Uncovering Signs of Internet Fraud with WHOIS & DNS Data | WhoisXML API

Threat Reports

Uncovering Signs of Internet Fraud with WHOIS, DNS, and IP Data

The FTC Consumer Sentinel Network1 reported US$3.5 billion in losses due to different types of fraud as of the third quarter of 2021. Clearly, fraud is an imminent threat that needs to be detected and prevented as early as possible to avoid further losses to individuals and the global economy.

WHOIS, IP, and DNS intelligence could bring us closer to achieving that. With the help of About Fraud’s2 succinct definitions of the different fraud types, WhoisXML API researchers prepared a white paper and related fraud research materials covering:

  • Account takeover and content abuse: Hundreds of domains and subdomains possibly typosquatting on Dropbox, which can be used to launch nefarious attacks with account takeover in mind.
  • Social engineering and authorized push payment fraud: Hundreds of disposable email domains that can be used in social engineering attacks, paving the way for authorized push payment fraud.
  • Card-not-present fraud: Over a thousand malicious IP addresses and their geolocation details, showing how IP intelligence can help with transaction verification and customer monitoring.
  • Promo abuse: Hundreds of email addresses used to register phishing domains and their verification details.
  • Reseller abuse and counterfeiting: Thousands of domains and subdomains that could be used to abuse the Adidas brand and its products.
  • Synthetic identity fraud: Thousands of .us domain names and their IP resolutions and WHOIS information, revealing that a significant percentage are not located in the U.S.

Download the fraud research materials now.


  • [1] https://public.tableau.com/app/profile/federal.trade.commission/viz/FraudReports/FraudFacts 
  • [2] https://www.about-fraud.com/fraud-definitions/
Try our WhoisXML API for free
Get started