Updates and Releases

Talon Notice – Update Required

If you are using our Talon.js for device analysis, you must update to version 6.x by Feb 29, 2024. Download v6.04 Talon JS in the EHAWK Portal (Account=>Settings, bottom of page) and update your talon code. Talon with versions below 6.x will stop working on March 1, 2024.

What's New?
Talon 6.04 has been rewritten to run much faster, support more browsers, and provide more reliable analysis.

How do I upgrade to the new 6.04 version?
Instructions are available on our website.
Release 5.21 - August 28, 2023
Improved IP Traffic Scoring
Updated algorithm for better tracking, especially with IPv6. Traffic scoring scores the quality of data in real time on IP networks:
  • IP Traffic Risk Level 1: Some traffic from this IP is associated with high-risk emails, names, phones, etc. (Default Score -10)
  • IP Traffic Risk Level 2: A high percentage of traffic from this IP is associated with high-risk emails, names, phones, etc. (Default Score -25)
  • IP Traffic Risk Level 3: The majority of traffic from this IP is associated with high-risk emails, names, phones, etc. (Default Score -50)
Risk levels are based on non-IP data and do not include any IP risk factors such as bots or proxies that are scored separately. Scoring for all current clients is set at Zero for all three levels. Please review the results in the portal and adjust your Score Profiles for your API keys to score these results.
Release 5.20 - May 3, 2023
IP Traffic Scoring
This new test/label scores IP traffic quality with the following results:
  • IP Traffic Risk Level 1: Some traffic from this IP is associated with high-risk emails, names, phones, etc. (Default Score -10)
  • IP Traffic Risk Level 2: A high percentage of traffic from this IP is associated with high-risk emails, names, phones, etc. (Default Score -25)
  • IP Traffic Risk Level 3: The majority of traffic from this IP is associated with high-risk emails, names, phones, etc. (Default Score -50)
Risk levels are based on non-IP data and do not include any IP risk factors such as bots or proxies that are scored separately. Scoring for all current clients is set at Zero for all three levels. Please review the results in the portal and adjust your Score Profiles for your API keys to score these results.
Talon 6.04
The new and improved Talon v 6.04 (improved speed, simplified calling, support for more browsers and plug-ins) is ready. Please email support@ehawk.net for ninstructions. We will be migrating all clients to use 6.x over the coming months.
Release 5.19 - September 22, 2022
Version 5.19 includes some bug fixes, additional pattern tests, speed improvements, and infrastructure updates to support end of year product enhancements.
Release 5.18 - June 13, 2022
New Tag Features
Added two new tag types: Always Bad and ABA as well as support for wildcards
  • Tag Always Bad is a new option that subtracts 5,000 points so the total score will always be -100 or less
  • Tag wildcards: You can now use wildacrd (*) values in tags for email, emaildomain, domains, phone, and name, where '*' = any character or characters. As an example: j*@example.com would tag jim@example.com, jjj@example.com, etc. These wildcard tags must be added using the Tag API.
  • ABA Tags: Bank routing number (ABA) in the US can now be added through the Tag API. These tags will check against API inputs values of 'routing_number'.
Activity: Phone has 2-5+ Names
Added tracking for phones with multiple names in Activity Unique area. For exiting customers, score has been set to zero. But we highly recommend adjusting these scores to meet your risk levels. Phones with multiple names are highy supecious.
Moving Period Search
Emails with moving periods (for example jim.smith@gmail,com, ji.msmith@gmail.com, jimsm.ith@googlemail.com) are all the same email, because several email systems ignore periods. EHAWK currently marks these as Email: Moving Periods. Now when you click on an email link in the Portal Data Reports detail all the emails associated with the moving period are displayed.
High Velocity Phones
Phones that have multiple emails and/or multiple names are added to the High Velocity Phone DB. If you would like to revive alerts on these phones, make sure to set the score in Community: High Velocity Phone to score worse than your Alert Threshold.
Alert Reviewed Tracking
The Alerts page in the portal now includes a new column 'Reviewed' for manually keeping track of portal users acting on the Alerts. When the checkbox is clicked, it will change to a green box and a mouse rollover will show the username name and timestamp.
Please also read Best Practices, Suggestions, Hints.
