdomains=["docs.google.com","storage.googleapis.com","firebasestorage.googleapis.com","cheaproomsvalencia.com","playarprint.com",\
"forms.office.com","bit.ly","sites.google.com","ivanidzakovic.com","drive.google.com","forms.gle","codesandbox.io",".sharepoint.com","onedrive.live.com",\
"advonationusa.com","infopublishersassociation.com","vmorefraud.com","stolizaparketa.ru","mytanfarma.com","zohard.com","southcountyclassified.com","tptelecom","tinyurl.com"]
topips=[]
ip_list = []
try:
ais = socket.getaddrinfo(tldextract_output.subdomain + '.' + tldextract_output.domain+'.'+tldextract_output.suffix,0,0,0,0)
for tldextract_output in ais:
ip_list.append(result[-1][0])
ip_list = list(set(ip_list))
for ip in ip_list:
if ip in topips:
return -1
except:
pass
for domain in topdomains:
if domain in url:
# print("phish report")
return -1
return 1