Autonomous investigation initiated from 3 user-provided signals. 11 attributes resolved across 14 open sources in 74 seconds.
Hold pending transactions and route this case to manual review before approval. The identity presented is internally inconsistent and the linked wallet sits close to a flagged cluster. Do not decline automatically — two high-severity signals depend on linkage confidence below 0.9.
Basis: 3 high-severity signals · deterministic ruleset v4.2 · case-level guidance, not a characterization of any individualSignals are defined rules evaluated against resolved findings — not model judgments. Each rule is versioned and documented.
| Severity | Signal | Triggered by | Rule |
|---|---|---|---|
| HIGH | Wallet proximity to flagged clusterInput wallet is 2 hops from an address cluster flagged for scam consolidation. | Finding F-06 | R-311 v4.2 |
| HIGH | Identity attribute mismatchName on breach records tied to the email does not match the name on the submitted profile. | F-02, F-03 | R-104 v4.2 |
| HIGH | Non-fixed VoIP with recent activationPhone resolves to a non-fixed VoIP line activated within the last 30 days. | F-04 | R-208 v4.2 |
| MED | Coordinated recent account creationReused username registered on 4 platforms inside a 12-day window. | F-05 | R-142 v4.2 |
| MED | Low-reputation email domainEmail domain is 41 days old with relay-style MX configuration. | F-01 | R-117 v4.2 |
| LOW | Breach exposureEmail appears in 3 known breach corpora. Informational — common for legitimate users. | F-02 | R-090 v4.2 |
Every finding cites its source and carries a linkage confidence: how strongly the discovered attribute belongs to the same identity as your input.
Domain quikmesh.io registered 41 days ago; MX records route through a disposable-relay provider. No organizational footprint found.
Email appears in 3 breach corpora (2019, 2021, 2024). Associated records carry the name “M. Vel***” and a secondary email address.
Name on submitted profile (“Jordan Velez”) conflicts with the name recurring across breach records tied to this email. Two independent corpora agree with each other and disagree with the profile.
Number resolves to a non-fixed VoIP line, activated within the last 30 days. No porting history prior to activation.
Username crypt0vlz — discovered via the breach-linked alt email, not provided as input — is registered on 4 platforms, all created inside a 12-day window in June 2026.
Input wallet is 2 transaction hops from cluster C-88, flagged for scam-proceeds consolidation. Proximity is not proof of control — treated as a risk signal, not an attribution.
How this report was produced. The agent expanded your 3 input signals over 6 autonomous pivots, querying 14 open and licensed sources. Linkage confidence expresses how strongly a discovered attribute belongs to the same identity as your input; it is computed from corroboration count and source reliability, not model intuition.
What the AI does and does not do. The model plans pivots and writes the narrative. Risk signals fire from a versioned, deterministic ruleset (v4.2). The recommended action is derived from signal severity — it is guidance for your workflow, not a determination about a person.