0

How can I find out why a domain/IP is blocked by the Thread Intelligence Feed?

Hi,

I noticed recently that one of the companies VPN endpoints is not working so I switched to another one.

Now with some time to investigate to report a potential problem to the network colleagues I found this:

When trying to resolve it is returning 0.0.0.0 or :: for a blocked domain. Looking at my logs shows it is blocked by the Thread Intelligence Feed.

  1. So how can I find out why the domain/IP landed on the Thread Intelligence Feed?
  2. And how can I get it removed from there without exposing the domain publicly in this help forums?

Thanks in advance.

 

Regards,

Axel

4 replies

null
    • bobsmith
    • 2 yrs ago
    • Reported - view

    Wireshark for Windows or PCAPDroid for Android to see your traffic

      • Axel_Fischer
      • 2 yrs ago
      • Reported - view

      bobsmith There could be hundreds of users behind the IP of the VPN gateway - that's the reason for my question. Capturing traffic on my local device does solve that.

    • Axel_Fischer
    • 2 yrs ago
    • Reported - view

    The Thread Intelligence Feed no longer reports the VPN gateway as bad - but this whole process is pretty intransparent. It would be appreciate it if my questions above could be answered as a general answer posted in "Privacy, blocklist & adblocking" for future reference. Thanks in advance.

    • in_addr_arpa
    • 1 yr ago
    • Reported - view

    Does anyone know the source of the "threat intelligence feed"? I'd like to be able to query it specifically when investigating filter issues.

Content aside

  • 1 yr agoLast active
  • 4Replies
  • 76Views
  • 3 Following