How can I find out why a domain/IP is blocked by the Thread Intelligence Feed?


I noticed recently that one of the companies VPN endpoints is not working so I switched to another one.

Now with some time to investigate to report a potential problem to the network colleagues I found this:

When trying to resolve it is returning or :: for a blocked domain. Looking at my logs shows it is blocked by the Thread Intelligence Feed.

  1. So how can I find out why the domain/IP landed on the Thread Intelligence Feed?
  2. And how can I get it removed from there without exposing the domain publicly in this help forums?

Thanks in advance.




4replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Wireshark for Windows or PCAPDroid for Android to see your traffic

    • bobsmith There could be hundreds of users behind the IP of the VPN gateway - that's the reason for my question. Capturing traffic on my local device does solve that.

  • The Thread Intelligence Feed no longer reports the VPN gateway as bad - but this whole process is pretty intransparent. It would be appreciate it if my questions above could be answered as a general answer posted in "Privacy, blocklist & adblocking" for future reference. Thanks in advance.

  • Does anyone know the source of the "threat intelligence feed"? I'd like to be able to query it specifically when investigating filter issues.

    Like 1
Like Follow
  • 3 days agoLast active
  • 4Replies
  • 50Views
  • 3 Following