Alertoscan

Alertoscan is a security intelligence platform purpose-built for the forensic analysis of fraudulent websites. The core is a real-time scanning engine that performs live, anti-detection scraping of arbitrary targets, extracts forensic signals from the rendered DOM and the full network layer, persists every observation into a property-graph threat database, and computes a 14-chain risk score weighted against the resulting cross-domain correlations.

Every scan resolves under a minute. Every result becomes a permanent, indexable intelligence record cross-linked to the broader threat graph. Anonymous access supports up to 3 scans per day per IP; signed-in accounts get 10. Results live at https://alertoscan.io.

Engine Capabilities

• Live target acquisition: server-side SPA rendering, TLS handshake inspection, full network telemetry capture
• Anti-detection scraping: bypasses Cloudflare Bot Management and similar interstitial protections in approximately 90% of real-world scans, so the forensic pipeline runs against the actual target rather than an error placeholder
• DOM and content forensics: build hashes, favicon hashes, content hashes, JS path hashes, image-set fingerprints. These are the signals that link cloned scam sites across rotated domains
• Network forensics: redirect chain reconstruction, full HTTP transaction log, resource breakdown by type, page-load timing decomposition (DNS, TCP, TLS, TTFB, DOM ready, page load)
• Identity forensics: multi-registry WHOIS resolution with fallback chains, hosting attribution, ASN mapping, geo, server software fingerprinting
• TLS forensics: certificate validity, issuer, expiry, protocol version, cipher suite, SHA-256 fingerprint, subject alternative names
• IOC extraction: emails, phone numbers, postal addresses, Telegram handles, crypto wallet addresses recovered from the rendered page, deduplicated against regulator warnings and victim reports
• Graph persistence: every node (domain, IP, certificate, identifier, signal, regulator warning) and every typed edge committed to the Alertoscan threat graph
• Live graph traversal: one-hop and multi-hop queries on each scan surface every domain forensically linked to the scanned target through shared infrastructure, identity, code, or regulator co-listing
• Cross-engine validation: domain reputation cross-checked against antivirus engines, financial regulators ingested directly from each authority's publications, Google Safe Browsing, Cloudflare Phishing Protection, and four community blocklists (MetaMask, ScamSniffer, Phishing.Database, Crypto Scam Intel) refreshed every 6 hours
• Scoring engine: 14 penalty chains and 2 bonus chains, each with escalating severity tiers; the resulting 0 to 100 Trust Score is an aggregate of objective forensic signals weighted in-house

Threat Graph

The Alertoscan threat graph is a property-graph database (Neo4j) populated entirely from first-party scans plus directly-ingested regulator publications. Every scanned domain becomes a node, every observation a typed edge. Edge families:

• Code / Content: content_hash, build_hash, similar_content, same_images, favicon_hash
• Infrastructure: ip_address, nameserver, ssl_fingerprint
• Identity: email, registrant, registrar, analytics_id, adsense_id, tracking_id
• Financial: phone_number, crypto_wallet
• Regulator warning: co-listing in the same warning by a non-dragnet regulator
• Manual link: analyst-curated connections that automated signals missed

The graph is the source of the Network tab on every scan page, the /networks/ registry, and the /signals/ and /infrastructure/ pivot pages.

Forensic Tools

• Scam URL Checker: Live forensic scan with Trust Score, network graph, IOC extraction, regulator cross-check
• Watchdog Radar: Direct lookup against active regulator warnings across financial authorities worldwide
• BreachRadar: Email-address breach lookup
• TechStack Checker: Application-layer fingerprinting (CMS, frameworks, analytics, hosting)
• Password Generator: Cryptographically secure passwords, passphrases, PINs (client-side, crypto.getRandomValues())
• All Tools

Intelligence Hubs

• Scan results: Per-domain forensic record with seven tabs (Overview, Threats, Network, Infra, Forensics, Reports, Raw)
• Watchdog Warnings: Public regulator warnings registry with per-authority pages
• Threat Networks: Forensic clusters in the threat graph
• Detection Signals: Genome signatures (favicon, build, content, JS path hashes) linking cloned platforms
• Community Reports: Victim-submitted reports, pre-moderated, propagated as IOCs across the graph
• Submit a Report

Methodology

• Trust Score: The 0 to 100 algorithm and its 14 forensic chains
• Documentation: Full technical documentation
• The Graph: Node/edge model, traversal semantics, persistence
• How Scanning Works: End-to-end pipeline reference
• Changelog: Release history from v0.1.0 onward

Resources

• Blog: Threat intelligence write-ups and scam investigations
• About
• Contact: Score disputes, partnerships, security disclosures

Legal

• Privacy Policy
• Terms & Conditions
• Cookie Policy
• Security Policy

Optional

• Brand Assets
• Sitemap
• Full Documentation for LLMs