From 42a01b5f94c0b5183297571decfa327e15abfbf4 Mon Sep 17 00:00:00 2001
From: gdesmar <75089569+gdesmar@users.noreply.github.com>
Date: Wed, 8 Nov 2023 16:59:18 +0000
Subject: [PATCH] Inspect URI hostname as IP or Domain

---
 netrep/netrep.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/netrep/netrep.py b/netrep/netrep.py
index ac2dbfb..08be569 100644
--- a/netrep/netrep.py
+++ b/netrep/netrep.py
@@ -92,6 +92,10 @@ def execute(self, request: ServiceRequest):
 
         if request.file_type.startswith("uri/"):
             iocs["uri"].append(request.task.fileinfo.uri_info.uri)
+            if re.match(IP_ONLY_REGEX, request.task.fileinfo.uri_info.hostname):
+                iocs["ip"].append(request.task.fileinfo.uri_info.hostname)
+            else:
+                iocs["domain"].append(request.task.fileinfo.uri_info.hostname)
 
         # Filter out URIs that are emails prefixed by http/s
         # (commonly tagged by OLETools but causes phishing heuristic to be raised because of '@')