Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.
I've been examining one of my domains and the Docker-based analyzer detects a set of "Malicious Association" IPs
I went to examine deeper and check a couple of CNAME references of my domain and identified that domains of the CRM tools we used had overlapped with these "Malicious Association" IPs
I then removed the DNS records pointing to the CRM domains
After 3 days the tool still reports "FOUND -> Malicious Association"
I wonder, where those are coming from? After briefly looking at the code I did not understand how the list is determined. Would you mind helping me understand how to better use the tool to find the source of this association?
Thanks a lot for the analyzer and for the answer, in advance.