4.5 rating
Who do you want to investigate today?
Pick a starting point to uncover the full story.
During an interrogation, a suspect mentions someone named Jacob Griffin – an independent contractor who “just helps move stuff.” No background. No known connection. Just a name.
You search the name and surface matching profiles across several social platforms and public records.
Social connections reveal ties to individuals already flagged in gang-related cases in a neighboring jurisdiction.
One of those associates is linked to an offshore logistics company used in prior trafficking operations.
You find Griffin listed as a point of contact for the same company in a leaked registry record.
You pivot to internal case data, shared by an agency in a neighboring jurisdiction, and confirm that Griffin and several associates were named in an earlier narcotics investigation, but no charges were filed.
A trend is spreading online: #DownWithTheCEO. One of the most active accounts? @LoneLion47 – an anonymous profile using increasingly aggressive, possibly threatening language.
You search the alias and uncover several partial matches. One of which links to an IP block associated with Chicago, Illinois.
You activate keyword monitoring in that location to track mentions of the hashtag in real time.
A surge of related posts appears: calls for doxxing and explicit threats toward company executives.
Link analysis reveals two additional accounts frequently engaging with @LoneLion47, using similar language and patterns.
You preserve key findings and notify platform moderators and internal stakeholders.
A private bank’s fraud team reports that a high-net-worth client was contacted by someone impersonating them through a spoofed email. The client clicked the link. There may be more victims.
You start with the email address and uncover several linked domains and reused contact details.
You look them up and find that those domains appear in public phishing reports and blacklists. They are tied to previous bank impersonation attempts!
Pivoting from one domain, you identify related email aliases and overlapping infrastructure, including shared DNS records and registrars.
One domain leads to a dark web forum post advertising access to banking credentials. They match this client’s institution!
You cross-check the indicators in threat intel feeds and fraud databases, confirming it's part of an ongoing fraud campaign targeting financial institutions.
