1. Introduction

Welcome to the Captain IV User Guide. This comprehensive documentation will help you master the Internet Verification Engine designed for Payment Risk Operations at Amazon.

Key Capabilities:

• Automated MO detection (Military, Educational, Correctional, Test Accounts, Corporate, Reseller)
• Fraud MO detection (Munged Address, Tech Scam, Family Fraud, Identity Theft)
• Global marketplace coverage (40+ countries with local OSINT tools)
• IP intelligence with VPN/Proxy detection (60+ provider database)
• Risk vector analysis across Billing, Shipping, Card, and IP countries
• Email domain analysis (Disposable, Privacy, Risky, Free, Corporate)
• Interactive network intelligence with geolocation mapping

2. Getting Started

Accessing the System

Navigate to the main menu and click RUN IV to begin an investigation. The system uses Basic Authentication for security.

System Requirements

• Modern web browser (Chrome, Firefox, Edge, Safari)
• Corporate VPN connection (required for internal tools)
• Access credentials (provided by system administrator)

3. Input Parameters

The investigation form is divided into four main sections:

Section 01: Subject Identity & Address

• Target Name: Full name of the subject (required for identity verification)
• Email Address: Subject's email (triggers domain analysis)
• Phone Number: International format recommended (+XX NUMBER)
• Full Address Line: Complete address (STREET, CITY, ZIP)

Section 02: Link Analysis (Relations)

• Linked Person / Relative: Name on credit card or family member (triggers Family Fraud check)
• Company / Organization: Corporate entity (triggers Corporate MO verification)

Section 03: Transaction Vectors

• Region: Geographic region (North America, Europe, Asia-Pacific, etc.)
• Marketplace: Transaction origin marketplace
• Country Codes (2-Letter):
  • BA (Billing Address): Payment method country
  • SA (Shipping Address): Delivery destination
  • CC (Card Country): Issuing bank location
  • IC (IP Country): Network origin
• Specific IP Address: IPv4 or IPv6 (triggers IP reputation check)

Section 04: Intelligence Hints

Optional field for additional context, keywords, or investigator notes that may help with MO detection.

4. Understanding Results

After clicking Initialize Internet Verification, the system processes your inputs through five phases and displays comprehensive results.

Vector Summary

Visual display of geographic consistency across transaction vectors (Marketplace, BA, SA, CC, IC). Mismatches are highlighted for quick identification.

Network Intelligence

Interactive map powered by Leaflet.js showing:

• IP geolocation with precise coordinates
• ISP detection and identification
• VPN/Proxy detection (60+ provider database)
• Network origin analysis

Analysis Findings

Risk factors and MO detections with severity tags:

• CRITICAL: Immediate action required (e.g., Disposable Email, Tech Scam MO)
• HIGH: Significant risk indicator (e.g., Munged Address, Identity Theft Risk)
• INFO: Informational finding requiring review (e.g., Corporate MO Check)
• SAFE: Legitimate pattern detected, reduces false positive risk (e.g., Military MO)

5. OSINT Queries

Captain IV generates targeted investigation queries across five categories:

Identity & Social

• Google name search with location context
• Social media scan (LinkedIn, Facebook, Instagram)
• Google Maps address verification
• Link analysis (name + related person)

Corporate

• LinkedIn employment verification
• General corporate check (name + company)

Local (40+ Countries)

Marketplace-specific tools including:

• US: FastPeopleSearch, OpenCorporates, BBB
• UK: 192.com, Companies House, Endole
• FR: PagesJaunes, Societe.com
• DE: Das Telefonbuch, North Data
• AU: ABN Lookup, White Pages
• BR: Escavador, Jusbrasil
• ...and 34+ more countries

Technical

• IP reputation (AbuseIPDB)
• Email reputation check

Email Intelligence

• Hunter.io verification
• HaveIBeenPwned breach check

6. MO Detection

Captain IV applies intelligent pattern recognition to identify both legitimate and fraud patterns.