Release 5.17 - March 10, 2022
Improved revet=true Reporting
revet=true is used to skip activity tracking and counting when calling our API. Previously the call would not increment any counters as well as skip all activity reporting. With 5.17 the service continues to skip counter increments, but now returns the current activity state in the JSON and scoring. This is a more accurate analysis of the data and should help track activity status.
New DNS in JSON response for domain and emaildomain
Two new areas of information in the JSON response include NS, MX, and MX IP for emaildomain and domains. This data will be incorporated into the Portal views and analysis later this year.
As an example:
"domain" : {
Bug fixes include properly displaying Alert Notice email(s) and correcting filter options for Alerts in portal.
EHAWK does not use any Java in our codebase or systems, so we do not have exposure to Log4J
Release 5.16 - Dec 2, 2021
Release focused on bug fixes, performance, and getting the codebase ready for 2022 features.
Release 5.15 - Sept 15, 2021
Rotating API Keys
Periodically rotating keys is a good security policy. To make this easier, we added the ability to either relace API keys in the portal and invalidate the old key immediately or generate a new key and keep the old key valid for 24 hours, giving you time to update keys in your code and making the switch to the new key easier.
Apple New OS Information
Apple will release iOS 15 soon. The new OS has two new features that can impact E-HAWK scoring: Private Relay and Hide My Email.
  • Private relay generates a different IP from the end user, like a VPN, that is routed through Apple IP exit points. We have Added a new label/test 'iCloud Private Relay Proxy" to indicate if the IP is part of Apple's iCloud Private Relay network.
  • Because the Private Relay IP can be from a different location, Geo Location Delta can also be impacted. Apple always keeps the same country but our tests have shown the IP can be up to 2,000 miles away from the user address. So we recommend reviewing scoring for Geo Delta 2,000 and below. The Geo location for City and State in our JSON will also be impacted by these private relay IPs.
  • Hide My Email allows users to create an iCloud email that forwards email to the users real and specified account. This will not impact our system, but can cause issues down the line if the temporary email is deleted and users cannot get password resets or any emails from your systems.
New IP Information
We have added ASN, Netblock and RIR information to the JSON response under the IP array. These map the IP Owners, IP ranges and country locations. While not yet shown in the portal, this information will be used in future AI and also might add value to your data analysis.
Based on all the data breaches from other platforms and the increased security challenges, we highly recommend turning on 2FA for your E-HAWK accounts. Admins can require this for all users in Account-> Users and Setting button at the top of the page.
Also fixed some bugs such as searching for Transaction ID and other small issues
For existing clients, both tests will score zero until you have a chance to review the data and adjust the score as you see fit.
Release 5.14.1 - May 26, 2021
New Tests and Labels
We have split out some meta labels with email checks. New responses/tests now include:
  • Invalid TLD hits when the emaildomain has an invalid TLD (top-level domain), such as domain.tdi. Default score is -25. We recommend a score that matches Undeliverable for your API keys, as the email is not deliverable, but we skip the deliverable check to save time.
  • Undeliverable Timeout hits when the SMTP server does not respond to our mailbox request call. Default score is -1. On average this represents about .003 of all API calls, so many clients will never see it. But it means we could not test if the email is deliverable.
For existing clients, both tests will score zero until you have a chance to review the data and adjust the score as you see fit.
Release 5.14 - May 26, 2021
Updates and Bug Fixes
Added 'Always Score Good' to Tags. Setting a data point to 'Always Score Good' will add 5,000 points and should always result in a positive score. Added ability to download rollup reports across all your API keys. Fixed some bugs with reporting filters, fingerprint reporting, and activity incidents not including IPv6 entities.
Data Retention Now 30 Days
To simplify GDPR and other privacy requirements, we now only keep vetting data for 30 days (reduced from 35). So portal views and downloads will only show the last 30 days of data as of May 28th. Vetting data past 30 days is purged from our systems.

