Fight registration fraud and high risk transactions.

Our domain analysis project is well underway. We are adding close to 1 million new domains every day and building risk profiles for the domain and email domain. With all the new TLDs it is now cheaper to create domains with emails and start the fraud bots going then buying emails on the black market. This new system should help stop fraudsters trying to leverage new domains.

Screen Shot 2015-04-02 at 3.50.47 PM

April 2nd, 2015

Posted In: Reporting Portal, Vetting-API

Portal Admins can now adjust scoring values for about 100 different risk hit areas. Because each organization views risk differently, you can quickly increase or decease the score for many major risk hits. Just select Custom Scoring from the account menu in the portal, click on an area, and adjust the scores. Learn more.



April 2nd, 2015

Posted In: Reporting Portal, Vetting-API

Introducing power tools to quickly spot links between multiple vets and users. Compliance and risk managers can use this technology to “connect the dots” between fraudsters and protect against gangs and bots. The portal displays counts and links between devices, email, phones, IPs and domains.



The vet detail area now shows count badges next to items with multiple records. This IP and email have been seen twice, while the domain 139 times. Just click the value to quickly view all associated vets. If you terminate an account, you can use this feature to quickly see all accounts connected with the fraudster.

April 1st, 2015

Posted In: Vetting-API

Our friends at Cornershop Creative have created a plug-in for connecting E-HAWK vetting to Drupal sites. The code is open source. Download at https://www.drupal.org/node/2430497.

DrupalThe module provides controls for mapping fields in your Webform form to fields that E-HAWK uses to compute a risk score. It also provides an interface for mapping values returned by E-HAWK into hidden webform fields so E-HAWK’s computed results are readily available.

This module attempts to invoke its E-HAWK processing prior to normal webform submission handling, so you should be able to setup rules, actions or whatever else you might normally do to handle submissions based on the values provided by E-HAWK.



March 21st, 2015

Posted In: Plug-ins, Vetting-API

Actionable information is is critical when trying to catch fraudsters. Our JSON response includes all risk hits, and now we have updated the online web form to display reasons and risks areas too. And added a new parameter “compact=yes” to just display the scoring area. This is ideal for linking vetting into CRM systems. Lean more.


February 16th, 2015

Posted In: Vetting-API

Each organization views risk differently. Some consider spam history as very risky, others might not. A newly created domain might be high risk for some, but actually a good score for businesses selling hosting. So we have introduced custom scoring for all annual subscribers, empowering you to modify scoring to meet your business risk tolerance levels.


Configure over 100 items to create a custom risk score for your business needs. Contact your E-HAWK support team for full details.

February 16th, 2015

Posted In: Vetting-API

v2.27 is live with custom scoring, improved domain and website analysis, device fingerprint banning, updated web vetting form, and more. We expect to process over 100 million vets this year. Thanks to all of you for making this possible, providing invaluable feedback, and supporting our community fraudster sharing project.

February 16th, 2015

Posted In: Releases and Updates

Are you interested in the domain age? If it is parked? Suspended? Try adding timeout=no to your vets for additional domain and website analysis and testing. Some of the areas we test for include:

Website status: Under Construction, Default Template, Suspicious Content, Under Construction, Directory Listing Denied, Suspended, Index Listing, Access Denied, Response Code such as 404, 401, etc.

Domain status: Parked, Parked with Ads, Parked For Sale, Unverified, Invalid Host or Subdomain, Expired, Suspended, Invalid Host, etc.

Scores for all of these risk hits can be customized and any hits are also listed in the JSON response. For example: domain”:{“score_details”:[“Parked for Sale”]} tells you the domain is for sale.

January 10th, 2015

Posted In: Feed-API

Happy to announce that version 2.25 is released. This major release adds: risk reasons to the vet response and portal results, ability to ‘hold’ activity incidents, community fingerprint scoring, and more. Read below to learn about the new features and how to use them to optimize performance.

Version 2.25 – New Features

Risk Details Returned Within the JSON Response
Subscription customers can now get risk hit information as part of the JSON response. The new details area lists all major issues such as anonymous proxy, bots, spam blacklists, disposable emails, parked domains, geo issues, activity hits, fingerprint risks, and community reasons like fraud and phishing… empowering your organization to quickly identify specific risks and take immediate action.

As an example, if the IP score is -180, you can now see that it is linked to a bot, proxy, and on a spam blacklist:

"details": {
 "ip": {
 "score_details": [
 "Spam Blacklist"

Risk Details and Advanced Search in Portal
The Vet tab in the portal now supports searching for any input value such as IP, email, domain, phone, fingerprint, etc.

After a search, clicking on any row will show an information block listing all the areas, values, scores, and risk reasons. In the example below, the email is disposable, the phone fake, the IP is very high risk, and the geo-location data-points do not match up (IP from Asia and location from NY).


Clicking on a key value in this block, such as IP, will re-run the search for all vets using that IP, giving you instant insight to others who are accessing your system from the same IP. If you drop the last digits from the IP you can search for all vets with a specific IP block too.

This powerful search can be used to quickly find users with similar IPs, fingerprints, domains, email domains, and other input data.

If you would like to call the portal results page from your web app, just setup a link to: https://portal.e-hawk.net/vet/search?search_keyword=XXXX

Read the new Portal Help Guide.

Adding to Community and Feedback

Within the portal, it is now easy to provide user data to the community database. Just click on the Vet tab, enter search data such as an IP, email, domain, or fingerprint. Then click on a row of the result set to view details.

To the right of the vet information, select a reason under Add to Community and the data will immediately impact your following vets.


Fingerprint Community Scoring
Fingerprints that are part of the community database will now be scored for vets with matching device fingerprints under the Community scoring area. This is in addition to the standard fingerprint scoring. If you have a known fingerprint of a phisher, add it to the community using Feed-API calls and tag all future vets.

IP Geo Details Within JSON Response
As part of the new details area of the JSON, we now return city, country, and time zone of the IP, making it easy for you to modify workflow based on location and country risks.

"city": "Delhi",
"country": "India",
"timezone": "Asia",

Activity Incidents – New ‘Hold’ Status

The Activity Report lists all incidents tagged by our activity monitor during the last ten days. To the right of each incident are buttons: Correct to verify the incident as a bad actor, False to mark as incorrect (remove from scoring), and Hold to not score until marked correct or false. This report should be checked often because many times the first items in the incident are marked as low risk (no bad pattern yet), and the later ones are marked as high risk. If the incident is Correct, then make sure to take action on all items in the incident. Read the new Portal Help Guide.

Updated Materials and Guides
API Support Guide
FEED-API Support Guide
Portal Help Guide

November 13th, 2014

Posted In: General News, Releases and Updates

We have added over 1 million proxy servers to our internal database as well as incorporated some 3rd party proxy detection listings for both anonymous and transparent proxy detection. In addition, private IPs as well as IPs with no geo information will be marked as having some risk.

Our live feeds keep our information fresh and this should improve our proxy detection and fraud analysis.

November 8th, 2014

Posted In: General News, Vetting-API


« Previous PageNext Page »

© Copyright 2013 by E-HAWK. All Rights Reserved.