Legitimate MOs (Reduce False Positives)

• Test/Internal Accounts: Ireland IP (Amazon HQ/Servers), "TEST ORDER" keywords
• Military MO: APO/FPO/DPO addresses, .mil/.gov domains, rank keywords
• Educational MO: .edu/.ac domains, campus/university keywords
• Corporate MO: LinkedIn employment verification
• Correctional MO: Inmate/prison keywords
• Reseller MO: Freight forwarder keywords (Aerocasillas, Shipito, etc.)

Fraud MOs

• Munged Address MO: Unnecessary prefixes (HOME:, TO:, SHIP:), repeated characters
• Tech Scam MO: Remote access keywords (TeamViewer, AnyDesk, LogMeIn)
• Family Fraud: Surname match between account holder and related person
• Identity Theft: Complex alphanumeric email mismatch with name

Email Domain Analysis

• Disposable Email (CRITICAL): yopmail.com, temp-mail.org, guerrillamail.com, etc.
• Privacy Email (HIGH): protonmail.com, tutanota.com, cock.li
• Risky Email (HIGH): gmx.com, gmx.net, mail.com (fraud history)
• Free Email (INFO): gmail.com, yahoo.com, hotmail.com
• Corporate/Private Domain (INFO): Any domain not in above lists

7. AI Integration

Captain IV generates AI-ready JSON payloads for advanced analysis via Quick Suite and PartyRock.

Quick Suite Analysis (BI + Knowledge Base)

Click the QUICK SUITE ANALYSIS button to:

1. Automatically copy the JSON payload to your clipboard
2. Open Quick Suite in a new tab
3. Paste the payload into Quick Suite chat for AI-powered analysis combining Business Intelligence and Knowledge Base insights

PartyRock Agent

Click the PARTYROCK AGENT button to:

1. Automatically copy the JSON payload to your clipboard
2. Open the PartyRock Agent in a new tab
3. Paste the payload for conversational AI analysis

JSON Payload Structure

The AI Context Hook includes:

• context: "Fraud Investigation"
• subject: {name, email, phone, address}
• relations: {linked_person, corporate_entity}
• vectors: {bill, ship, card, ip}
• findings: [array of risk factor texts]
• hints_provided: investigator notes

8. Best Practices

Investigation Workflow

1. Gather Complete Data: Collect all available information before starting the investigation
2. Review Vector Summary: Check for geographic consistency across transaction vectors
3. Analyze Findings: Review severity tags (CRITICAL, HIGH, INFO, SAFE) in Analysis Findings
4. Execute Top Queries: Use "OPEN TOP QUERIES" for priority investigation
5. Verify Network Intelligence: Check IP geolocation and VPN/Proxy detection
6. Leverage AI Analysis: Use Quick Suite or PartyRock for advanced insights

Common Scenarios

Scenario 1: Disposable Email Detected

• CRITICAL alert will appear in Analysis Findings
• Cross-reference with other risk factors (IP mismatch, High-Risk Country)
• Execute Email Intelligence queries (Hunter.io, HaveIBeenPwned)

Scenario 2: Military MO Detected

• SAFE tag indicates legitimate pattern
• Verify APO/FPO address format
• Check for .mil/.gov email domain
• Proceed with standard verification (not fraud indicator)

Scenario 3: IP/Shipping Mismatch

• HIGH alert for Disguised Address MO
• Check Network Intelligence for VPN/Proxy detection
• Verify if IP is in Ireland (possible Amazon internal/test account)
• Cross-reference with marketplace regional exceptions

Tips for Efficient Investigations

• Use Intelligence Hints field to document context or keywords
• Leverage Local OSINT Tools for marketplace-specific verification
• Review both SAFE and CRITICAL findings (SAFE reduces false positives)
• Combine OSINT results with AI analysis for comprehensive insights
• Document Case ID for audit trail (no PII stored)