Release 5.13 - March 31, 2021
Risk Hit Spike Alarms on Dashboard
Replacing the old Area Activity charts on the Dashboard is a new Spikes area. If our service detects a significant spike for specific risk hit, the alarm is listed on the dashboard with links to easily view the data. As an example, if E-HAWK monitors detect a big increase in Disposable Emails, a Spike Alarm is created. The portal displays current alarms (last 24 hours) and all alarms for the last seven days that have a score profile of -25 or worse.
Report Download Enhancements
Download reports have moved to a background process. Report limits have been increased from 5k to 50k rows. On the Data Reports page in the Portal you will see a new Report Queue table when requesting a report. When the report is ready click on the download link in the queue table. Reports will be listed in the queue for two hours. Large data sets can take several minutes to process.
Campaign IP Blocklist API
This new API is designed for companies driving traffic via web campaigns. The API provides a list of IPs per campaign to block thus reducing click and lead fraud for your campaigns in real-time. When sending campaign_id with Vetting API calls, E-HAWK tracks campaign performance in real-time. If you are using any ad platform that supports IPs blocking per campaign, use this API to get a list of all IPs to add to campaign blocklists in platforms such as Google, Bing, and others. This will block these bad IPs from getting campaign traffic.
Obfuscate API
Use the Obfuscate API to replace all personal data with 'Data Obfuscated'. When calling with a transaction ID the API will replace IP, email, name, street, city, state, postalcode, and phone with 'Data Obfuscated'. Use this API when GDPR and other privacy laws require the obfuscation of personal information for a transaction.
Column Sorting on Data Reports Page
Click on any column name in the Data Reports page to sort. One click for ascending and two clicks for descending sorts. The sorting column will have a sort icon to the right with an order indicator. For example, to sort by IP click the IP column name.
Added Tests for Domains with No Web IP
Some domains just have MX records, but no IP in DNS. In this case the site is not viewable and the new test 'Domain: No Web IP' will hit. Scoring for current clients is set to zero.
Release 5.12 - February 1, 2021
Added settings to restrict Portal download of data. You can now turn off for all users or only allow admins to download data. Bug fixes include fixing lead source charts counts, timezone charts for our Australian users, and removing scoring data in JSON error responses.
Release 5.11 - November 30, 2020
With our rapid growth in usage, 5.11 was focused on upgrades to our backend infrastructure, code, and learning engines. We expect improved performance in API response times and the updated code positions us well for the many enhancements planed for 2021.
Release 5.9 - September 1, 2020
Lead Source Sub IDs
Added full support for sub IDs for lead sources. Just send lead_source=source name plus sub_id=subID when calling the API. Reporting as well as the Lead Source API will now include sub ID information. In addition, on the Lead Source Portal we added a Group button to easily rollup Lead Sources and all their Sub IDs.
Mandate 2FA for Portal Users
On the Users page in the portal, click on Settings and you can require Two Factor Authentication for all users in your account. We recommend turning this on for extra security.
Added Tests for Free Domains
In both emaildomain and domain checks, we added a test for domains from free services such as .ga and .tk. Hits are returned as Email: Free Domains and Domain: Free Domain. Default score is -5, but we recommend cranking that up a bit.
Added Dynamic DNS Checks
Domain checks includes Dynamic DNS tests for DDNS services such as proxydns.com. Default score is -10. These services are often used for home web sites and would typically not be used by corporate systems.
Release 5.8 - June 18, 2020
New chart view added to the Data Reports area
Click on the Chart Icon to quickly find out what specific risk hits impacted scores. Chart shows Risk Hits, Score Impact, Grouped by Risk Level. This chart can help you quickly identify why filtered lists of data are scoring bad or good. Give it a try and let us know what you think.
Added Campaign and Lead Source Report API
The API empowers users to get real-time reports on performance by Lead Source and Campaign. Easy to connect into Google Sheets or Excel to monitor lead source and campaign results. This replaces any emailed reports on performance. You can get more info using the API and view live data in an excel, gSheet, or any program that parses JSON to create tables.
Enhanced with IP ACLs to limit IPs that can call our APIs. IP ACLs limit inbound traffic to our api and feed-api endpoints. By default, our endpoints accept traffic from most IPs. By adding your IPs to this list, you restrict all endpoint access to only those IPs on ACL list. The ACL supports individual IPv4 entries as well as v4/24 CIDR blocks. To access, click on Account->Settings. If the ACL IPs are set and call from other IPs hit our endpoints, the JSON response code will be -6 with the error description of IP not in ACL.
Other Features
Added new cache times to both repeat and unique from 5 minutes to 12 hours. These settings are per API key.
All portal users will be asked to check their profile data every six months. Please make sure to update any wrong info. Admins can also add a phone number for text alerts on downtown and security issues from E-HAWK.
New Portal page of Account->Settings where you can manage the account main and technical contacts as well as get quick links to security settings. We will be adding Subscription info and credit card payments to the page in a future release.
We updated the look and feel of www.ehawk.net, created a new section for API docs (we now have 8 APIs) and simplified adding a ticket to our support system in the portal.
Release 5.7 - February 11, 2020

