Threat SPECT

The MTCaptcha Threat SPECT provides deep insight and actionable risk profile of each visitor.

Threat SPECT and CHECKTOKEN

Once Threat SPECT is enabled, The CheckToken API provides additional information via fiields ipCountry, riskType, riskInfo. Sample response below:

{
  "success": true,
  "tokeninfo": {
    ...
    "ip": "10.10.10.10",
    ...
    "ipCountry": "US",
    "riskType": "datacenter",
    "riskInfo": "amazon.com"
  }
}

See Developers Guide - Validate Token for complete documentation of CheckToken API.

CHECKTOKEN Risktype and Riskinfo Codes and Values

The full list of supported RiskType(s) and corresponding RiskInfo values

Risk Types Risk Type Description Risk Info Possible Values
attacker The source of the traffic is from an IP adddress recently associated with proactive attacks. [empty string]
datacenter The source of the traffic is from an IP adddress of a datacenter provider (eg AWS / Azure). Usually the the root domain name of the datacenter host. common values: "amazon.com" for AWS, "microsoft.com" for Azure, "google.com" for Google Cloud. Can be empty string.
bot The source of the traffic is from an IP adddress recently associated with some kind of bot activitiy. This also includes bots that clearly identifies itself with user agent, or maybe valid bot hosts like LinkedInBot or Facebook Crawler. Usually the the root domain name of the datacenter hosting the bot where available. eg: "somehost.com". Can be empty string.
bot-seo The source of the traffic is from a known and validated Search Engine. Currently supported Search Engines that can be validated include: The the root domain name of the bot service. Values include: "archive.org", "ask.com", "baidu.com", "bing.com", "duckduckgo.com", "google.com", "sm.cn", "sogou.com", "toutiao.com", "yahoo.com", "yandex.com" .
bot-fakeseo The source of the traffic is from an IP adddress recently associated with pretending to be a well know Search Engine (SEO) bot. Usually the the root domain name of the datacenter hosting the bot where available. eg: "somehost.com". Can be empty string.
anonymizer The source of the traffic is from a known VPN or Proxy service. Usually the the root domain name of the vpn or proxy service (if known). eg: "somevpn.com". Can be empty string.
anonymizer-tor The source of the traffic is from the Tor anonymizing proxy network. Values include: "torproject.org"

Threat SPECT and Admin Dashboard

With Threat SPECT enabled, the MTCaptcha Admin Dashboard will provide detailed breakdown and historical trends for each of the RiskType.

MTCaptcha Threat SPECT Sample Dashboard
MTCaptcha Threat SPECT Sample Dashboard