Shining the WHOIS and DNS Spotlight on International Fraud | WhoisXML API

Threat Reports

Shining the WHOIS and DNS Spotlight on International Fraud

Millions of users have fallen for online scams at least once—the primary reason why fraudsters haven’t stopped devising more and more malicious campaigns over time. In fact, a 2022 study found that users worldwide have lost as much as US$55.3 billion to scammers.1

WhoisXML API researchers recently conducted an IoC expansion analysis on three email addresses used in scams found by threat researcher Dancho Danchev that led to the discovery of:

  • 70+ domains that used the email addresses to register them, five of which turned out to be malicious
  • Close to 10 IP addresses that played host to the email-connected domains we identified, about a third of which were confirmed malware-laden
  • 1,800+ domains that shared the IoCs’ IP hosts, six of which turned out to be malware hosts
  • 1,800+ domains that contained some brand names that appeared as strings in the email- and IP-connected web properties we found, 60+ of which have been dubbed malicious

Download a sample of the threat research materials now and the first part of the OSINT analysis data compiled by Dancho Danchev or contact us to access the complete set of research materials.

  • [1]
Try our WhoisXML API for free
Get started