← defencecore.com
Sample report — all data fictional
DefenceCore · Investigation Report

Case DC-2026-08412

Autonomous investigation initiated from 3 user-provided signals. 11 attributes resolved across 14 open sources in 74 seconds.

Input signals
email · phone · wallet
Attributes resolved
11
Sources queried
14
Signals fired
3 high · 2 medium · 1 low
Completed
2026-07-04 09:32 UTC
Recommended action
Escalate — manual review

Hold pending transactions and route this case to manual review before approval. The identity presented is internally inconsistent and the linked wallet sits close to a flagged cluster. Do not decline automatically — two high-severity signals depend on linkage confidence below 0.9.

Basis: 3 high-severity signals · deterministic ruleset v4.2 · case-level guidance, not a characterization of any individual
Layer 2

Risk signals

Signals are defined rules evaluated against resolved findings — not model judgments. Each rule is versioned and documented.

SeveritySignalTriggered byRule
HIGH Wallet proximity to flagged clusterInput wallet is 2 hops from an address cluster flagged for scam consolidation. Finding F-06 R-311 v4.2
HIGH Identity attribute mismatchName on breach records tied to the email does not match the name on the submitted profile. F-02, F-03 R-104 v4.2
HIGH Non-fixed VoIP with recent activationPhone resolves to a non-fixed VoIP line activated within the last 30 days. F-04 R-208 v4.2
MED Coordinated recent account creationReused username registered on 4 platforms inside a 12-day window. F-05 R-142 v4.2
MED Low-reputation email domainEmail domain is 41 days old with relay-style MX configuration. F-01 R-117 v4.2
LOW Breach exposureEmail appears in 3 known breach corpora. Informational — common for legitimate users. F-02 R-090 v4.2
Layer 1

Findings — resolved identity graph

Every finding cites its source and carries a linkage confidence: how strongly the discovered attribute belongs to the same identity as your input.

0.96 0.93 0.81 0.74 2 hops [email protected]INPUT · EMAIL +1 (415) 555-0187INPUT · PHONE 0x4f9c…ab21INPUT · WALLET RESOLVED ENTITY E-01 username “crypt0vlz”4 PLATFORMS 3 breach records2019 · 2021 · 2024 alt email (breach-linked)m.vel***@***.com wallet cluster C-88 flagged
your input linked · high confidence linked · medium confidence flagged entity
F-01 · Email domain profilepivot: input → domain intel

Domain quikmesh.io registered 41 days ago; MX records route through a disposable-relay provider. No organizational footprint found.

WHOIS 2026-07-04MX lookup fact confidence 0.98
F-02 · Breach exposurepivot: email → breach corpora

Email appears in 3 breach corpora (2019, 2021, 2024). Associated records carry the name “M. Vel***” and a secondary email address.

Breach corpus ABreach corpus CBreach corpus F linkage 0.93
F-03 · Profile name mismatchpivot: breach records ↔ submitted profile

Name on submitted profile (“Jordan Velez”) conflicts with the name recurring across breach records tied to this email. Two independent corpora agree with each other and disagree with the profile.

F-02 recordsSubmitted profile linkage 0.81
F-04 · Phone line intelligencepivot: input → carrier data

Number resolves to a non-fixed VoIP line, activated within the last 30 days. No porting history prior to activation.

Carrier lookup 2026-07-04 fact confidence 0.97
F-05 · Username reusepivot: alt email → username → platform scan

Username crypt0vlz — discovered via the breach-linked alt email, not provided as input — is registered on 4 platforms, all created inside a 12-day window in June 2026.

Platform scan · 4 hitsAccount metadata linkage 0.96
F-06 · Wallet cluster proximitypivot: wallet → transaction graph

Input wallet is 2 transaction hops from cluster C-88, flagged for scam-proceeds consolidation. Proximity is not proof of control — treated as a risk signal, not an attribution.

On-chain graph 2026-07-04Cluster flag list linkage 0.74
Methodology

How this report was produced. The agent expanded your 3 input signals over 6 autonomous pivots, querying 14 open and licensed sources. Linkage confidence expresses how strongly a discovered attribute belongs to the same identity as your input; it is computed from corroboration count and source reliability, not model intuition.

What the AI does and does not do. The model plans pivots and writes the narrative. Risk signals fire from a versioned, deterministic ruleset (v4.2). The recommended action is derived from signal severity — it is guidance for your workflow, not a determination about a person.