check the validity or expiration of a network certificate associated with a request to create a certificate score, the request being from a user and for access to a trial subscription service of a merchant;

analyze previous communication from the user from which the request originates across a plurality of entities and regions to create a previous communication score, the analysis including a determination that multiple previous communications from the user embody a consistent header formatting and a common internet protocol (IP) address, the previous communication score reflecting higher fraud likelihood for consistent header formatting of the multiple previous communications from the common IP address, the consistency being indicative of attempted repeated fraudulent utilization of the trial subscription service;

conduct a messaging protocol check for a server associated with the request to create a protocol score, the messaging protocol check including and the protocol score being based on one or more of the following factors—firewall of the server associated with the request, relay of a domain associated with the request by the server associated with the request, response with a hostname by the server associated with the request, or connection with the server associated with the request that is outside an established connection;

temporarily reject an unrecognized request to create an unrecognized request score;

output a weighted final score comprising a determination of whether to accept or deny the request based at least in part on the unrecognized request score and on one or more of the certificate score, the previous communication score, and the protocol score, the weighted final score incorporating a weighting toward denying the request based on the determination of the consistent header formatting and the common IP address; and

based on the determination of whether to accept or deny the request, generate a corresponding recommendation to the merchant to accept or deny the request from the user.