A DNS Deep Dive into FUNNULL’s Triad Nexus
If you have heard of the Polyfill supply chain attack, then you may already have an idea about what FUNULL is. It is said to have bought the domain polyfill[.]io, which was responsible for a massive attack that affected millions of websites in June 2024.1
FUNULL, as it turns out, is not only behind the Polyfill supply chain attack but also several other malicious campaigns involving investment scams, fake trading app distribution, and suspect gambling networks, all clumped together in what security researchers have dubbed “Triad Nexus.”2
The WhoisXML API research team expanded a list of 63 Triad Nexus suspicious indicators and found tons of other potentially connected artifacts, namely: