Security Research Articles

Information security is a rapidly changing, dynamic field with new attacks, breaches, technologies and vulnerabilities sprouting daily. And with such an influx of information, facts can be overlooked. Research and deeper investigation into these topics, however, can help us identify further potential threats while improving situational awareness, attack attribution and even defenses against future attacks.

In the “Research” category, we show you how SecurityTrails tools can help uncover what’s beneath the surface of controversial websites, malware, cybercrime campaigns, data breaches and bugs that make the headlines.

One of our earliest research projects here is a look into how you can track and trace websites who promote violence and other illegal activities (such as The Daily Stormer) through their DNS records. Among our later explorations, you’ll see our looks at malicious domain campaigns in the wake of hurricane Florence, cryptojacking campaigns, shutting down 8chan and, of course, our Recon Safari series.

SecurityTrails Blog · Feb 23 · by SecurityTrails team

Recon Safari #4: Domains Riding the Robinhood Wave

During the past couple of weeks, the popular free financial trading app Robinhood made headlines for halting purchases of certain stocks. This has resulted in a lot of bad publicity for the company. And because threat actors enjoy exploiting trending news topics to their advantage, we decided to look at newly registered Robinhood domains to see how they’re being used.

SecurityTrails Blog · Dec 17 2020 · by SecurityTrails Team

Iran, the IRGC and Fake News Websites

Recently, the Department of Justice made two public announcements about shutting down fake news websites created by Iran’s Islamic Revolutionary Guard Corps (IRGC). In the first instance, 92 domains were seized in August 2020. And according to the second announcement, 27 more domains were seized as part of the same effort to spread global disinformation.

SecurityTrails Blog · Nov 02 2020 · by Sara Jelen

Recon Safari #2: Looking at the OSINT Behind Fake US Census Bureau Domains

Just recently, we came across a flash alert released by the FBI concerning 63 domains that were impersonating the US Census Bureau. We were intrigued and wanted to investigate further, so for our second Recon Safari we’re going to look at what OSINT data we can uncover from these spoofed domains.

SecurityTrails Blog · Oct 19 2020 · by Sara Jelen

Recon Safari #1: A Closer Look at Friendemic’s Data Breach

We’ve been having some Friday fun running SecurityTrails Recon Safari on Twitter. Over the past few months, we’ve conducted over 30 successful investigations that were easy to research thanks to SecurityTrails API™ and SurfaceBrowser™. And as a result, Recon Safari began in the form of long Twitter threads, eventually evolving into fun and digestible infographics, ultimately followed by a writeup on our blog.

SecurityTrails Blog · Mar 31 2020 · by Nicolas Pence

Finding Coronavirus Malicious Domain Names

The coronavirus outbreak (COVID-19) is arguably one of the most widely publicized events of the century. Information surrounding this pandemic has been incredibly spare, provoking a true “infodemic” through the spread of unhelpful related content like jokes, doubtful home prevention treatments and viral fake videos, along with useful and accurate information as well.

SecurityTrails Blog · Aug 06 2019 · by Esteban Borges

Cloudflare shutting down 8chan: the Internet shelter for hatred

This morning we were surprised by the recent news announcing that Cloudflare is going to shut down the popular website 8chan (8chan.net) from their infrastructure.

SecurityTrails Blog · Jan 29 2019 · by Esteban Borges

DNS Flag Day: What It Is and How It Affects You

DNS Flag day is almost here. That’s why we decided to write about this important event, what EDNS is, the current problem with old broken DNS servers, and finally, we ran a massive EDNS test revealing that around 3.7 % of the top 100k websites ranked in Alexa will be down soon.

SecurityTrails Blog · Nov 13 2018 · by Esteban Borges

Making the Web a Better Place: Fixing Caddy Web Server Hostname Enumeration Vulnerability (CVE-2018-19148)

TL;DR The web server software Caddy leaked information on which SSL certificates were on each installation through enumeration. We submitted a bug report, built a proof of concept, submitted a CVE and the developer of Caddy Matt Holt fixed it and released Caddy 0.11.1.

SecurityTrails Blog · Sep 18 2018 · by Esteban Borges

Malicious domains registered in the wake of Hurricane Florence

Hurricane Florence is hitting North and South Carolina, and despite reports of over 20 human lives lost as victims of this horrific reality, we are sadly aware of scammers attempting to exploit the fear and kindness of good people who wish to help and donate to the victims and organizations.

SecurityTrails Blog · Jun 04 2018 · by SecurityTrails team

Cryptojacking campaigns continue to target vulnerable websites

Over the last seven months, we've witnessed a large growth in malicious cryptocurrency mining operations. This activity, commonly known as cryptojacking, steals the computational (CPU) resources of victims' device to mine cryptocurrency.