Version 5.7 adds new Email: Suspect Pattern test for emails that have bot like addresses. Default score is -5. Review your results and modify scoring as needed. The release also includes many backend updates for our portal such as updated charting, icons, and JS speed improvements.

Version 5.6 - December 17, 2019

Version 5.6 includes Two Factor Authentication for portal logins. For extra security, turn on Two Factor Authentication (2FA) for your account in the portal under Account | Profile. Also included are: New scoring report on the Data area that will download all data with risk hits and scoring, updated Dashboard charts, and several bug fixes.

Version 5.5 - November 19, 2019

Version 5.5 includes new tests for:

IP Connection Type
new scoring hits of: Connection Cable DSL, Connection Corporate, Connection Dial-up, Connection Cellular, or Connection Type Unknown. For existing API keys, these scores default to 0/Off. Please update in scoring profiles to start scoring these items.
Phone Carrier
for clients with extra phone testing: JSON returns carrier name and two scoring tests of Carrier Top US (Carrier is one of the top 4 US: ATT, Verizon, Sprint,T-Mobile) and Carrier Not Top US

We also fixed several bugs and made improvements in the backend to speed up API calls and portal dashboards. All charts and data show for 35 days and the Top Lists are now real-time.

Version 5.4 - October 15, 2019

Version 5.4 includes a redesign of our back-end to speed up reporting and portal data analysis. Also added a maximum millisecond setting for API processing time as well as security enhancements of session expire notices and password time limits.

Version 5.3 - June 4, 2019

Version 5.3 includes new tests:

  • Activity Multiple: IP has X Emails - when an IP has multiple emails. Default -1
  • Activity Multiple: Emails has X IPs - when an Email has multiple IPs. Default -1
  • Activity Multiple: IP has X Phones - when an IP has multiple phones. Default -1
  • Activity Multiple: Phones has X IPs - when a phone has multiple IPs. Default -1
  • Name: Profanity - Name contains profanity or high risk word. Default -50

Also added in the portal for Lead Source a new sort for Updated: New to Old and Old to New, fixed a bug for listing activity repeats in download reports, and improved back-end speeds.

Version 5.2 - May 7, 2019

Version 5.2 includes new features, tests, and some bug fixes listed below.

