Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.extractor.live/llms.txt

Use this file to discover all available pages before exploring further.

The AML Detector acts as a pre-screening tool — providing fast initial risk detection before deeper analysis. It checks every transaction against the configured address lists and fires an alert when a match is found.
AML scores are not always real-time. When you open an alert, the system may re-query the score — so the value shown may differ slightly from the one that originally triggered it.

Source

Specifies which address list the detector checks against. Only one source can be selected at a time.
Extractor’s proprietary AML address database — maintained and updated continuously by Hacken.

Tags filter

Narrows alerts to specific AML risk categories. Enter tags as comma-separated values — prefix with ! to exclude. 
sanctions, exploit        ← match either
!sanctions                ← exclude sanctions, match everything else
TagMeaning
cybercrimeOFAC-listed or cybercrime-related activity
sanctionsDirectly sanctioned entities
sanctions_exposureIndirect exposure to sanctioned entities
suspiciousFlagged for suspicious behavior
exploitInvolved in a known exploit

Score condition

Filters alerts based on AML risk score in the range 0.0 – 100.0.
Addresses without a score WILL trigger an alert at Info severity. Use this when you want visibility into any address interaction, regardless of scoring coverage.

Tracking options

Select which transaction components are evaluated:
  • Track Transaction — all addresses involved in the transaction
  • Track From — sender address only
  • Track To — recipient address only
  • Track Token — token transfer addresses (the monitored address is treated as the token contract)

Custom addresses

Add your own addresses in CSV format: 
Address, Score, Name, Tags
0x1049a94a2238297156826cfcd8b35a3c0400ee98, 80.0, Tornado Cash, ofac;sanctions
  • Score — value between 0.0 and 100.0
  • Tags — semicolon-separated (e.g., ofac;sanctions)

Severity

Set to Auto to let the detector map the AML score to severity automatically, or override with a fixed level: Critical · High · Medium · Low · Info.