Fraud Detection & Intelligence Wing
We deliver intelligence before crime for governments, law‑enforcement, and financial institutions—by crawling the open & dark web, fusing public fraud databases, and using neural detection to flag emerging scam networks.
What agencies get from day one
Actionable advisories on emerging scam kits, clone sites, mule clusters and creative reuse—before mass victimization.
Link graphs, artifacts, hashes, and timeline—exportable with chain‑of‑custody notes for rapid legal action.
Run FDIW inside national boundaries with full RBAC, MFA, audit logging, and private peering to agency systems.
Secure hotline + escalation playbooks for takedowns and coordinated actions with your cyber units.
FDIW model
A four‑stage intelligence stack that turns raw internet noise into operational leads.
Collection → Fusion → Detection → Intelligence.
Signals detected
We map clone sites, throwaway domains, mule wallets, forum chatter, recycled kits, and coordinated ad bursts across regions.
- Surface + dark web discovery of new domains & stores
- Chat/forum monitoring for fraud “kits”
- WHOIS, hosting, SSL, content‑fingerprint deltas
- Crypto wallet clustering & cash‑out heuristics
- Ad/campaign pattern spikes and geo pivots
Each pulse is a cluster under investigation.
How the AI works
entity: alpha-shop.co signals: - template_similarity: 0.99 (template-v3) - wallet_cluster: 14 previous exits - domain_age_days: 6 score: 92 explain: - "High template match and repeated cash-out behavior"
Graph linkage reveals shared infrastructure across entities.
Technology Stack — Open, Auditable, Trusted
FDIW runs on a fully open, permissive stack (MIT/BSD/Apache‑style). It’s transparent, license‑safe, and deployable on‑premise or sovereign cloud.
1) Collection
Large‑scale crawling & headless automation. Real‑time streams for chatter, logs, feeds; endpoint telemetry capture.
2) Storage
S3‑compatible data lake; relational stores for cases; open graph engine for networks; federated search.
3) Enrichment
Multilingual entity recognition, geolocation & network attribution, high‑volume data cleaning.
4) Detection
Time‑series anomalies, graph analytics across wallet/domain/phone, deep models for clone templates & behavior.
5) Visualization
Geospatial heatmaps and network graphs; mission‑specific dashboards for units and regions.
6) API & Integration
High‑throughput scoring APIs, secure inter‑agency channels, RBAC & MFA.
7) Deployment & Ops
Orchestrated containers, GitOps CI/CD, observability & audit logging; sovereign/on‑prem options.
Dashboards & API
Operations dashboard
Scoring API path
POST /v1/score → 92 (template-v3) • latency: 118ms
- Early‑warning alerts to law‑enforcement inboxes
- Bulk verification: upload lists, get scores back
- Case dossiers: ready‑to‑act intelligence packets
- On‑prem or sovereign cloud options
POST https://api.fdiw.org/v1/score
{
"entity": "alpha-shop.co",
"type": "domain"
}
→ {
"risk": 92,
"family": "template-v3",
"notes": ["wallet-cluster:14", "asn:high-risk"],
"explain": "High template match and repeated cash‑out behavior"
}
Case study: pre‑crime shutdown
Registration
13 domains spin up with shared SSL/ASN.
Detection
FDIW model flags cluster in 48h.
Dossier
Evidence pack generated with link graphs and risk 92.
Seizure
Authorities neutralize infrastructure before mass run.
Clustered scam domains flagged and neutralised before mass run.