Case Study: University College London uncovers smishing infrastructure trends with WhoisXML API

University College London (UCL) and WhoisXML API Understanding Smishing Infrastructures

University College London (UCL), a leading academic institution in London, wanted to understand the infrastructure behind smishing campaigns for research led by PhD student Sharad Agarwal. The team needed to analyze thousands of malicious domains and extract registrar details, but traditional command-line WHOIS lookups and Python packages made automated, large-scale querying difficult. They used WhoisXML API’s WHOIS API to access domain registration data at scale.

With WhoisXML API’s WHOIS API, UCL was able to automate WHOIS queries, collect registrar information from malicious URLs, and study the domain infrastructure criminals abused for smishing. The research identified trends in which registrars were most frequently abused, with abuse levels varying significantly across providers and different smishing categories showing distinct patterns. WhoisXML API enabled the team to complete the analysis efficiently and gain clearer insight into smishing domain infrastructures.

University College London

Sharad Agarwal

University College London