Anti-fraud Triggers


There is a number of ways to detect a fraudster or a Malicious Bot on your website. Most companies use cookie-based solutions or/and a simple IP and User Agent checks which, in most cases, are ineffective when battling serious fraudsters and bot farms. FraudHunt has chosen a more sophisticated and technically advanced approach to the fraud problem. We analyze a wide range of device parameters and user behavioral patterns, powered by our machine learning modules they allow to accurately score every user of your website and detect fraud with an unmatched accuracy.

Our Trigger system was designed with regard to the most commonly used fraudster techniques and analysis of real users behavioral patterns. We analyzed billions of real users to come up with a flexible trigger based scoring system, which not only detects discrepancies in information about users devices but also finds combinations of triggers that allow us to detect certain fraud types and score every user correctly.

Top Anti-fraud Triggers


The name TOR is derived from an acronym for the original software project name “The Onion Router”. The network is actively used to conduct a wide range of illegal and fraudulent activities online.

Anonymous sessions

Anonymous sessions mean that the browser of a user will not save cookie files and all cookie based analytical solutions will count those as new users every time they visit your website.

Do Not Track option

When this option is on, it instructs the browser not to keep track of the user. In certain conditions and environments Do not track option may be a clear sign of fraudulent activities.

User agent change

User agent describes a situation when a user changes his/her user agent in a browser (with the help of extensions, for example (Linux posing as iOS, etc). User agent change is one of the types of emulation.

Ad blocking

The user cannot see advertising content on your page. AdBlock is not a sign of a typical fraudster in itself and has an extremely low fraudscore, but combined with certain other triggers it indicates certain bots and is useful for detecting specific fraud types. It also comes in handy when analyzing behavioral patterns of your real users.

Out-of-date operating systems

Old Operating System is one of the most common features of bot farms and automated systems. Such systems are extremely hard to update and they are pretty effective against less advanced antifraud solutions. Our Fingerprinting technology allows us to determine the OS used by your visitor and you to not waste time on bots instead of real users.

Emulation devices

Using virtual machines or emulators users disguise their activities. Fraudsters may use virtual machines to create appropriate environments, for example one emulates iOS on Linux platform and installs a legitimate Safari browser or, in case of some bot farms, they emulate an appropriate environment on the server side. The server then sends information to your website stating it is a machine with a number of parameters like platform, browser, etc.

PROXY services

People use PROXY services to hide their real IP address. PROXY Types are: Anonymizing VPN services, Tor Exit Nodes, Hosting Providers, Data Centers or Content Delivery Networks, and Web Proxies. Although Proxy services are sometimes used by real legitimate users to protect their privacy, they are a valid and widespread fraudster tool. Our solution is able to detect all kinds of proxy services as well as scan and extract a whole array of user ip addresses.

Out-of-date browser versions

Old Browser trigger fires for versions that the manufacturer of the said browser does not recommend to use (around 2 years old). The thing here is that bot farms and automated systems do not change their browser versions for years for the procedure is technically difficult and costly.

Country restriction list

Every business has a target audience. It is highly unlikely for someone from Peru to visit Canadian local retailers and vice versa. Our sophisticated fingerprinting solution determines the real location of a user irrespective of techniques used to hide it.


The user is a bot. Nearly 50% of all web traffic is coming from various Bots with around 20% coming from Good or Legitimate Bots and around 30% from Bad or Malicious Bots.

Time zone inconsistency

Analyzing different parameters of users’ equipment allows us to establish whether a certain user tries to hide his/her real location and their actuall time zone is a sure sign of such actions.

Language inconsistency

Users try to hide the culture/language they belong to/speak. Discrepancies in information about user’s location, culture, language, etc. is a sure sign of a fraudster.