A Note from Validin’s Founder, Kenneth
Before we recap 2025, I wanted to take a moment to say thank you. It’s only possible for Validin to be here as an independent, standalone company because of the customers who choose to support us. I’m also deeply grateful for the community, our partners, our vendors, and the amazing Validin team (including advisors and contractors!). You all helped us grow and thrive in 2025.
When I started the Validin journey in 2019, it was my dream to create the single most essential view of the global public internet for cyber threat intelligence. It’s our mission at Validin to make our platform the most capable place for researchers and analysts to conduct their research and investigations on public infrastructure. Our independence as a company allows us to focus completely on our mission.
It’s deeply rewarding to serve companies of all sizes and specialties and to collaborate directly with individual researchers and analysts. Every customer fuels our motivation and ability to improve the Validin platform. We’re incredibly privileged to be able to build for you. We thrive on your feedback and collaboration, and you have my personal commitment to consistently and visibly make Validin the platform you rely on for threat hunting and analytics.
Thank you,
Kenneth
Research
Events
At PIVOTcon in May 2025, Kenneth Kinion (Validin) and Tom Hegel (SentinelOne) unmasked the FreeDrain Network, an industrial-scale crypto theft network targeting individuals through SEO poisoning.
At SLEUTHCON in June 2025, Sreekar Madabushi and Dr. Aleksandar Milenkoski, Principal Threat Researcher at SentinelLabs, presented research into the CTI efforts of North Korean threat actors associated with Contagious Interview.
Blogs
Our most popular blog post of 2025 was an investigation into a successful phish attempt against Troy Hunt, finding a network of phishing domains with links to Scattered Spider. Our second most popular blog was a guest post by Aaron Meese that dissects and tracks a blogspot phishing campaign with infrastructure connected to ApateWeb. Rounding out the top 5 are:
- a guest post by Efstratios Lontzetidis tracking Contagious Interview,
- a breakdown of the evolution of Contagious Interview lure pages with AI company lures, and
- an analysis of domains tied to the $1.5 B ByBit Heist
We published more than 25 blog posts in 2025 with about half of our research blogs originating from guest researchers.
Validin was featured in many other investigations and infrastructure hunts in 2025. Consider following Vasilis Orlof on Cyber Intelligence Insights, checking out original research by Max Lesser at FDD into a Chinese intelligence operation (with a followup on Memetic Warfare), and reading about infrastructure connections to a recent Trust Wallet browser extension hack published by SlowMist.
Further Reading
Validin research and collaborations were covered by several major news organizations in 2025. Davey Winder at Forbes covered our research into FreeDrain in May. A. J. Vincens and Raphael Satter at Reuters covered our investigation into how DPRK-aligned threat actors attempted to leverage Validin for CTI research. Late last year, Sean Lyngaas at CNN covered our discovery of a new twist to the DPRK-aligned Contagious Interview campaign.
Community
We’ve seen the Validin community grow tremendously over the past year. We’ve processed 10 times the number of queries from 2024 to 2025, and expanded our researcher program, actively collaborating and sharing intelligence back to the community.
This is highlighted in our collaborations with the cyber security community.
A fully fledged Vertex Synapse integration was built, spearheaded by the SentinelLabs team and released to the community. It allows users to leverage Validin rich context within the Synapse platform, making infrastructure roll up and discovery seamless for Synapse-powered teams.
In November, we were featured in a video by John Hammond, as he was hunting for DMCA Malware.
In December, our founder, Kenneth, was featured in a video by Russian Panda to demonstrate Validin’s capabilities as part of a “Vibe Hunt”, exploring Validin to discover internet threats.
Validin strives to make world-class threat intelligence accessible to the broader community, to ensure that community researchers are well equipped to fight cyber threats. To researchers who are actively contributing to the community: contact us for collaboration and expanded access.
Product Updates
In 2025, Validin gave threat researchers and analysts many new capabilities that enhanced their visibility into the threat space, provided improved tooling for threat hunting, and made it easier than ever to track persistent and elusive threats on the public internet.
We added the following features for all users:
- Threat profiles based on publicly-reported indicators and threat reports, blogs, and collections
- Improvements to the summary view for domain names and IP addresses
- New indicator feeds brought directly to your dashboard
- Additional sources for IP geolocation created and maintained by dbip
- Synapse integrations for Validin
- Improved documentation for Validin
- Many small usability improvements, like quick pivot menus and pivot history
Premium Community and Enterprise:
- Within projects, analysts can apply tags and notes to individual indicators
- Advanced search for virtual host responses
Enterprise:
We made a commitment at the beginning of 2025 to offer a single-tiered Validin Enterprise, so every feature is available to every enterprise customer regardless of size or spend.
- YARA-X for HTTP responses for both recent historical hunting and continuous detection with YARA-X
- Full HTML, Certificate, and Favicon downloads available indefinitely
- 10 months of crawler history capturing billions of crawls every week (over 100 billion host response summaries available on-demand)
- Single Sign On, which is available to all enterprise customers at no additional cost
- The ability to share projects between different enterprise organizations through the Validin Platform
Keep in Touch
Connect with us on the following platforms: