The MTCaptcha Threat SPECT provides deep insight and actionable risk profile of each visitor.
Threat SPECT and CHECKTOKEN
Once Threat SPECT is enabled, The CheckToken API provides additional information via fiields ipCountry, riskType, riskInfo. Sample response below:
{
"success": true,
"tokeninfo": {
...
"ip": "10.10.10.10",
...
"ipCountry": "US",
"riskType": "datacenter",
"riskInfo": "amazon.com"
}
}
See Developers Guide - Validate Token for complete documentation of CheckToken API.
CHECKTOKEN Risktype and Riskinfo Codes and Values
The full list of supported RiskType(s) and corresponding RiskInfo values
Risk Types | Risk Type Description | Risk Info Possible Values |
---|---|---|
attacker | The source of the traffic is from an IP adddress recently associated with proactive attacks. | [empty string] |
datacenter | The source of the traffic is from an IP adddress of a datacenter provider (eg AWS / Azure). | Usually the the root domain name of the datacenter host. common values: "amazon.com" for AWS, "microsoft.com" for Azure, "google.com" for Google Cloud. Can be empty string. |
bot | The source of the traffic is from an IP adddress recently associated with some kind of bot activitiy. This also includes bots that clearly identifies itself with user agent, or maybe valid bot hosts like LinkedInBot or Facebook Crawler. | Usually the the root domain name of the datacenter hosting the bot where available. eg: "somehost.com". Can be empty string. |
bot-seo | The source of the traffic is from a known and validated Search Engine. Currently supported Search Engines that can be validated include: | The the root domain name of the bot service. Values include: "archive.org", "ask.com", "baidu.com", "bing.com", "duckduckgo.com", "google.com", "sm.cn", "sogou.com", "toutiao.com", "yahoo.com", "yandex.com" . |
bot-fakeseo | The source of the traffic is from an IP adddress recently associated with pretending to be a well know Search Engine (SEO) bot. | Usually the the root domain name of the datacenter hosting the bot where available. eg: "somehost.com". Can be empty string. |
anonymizer | The source of the traffic is from a known VPN or Proxy service. | Usually the the root domain name of the vpn or proxy service (if known). eg: "somevpn.com". Can be empty string. |
anonymizer-tor | The source of the traffic is from the Tor anonymizing proxy network. | Values include: "torproject.org" |
Threat SPECT and Admin Dashboard
With Threat SPECT enabled, the MTCaptcha Admin Dashboard will provide detailed breakdown and historical trends for each of the RiskType.