  • Access Control per API key for Portal users - limit the data they can view
  • Tag API paging and numbering parameters for large data sets
  • Domain Age checking extended to 60 days
  • Tagging common domains and email domains in the portal is not allowed anymore (gmail, icloud, hotmail, etc). You can still add via the Tag API, but too many clients were tagging gmail.com as bad by mistake and causing all traffic to score bad.
  • Added settings for Activity Multiple cache time frame
  • Added end date support for Report API<< /li>
  • New Tests
    • Domains and emaildomains (like .tk) that are free to own. Risk Hits are Domain: Free Domain and Email: Free Emaildomain. Default score -5
    • Email: Suspect Local checking the local part of emails for high risk patterns. Default score -5. Highly recommend this scores -80 or worse if you do not want email with the F word, etc. in them.
    • Name: Improper Case checks the name for proper case. Default score -1
  • Fixed: Lead ID exact search, download reports are now filtered properly
Version 5.1 - February 26, 2019

Version 5.1 is a minor release adding roll-up reporting for accounts with multiple API keys, domain traffic estimates as an extra charge feature, and many back-end speed improvements and bug fixes.

Version 5.0 - January 2, 2019

Version 5 is a major update to our platform empowering API key management, additional scoring and settings, and new tests. We have also

  • New area to create and manage API keys
  • Updated Scoring and Setting areas
  • Download Score Profile in csv as well as API call
  • New tests in Email, Activity Unique, IP
  • Updated Settings:
    • Ability to auto set timeout=>false for all API calls
    • Send email Alerts to multiple emails
    • Removed requirement for IP. API just requires a minimum of IP, Email, or Domain to score
  • Improvements and bug fixes for Fingerprint Linking, IP Velocity Movement

Manage and create API keys, Settings and Scoring

The portal has a redesigned area for managing API keys, changing scoring and settings. In the Account menu for Admins is a new option of API Keys Setting and Scoring. From there Admins can create, regenerate, and name keys. Each key also has unique Settings and a Scoring Profile.

Each account has one primary API Key (identified with key icon). All keys support vetting (api.ehawk.net) and feed (feed-api.ehawk.net: Tag, Alert, Activity, Report) API calls.

Keys with access to the Community API are identified with a icon and must be used for adding/managing Community data.

Each key has separate data, reporting, tags, alerts, fingerprints, activity tracking, settings, scoring profile and is listed by name in the View select menu to filter portal data. Use icons to copy Primary key settings and/or scoring to other keys.

The screens-hot below shows the new features and how to manage API keys.

We also added two API calls for scoring profile reports for an API key:
https://feed-api.ehawk.net/score/profile/?format=csv returns a .CSV file
https://feed-api.ehawk.net/score/profile/ returns a JSON

Updated Scoring and Setting Areas

The Scoring Profile area has been updated to hopefully make setting custom scoring and tracking easier. We have added a download link to get your scoring details in a .csv file. Click on the Area tabs and adjust scoring. No more labels, just numbers to adjust scoring.

New tests in Email, Activity Unique, IP

In addition to improving our blacklists and pattern recognition engine, we added the following tests:

  • IP Invalid returns when an invalid IP is sent, default score is -10
  • Activity Unique These hit when a unique items, such as email, has multiple items, such as phones. Each area has hits from 2 to 5+ repeats for scoring different levels. Default scoring for all hits is -1. Adjust based on your business needs. New tests include:
    • Email from X Lead Sources - when an email has multiple lead sources
    • Email from X Campaigns - when an email has multiple campaigns
    • Username links to X Emails - when a username has multiple emails
    • Email links to X Usernames - when an Email has multiple usernames
    • Username links to X Phones - when a username has multiple phones
    • Phone links to X Usernames - when a phone has multiple usernames

Updated Settings

In the settings area, per API key, you can now set timeout=>false for all API calls. This is recommended if sending email, domain, or phone as it adds many tests to the service. The system also supports adding multiple emails to Alerts. And finally, we have removed the requirement for an IP to process API calls. The API requires a minimum of IP, Email, OR Domain to run, so you could just send an email address. Please contact support if you would like help.