How does it work?

eComscan is fed 24/7 with threat intelligence from multiple sources. Learn why eComscan is usually weeks ahead in detecting the latest attack vectors.

Forensic analysis

Our experts are often “first at the scene”, hired by high profile victims for digital forensics and incident response. This uncovers new methodologies and fraud networks on a weekly basis. Our research team was the first to detect online skimming (also known as "form jacking" or "Magecart" attacks).

Static Analysis

More than two hundred thousands stores are analyzed for malicious content and activity around the clock. This produces valuable insight in new threats.

Honeypot network

We run a network of honeypot ("bait") webshops that produce valuable insight in the attacker TTPs (tactics, techniques and procedures). The latest signatures are distributed in real time to all of our clients.

Behavioral analysis

We work with ISPs, banks, Magento agencies and law enforcement to quickly disseminate attack methods when they are first spotted.

Security community

We receive many (anonymous) tips from fellow security companies or developers.

Historical analysis

We crawl and store historical copies of stores around the world. The data is then used for delta analysis to identify suspicious additions.


Our open source initiative MageVulnDB is the authoritative source on third party vulnerabilities in Magento extensions. Developers and merchants across the globe maintain this database, which registers whether a Magento extension is safe to use.

Heuristic engine

Automated behavioral analysis of stores (“simulating real customers”) often yields new attack methods.

Some screenshots of eComscan