Daniel Cid

@dcid@noc.social
6.3K Followers
211 Following
1.2K Posts

Founder of CleanBrowsing, Sucuri, Trunc and OSSEC. Former VP Engineering, GoDaddy - CTO, Sucuri. Builder and breaker by heart...

#security #cleanbrowsing #dns #cdn #opensource #infosec

CountryCanada
Websitehttps://dcid.me
Companyhttps://dnsarchive.net
DNS Filterhttps://cleanbrowsing.org
Daniel Cid11h ago

Interesting.. First scan for CVE-2025-53771 (latest Sharepoint vuln) on our logs was on July 16th, a few days before public disclosure.

172.174.82.132 16/Jul/2025:07:31:10 +0000 "GET /_layouts/15/ToolPane.aspx HTTP/1.1" "http://localhost" "Mozilla/5.0"

From a Microsoft IP address...

Daniel Cid6d ago
nixCraft 🐧6d ago

Attackers exploit a blind spot by hiding malware inside DNS records. This technique transforms the Internet DNS into an unconventional file storage system and distributes malware using dns records. Be careful and safe out there 😱 Almost nobody filters DNS. Another security nightmare.

Read more: Malware in DNS
https://dti.domaintools.com/malware-in-dns/

Malware in DNS - DomainTools Investigations | DTI

Because it's always DNS, we wanted to share this fun finding of malware stored across DNS TXT records.

DomainTools Investigations | DTI
Daniel CidJul 11
nixCraft 🐧Jul 11

50-60k lines and nothing works, I would literally kill to look at this. lmao.

#ai

Daniel CidJul 11

Anyone ever see this user agent on their web logs?

"Mozilla/5.0 (compatible; Google-Extended/1.0"

Supposed to be used by Google AI (Bard/Gemini), but don't see any hits for it anywhere.

Or maybe the articles written about it were written by AI...

Daniel CidJul 10

Started a repo with the most common AI bots/crawlers IP addresses I see:

https://github.com/dcid/AI-bots/blob/main/data/ai-bot-ipaddresses-ranges.txt

Very basic, but a start. Would love ideas on what bots / IP ranges are missing.

Next, I will add some scripts to convert that data into a more useable format.

AI-bots/data/ai-bot-ipaddresses-ranges.txt at main · dcid/AI-bots

AI Bots and crawlers repository. Contribute to dcid/AI-bots development by creating an account on GitHub.

GitHub
Daniel CidJul 9

Pretty big issue:

Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.

https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5

Extensions that get hijacked/bought are a common source of malware these days.

*Found some additional domains in the same IP address as them which might be connected:

https://dnsarchive.net/search?q=79.141.165.115

Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.

TL;DR - Our investigation of a single “verified” color picker exposed a coordinated campaign of 18 malicious extensions that infected a massive 2.3 million users across Chrome and Edge. If you think…

Koi Security
Daniel CidJul 9

Is there a central repository with AI bot crawler IP addresses and user agents somewhere?

I have a small one with the main AI products, but looking to expand.

Daniel CidJul 8

Deploying Fridays at 5pm.. or

Deploying Mondays at 1am and going to sleep..

All valid ways to add some emotion to your life.

Daniel CidJul 1

Expanded DNSArchive to also add web headers, CMS versions, links , css files, etc.

You can now search for it here:

https://dnsarchive.net/web-search

(in beta).

Ex:

All sites using PHP/5.2:
https://dnsarchive.net/web-search?q=PHP/5.2

And you can still do DNS specific search here:

https://dnsarchive.net/search

Feedback welcome!

Daniel CidJun 4
Dean Burnett (that brains guy)Jun 2

This is my PhD thesis

I did not ask for this

I did not consent to this

I did not approve of this

I was not compensated for this

I would not have advised this

I do not like this

And worst of all, the number of people who've read my thesis has still not increased.