[Feature]: New module to check IP from known proxy/balancing services (CloudFlare/Akamai)

FafnerKeyZee commented 1 year ago

Is your feature request related to a problem? Please describe.

When analyzing some domain, it appears that the IP is one of CF/Akamai etc. Unfortunately those IP appear has malicious when using the module Phishtank.

Describe the solution you'd like

It could be nice to use a module to detect this kind of service.

Describe alternatives you've considered

Create a whitelist of IP to not scan with phishitank

Additional context

CloudFlare https://www.cloudflare.com/ips/ or https://developers.cloudflare.com/api (if user has an API access)
Akamai https://techdocs.akamai.com/network-lists/reference/api-summary

Rafiot commented 1 year ago

Support for cloudflare IPs: https://github.com/Lookyloo/lookyloo/commit/ecb4623b86a9e8b21c5fe16c41c9d2206f4798ed

Rafiot commented 1 year ago

Related to this one for a more generic support of known lists: https://github.com/Lookyloo/lookyloo/issues/149 - it has the list for akamai: https://misp.github.io/misp-warninglists/lists/akamai/list.json

The API call doesn't seem to be for the same thing.

Lookyloo / lookyloo

[Feature]: New module to check IP from known proxy/balancing services (CloudFlare/Akamai) #583

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Additional context