Unable to locate the sources of the malicious IP addresses

Question

Unable to locate the sources of the malicious IP addresses

Closed this issue a year ago · 2 comments

I've been examining one of my domains and the Docker-based analyzer detects a set of "Malicious Association" IPs
I went to examine deeper and check a couple of CNAME references of my domain and identified that domains of the CRM tools we used had overlapped with these "Malicious Association" IPs
I then removed the DNS records pointing to the CRM domains
After 3 days the tool still reports "FOUND -> Malicious Association"

I wonder, where those are coming from? After briefly looking at the code I did not understand how the list is determined. Would you mind helping me understand how to better use the tool to find the source of this association?

Thanks a lot for the analyzer and for the answer, in advance.

Answer 1 · 2023-09-16T08:20:09.000Z

@nikiluk Hi,

Sure, I wrote default malicious IPs and domains sources on README.md.

https://github.com/OsmanKandemir/associated-threat-analyzer#default-malicious-ips-and-domains-sources

If They removed your associated malicious IP address. Docker hub application needs to be updated. I have been defined this sitution.

Also, I have been wrote note for Docker application usage.

https://github.com/OsmanKandemir/associated-threat-analyzer#warning--if-you-want-to-run-a-docker-container-associated-threat-analyzer-recommends-to-use-your-malicious-ips-and-domains-lists-because-maintainer-may-not-be-update-a-default-malicious-ip-and-domain-lists-on-docker-image

You can use malicious ip and domain addresses of your choice on terminal.

Answer 2 · 2023-09-16T08:49:11.000Z

Thank you for your answer. Will try!