Unable to locate the sources of the malicious IP addresses
Closed this issue · 2 comments
nikiluk commented
Hi @OsmanKandemir !
- I've been examining one of my domains and the Docker-based analyzer detects a set of "Malicious Association" IPs
- I went to examine deeper and check a couple of CNAME references of my domain and identified that domains of the CRM tools we used had overlapped with these "Malicious Association" IPs
- I then removed the DNS records pointing to the CRM domains
- After 3 days the tool still reports "FOUND -> Malicious Association"
I wonder, where those are coming from? After briefly looking at the code I did not understand how the list is determined. Would you mind helping me understand how to better use the tool to find the source of this association?
Thanks a lot for the analyzer and for the answer, in advance.
OsmanKandemir commented
@nikiluk Hi,
Sure, I wrote default malicious IPs and domains sources on README.md.
If They removed your associated malicious IP address. Docker hub application needs to be updated. I have been defined this sitution.
Also, I have been wrote note for Docker application usage.
You can use malicious ip and domain addresses of your choice on terminal.
nikiluk commented
Thank you for your answer. Will try!