Case Study: Darksight Analytics improves fraud attribution with WhoisXML API

Darksight Analytics & WhoisXML API Exposing an Investment Fraud Network

Darksight Analytics, a cybersecurity firm in Denmark, needed help uncovering the entities behind a long-running global fraud network made up of invoice factories tied to cryptocurrency investment fraud and other schemes. The investigation was complex because the websites looked unrelated, but the hidden connections, shared infrastructure, and historical ownership patterns needed to be mapped. Darksight Analytics used WhoisXML API’s Domain Research Suite to support the investigation.

Using WhoisXML API’s deep WHOIS history, reverse DNS search, and other advanced domain research tools, the investigator pivoted from OPSEC clues such as email addresses, names, and phone numbers to identify people behind the websites and find additional connected domains. WhoisXML API helped cross-correlate individuals with domains they had previously owned, exposing parts of the fraud network and uncovering more related domains. The result was a clearer attribution of the scheme and the exposure of a global fraud network that had been active for years.

Darksight Analytics

Valdemar Balle

Founder, Open-source Intelligence Specialist