Forensic Intelligence
CRITICAL· Money Laundering Relay — 624 ETH in 24h — Active Poisoner Detected CRITICAL· Phishing Node Funded by 2 Confirmed Scam Addresses — 32 Victims CRITICAL· Coordinated Poisoning Campaign — 9 Vanity Addresses — Same Counterparty CLEAR · Sanctions Screening OFAC · OpenSanctions · Chainalysis — 36 Chains Monitored HIGH· Fan-Out Dispersion — 82 Unique Recipients in 24h — Hub-Spoke Layering HIGH· Funding Relay Detected — 0.0% Amount Variance — 1min Average Delay CRITICAL· Money Laundering Relay — 624 ETH in 24h — Active Poisoner Detected CRITICAL· Phishing Node Funded by 2 Confirmed Scam Addresses — 32 Victims CRITICAL· Coordinated Poisoning Campaign — 9 Vanity Addresses — Same Counterparty CLEAR · Sanctions Screening OFAC · OpenSanctions · Chainalysis — 36 Chains Monitored HIGH· Fan-Out Dispersion — 82 Unique Recipients in 24h — Hub-Spoke Layering HIGH· Funding Relay Detected — 0.0% Amount Variance — 1min Average Delay
// Forensic Intelligence Portfolio — Scott McClure

On-Chain
Investigator

Building the tools that find what bad actors try to hide.

0 Wallets Traced
0 Flags Detected
36 Chains Covered
0 ETH Flagged
Try Sisu Free → View Case Files
01 // Projects

Tools Built

Live
ᚢ Sisu

AML/OSINT blockchain forensics platform. Traces wallets across 36 chains, detects structuring, poisoning campaigns, funding relays, and fan-out dispersion. Court-ready PDF output anchored on Base L2.

FastAPI Python Streamlit Railway EVM ZK Proofs OFAC
sisu.blue → Dashboard →
Active
Ghostline

On-chain tracing engine inside Sisu. Async RPC clients, multi-chain transaction graph construction, address clustering via Union-Find, and Circom/Groth16 zero-knowledge proof integration for privacy-preserving attestation.

Python Circom Groth16 ZK-SNARKs Union-Find Graph Theory
Module of Sisu
Active
Geoprint

Geolocation and EXIF intelligence module baked into Sisu. Extracts location metadata from on-chain evidence artifacts, correlates wallet activity with geographic signals to build operator profiles.

EXIF OSINT Geolocation Python Metadata
Module of Sisu
Beta
Folio

Unified knowledge workspace with deep work session management. Focus.Launch module provides "Just One Thing" single-task sessions. Compiled React 19 single-file bundle deployed via GitHub Pages.

React 19 GitHub Pages Productivity Single-file Bundle
Personal Tool
Beta
Web3 Bug Bounty Dashboard

Cyberpunk-themed React dashboard for tracking and managing Web3 bug bounty campaigns. Local deployment tool for researching DeFi protocol vulnerabilities and coordinating responsible disclosure.

React DeFi Security Immunefi
Local Deployment
Live
Sisu Bulk Trace Tool

Browser-based batch investigation tool. Scrapes wallet addresses from Etherscan and Chainabuse, queues them for sequential tracing against the Sisu API, and exports results as CSV or JSON.

HTML/JS Etherscan Chainabuse Batch Processing
Dev Tool
Active
Ghostline VPN

Self-hosted personal VPN built on WireGuard, deployed on a private VPS. Full ownership of traffic and keys — no third-party logging. Managed via wg-easy web UI with multi-device client support across macOS, iOS, and other platforms.

WireGuard Docker Linux VPS Self-hosted Privacy
Personal Infrastructure
Active
Mac Sentinel

Lightweight personal antivirus for macOS. On-demand and scheduled file scanning via YARA rules and VirusTotal API hash lookups, real-time FSEvents directory monitoring, launch agent auditing, and a rumps menu bar UI — no kernel extensions or Apple entitlements required.

Python YARA VirusTotal API FSEvents macOS rumps
Personal Tool
Active
Predator Block

All-out privacy and anti-tracking browser companion. Blocks ads, trackers, fingerprinters, data brokers, and predatory capitalist surveillance infrastructure. Tactical ops dashboard aesthetic with live block counters by threat category and per-domain toggle controls.

