Challenge

Uncovering Connected Entities Behind Fraud Front Companies

Valdemar Balle faced the complex task of investigating a global network of invoice factories tied to various fraud schemes, including cryptocurrency investment fraud. The challenge was to unravel connections between seemingly disparate entities that operated as front businesses, each with its own website.

The network has been active for several years, making it necessary to look into historical connections, shared infrastructures, and potential overlaps in ownership or digital assets. Mapping these connections was crucial. Otherwise, the entities behind the fraud scheme would remain unexposed, and their illicit activities would continue uninterrupted.

Solution

Investigation Platform with Deep WHOIS History and Reverse DNS Search Capabilities

The investigator exploited operational security (OPSEC) flaws in the fraud network, enabling him to gather critical information that served as a starting point for uncovering deeper connections.

Using the advanced search functions of the Domain Research Suite, he pivoted off the information gathered from the OPSEC flaws (e.g., email addresses, names, and phone numbers) and was able to identify several individuals behind the websites, as well as obtain connected domains potentially belonging to the same fraud network.

Results

Global Fraud Network Exposed

The investigator’s access to WhoisXML API’s deep WHOIS history and DNS data led to the discovery of domains previously operated by individuals within the fraud network.

The advanced features of the Domain Research Suite enabled him to successfully cross-correlate individuals with domains they previously owned, directly linking them to the fraud scheme.

The investigator also found more connected domains using Reverse DNS Search within the Domain Research Suite.

1. Challenge 2. Solution 3. Results