About & Methodology

Understanding how ScamDOX detects and exposes fraudulent broker networks.

What is ScamDOX

ScamDOX is a forensic intelligence platform that identifies and exposes networks of linked fraudulent broker platforms. We track clusters of scam websites that operate under different brand names but share common ownership, infrastructure, and content.

Unlike traditional blacklists that track individual sites, ScamDOX maps entire networks of connected fraud operations. When one scam site is discovered, our methodology reveals its entire family of related domains—often dozens or hundreds of interconnected fraudulent platforms operating simultaneously.

Our mission is to provide investors, journalists, and law enforcement with actionable intelligence about fraudulent broker networks before victims lose money.

How It Works

Content Recycling Detection

Fraudulent broker networks frequently recycle identical content across multiple domains. Sites within the same scam network often share identical legal disclaimers, terms of service, risk warnings, and marketing copy—sometimes word-for-word across dozens of different brand names.

By identifying these shared content patterns, we can map entire networks of connected fraudulent sites. When a new domain appears using recycled text from a known scam network, it's immediately flagged as part of that cluster.

This methodology is particularly effective because legitimate brokers write unique legal documentation specific to their regulatory jurisdiction and business model. Mass content recycling is a strong indicator of industrial-scale fraud operations.

Automated Discovery

Our scanning system continuously searches for domains exhibiting known content patterns associated with fraudulent broker networks. Each discovery is logged, screenshotted, and analyzed for classification.

All discovered domains undergo manual review before being classified as confirmed scams, review sites quoting scam content, or false positives. Only confirmed fraudulent platforms appear in our public database.

Infrastructure Correlation

Beyond content analysis, we track technical infrastructure patterns that reveal network connections:

  • Shared IP addresses — multiple scam domains hosted on identical servers
  • Common nameservers — DNS infrastructure controlled by the same operators
  • SSL certificate patterns — certificates issued in batches for related domains
  • WHOIS registrant data — shared registration details, privacy services, or patterns
  • Favicon hashing — identical site icons across different brands
  • ASN clustering — hosting preferences and network operator patterns

When domains share multiple infrastructure elements in combination with recycled content, the probability of common ownership approaches certainty. These correlations allow us to map organizational structure and operational scale.

Our Database

The ScamDOX intelligence database currently tracks multiple large-scale fraudulent broker networks, each operating dozens to hundreds of interconnected domains under different brand identities.

Each tracked cluster includes historical data, infrastructure mapping, screenshot evidence, and victim reports. We maintain a complete timeline of domain discovery, status changes, and technical evolution over time.

All data is collected through automated scanning and publicly available infrastructure APIs. We do not conduct penetration testing, social engineering, or any activities that could be construed as unauthorized access.

How to Use ScamDOX

Before you invest, search for the broker's name or domain on ScamDOX. If the platform appears in our database, you'll see which scam network it belongs to, how many related domains exist, and what infrastructure it shares with known fraudulent operations.

Browse our cluster directory to explore mapped networks by category, or search the complete domain database to check specific sites.

ScamDOX is a research tool, not financial advice. Always conduct thorough due diligence before investing, verify regulatory registration, and consult with licensed financial professionals.

Report a Scam

If you've encountered a fraudulent broker platform that isn't in our database, please submit a report. Reports with detailed evidence help us identify new networks and protect future victims.

We review all submissions and will add confirmed scam operations to our tracking system. Your report may expose an entire network of related fraudulent sites.

Frequently Asked Questions

Is this list complete?

No. ScamDOX focuses on specific large-scale networks that exhibit clear patterns of content recycling and infrastructure sharing. Many smaller scam operations and isolated fraudulent sites are not tracked. Our database grows as new networks are identified and mapped.

How often is the database updated?

Our automated scanning system runs continuously, discovering new domains daily. Infrastructure data is refreshed periodically to track changes in IP addresses, nameservers, and SSL certificates. All discoveries undergo manual review before public classification.

What if a domain is incorrectly classified?

If you believe a domain has been incorrectly classified as fraudulent, please contact us with evidence of legitimacy (regulatory registration, corporate documentation, etc.). We take classification accuracy seriously and will investigate all disputes.

Can I use this data for research or journalism?

Yes. ScamDOX is designed to support investigative journalism, law enforcement, and academic research. All public data is available for these purposes. If you need bulk data access or API integration, please contact us to discuss your requirements.

Who operates ScamDOX?

ScamDOX is an independent research project focused on exposing fraudulent broker networks. We are not affiliated with any regulatory agency, brokerage, or financial institution. Our work is supported by concerned individuals who have witnessed the damage these scam networks inflict on investors.

Why don't you share the specific detection methods?

Revealing exact content patterns and fingerprints would allow scam operators to evade detection by modifying their templates. We share the general methodology (content recycling, infrastructure correlation) while protecting the specific indicators that make our scanning effective.