Browser Extension Privacy Ad Blocking Fingerprint Protection HTML/JS
Personal Tool
Active
Focus.Launch

Executive dysfunction-aware deep work tool integrated into Folio. "Just One Thing" mode eliminates decision paralysis by surfacing one clear next action. Features energy check-ins, a live session HUD, pause/resume flow control, and session logging — built to reduce friction between intention and execution.

React Folio Module Productivity Neurodivergent-friendly localStorage
Module of Folio
02 // Case Files

Dirty Wallets Found

All addresses and identifying information redacted. On-chain attestation hashes preserved for verification.

CASE-2026-001 · 2026-03-22 100 · CRITICAL
Active Money Laundering Relay
ADDR 0xAE8cBB7e810f59Fd0dd939b2b6623756D91B174A REDACTED
CRITActive money laundering relay processing ~$1.5M in a single day, 0.0% amount variance, 1-min average delay between receive and forward.
HIGHSimultaneous outbound poisoning attacker — 162 dust transactions sprayed to 12 victim wallets (93% of all outbound activity).
HIGHTwo distinct funding relay chains identified with correlated counterparties, likely controlled by same entity.
ETH Volume
~624 ETH
Wallet Age
0 days
Flags
21
ON-CHAIN: 09dcb1e5a238...
CASE-2026-002 · 2026-03-22 100 · CRITICAL
Coordinated Address Poisoning Campaign
ADDR 0x5539322bE18cB13d35d7C76607bA46EEcC9157e3 REDACTED
HIGH9-address coordinated poisoning campaign — all vanity addresses mimicking same real counterparty, matching first 4 and last 4 characters.
HIGHWash cycle detected: same two counterparties cycling funds 4x in one day with near-zero spread — confirmed layering behavior.
MEDFlow ratio anomaly: 2.8x outbound skew — 41 ETH sent against 14 ETH received, indicating significant off-window funding.
ETH Sent
41.24 ETH
Poisoners
9 addresses
Flags
5
ON-CHAIN: 217cfb9870d8...
CASE-2026-003 · 2026-03-23 100 · CRITICAL
Active Phishing Operation Node
ADDR 0x4DE23f3f0Fb3318287378AdbdE030cf61714b2f3 REDACTED
CRITOutbound poisoner — 90 dust/zero-value transactions sprayed to 32 victim addresses. 76% of all outbound activity is active poisoning.
HIGHFunded directly by 2 confirmed scam/phishing addresses in Blockscout database — provenance established to known criminal infrastructure.
HIGHCircular flow detected with 2 counterparties — likely same operator testing infrastructure or recycling gas.
Victims
32 addresses
Source
2 scam addrs
Flags
9
ON-CHAIN: 0ad5c59542226...
CASE-2026-004 · 2026-03-22 74 · CRITICAL
Automated Dispersion Hub — Live Distribution Node
ADDR 0x9FC3da866e7DF3a1c57adE1a97c9f00a70f010c8 REDACTED
HIGHFan-out dispersion: 190 transactions to 82 unique addresses within 24 hours. Hub-and-spoke layering pattern. 453 tx/day rate.
HIGHNew wallet (0.4 days old) with immediate high-volume scripted activity — automated infrastructure deployed same day.
MEDDormant 800 days then reactivated — possible compromise or deliberate timing to avoid pattern detection.
Balance
39.39 ETH
Recipients
82 unique
Flags
7
ON-CHAIN: 85ee477164e9...
03 // About

The Investigator

I'm Scott McClure — a Special Education Paraprofessional by day and a blockchain forensics tool builder the rest of the time. Sisu is a solo project built from a conviction that the tools to investigate financial crime shouldn't cost $100k/year.

My background spans cybersecurity, blockchain forensics, and OSINT. I built Sisu because the space between free OSINT tools and enterprise AML platforms is enormous — and the people who most need investigative capability are exactly the ones priced out of it.

Every flag Sisu surfaces, every relay it detects, every poisoning campaign it maps — that's the missing middle doing what enterprise software should have been doing for the people who can't afford it.

Available for freelance and contract work in fintech, crypto compliance, and forensic tooling. Reach out at [email protected]

Blockchain Forensics
🐍
Python / FastAPI
⚛️
React / Frontend
🔍
OSINT Investigation
🔐
Zero-Knowledge Proofs
🏦
AML / Compliance
04 // Connect

Find Ghostline