Skip to main content

Threat SPECT

The MTCaptcha Threat SPECT provides deep insight and actionable risk profile of each visitor.

Threat SPECT and CHECKTOKEN

Once Threat SPECT is enabled, The CheckToken API provides additional information via fiields ipCountry, riskType, riskInfo. Sample response below:

{
  "success": true,
  "tokeninfo": {
    ...
    "ip": "10.10.10.10",
    ...
    "ipCountry": "US",
    "riskType": "datacenter",
    "riskInfo": "amazon.com"
  }
}

‍See Developers Guide - Validate Token for complete documentation of CheckToken API.

CHECKTOKEN Risktype and Riskinfo Codes and Values

The full list of supported RiskType(s) and corresponding RiskInfo values

Risk TypesRisk Type DescriptionRisk Info Possible Values
attackerThe source of the traffic is from an IP address recently associated with proactive attacks.[empty string]
datacenterThe source of the traffic is from an IP address of a datacenter provider (e.g., AWS / Azure).Usually the root domain name of the datacenter host. Common values: "amazon.com" for AWS, "microsoft.com" for Azure, "google.com" for Google Cloud. Can be empty string.
botThe source of the traffic is from an IP address recently associated with some kind of bot activity. This also includes bots that clearly identify themselves with user agent, or maybe valid bot hosts like LinkedInBot or Facebook Crawler.Usually the root domain name of the datacenter hosting the bot where available. E.g., "somehost.com". Can be empty string.
bot-seoThe source of the traffic is from a known and validated Search Engine. Currently supported Search Engines that can be validated include:The root domain name of the bot service. Values include: "archive.org", "ask.com", "baidu.com", "bing.com", "duckduckgo.com", "google.com", "sm.cn", "sogou.com", "toutiao.com", "yahoo.com", "yandex.com".
bot-fakeseoThe source of the traffic is from an IP address recently associated with pretending to be a well-known Search Engine (SEO) bot.Usually the root domain name of the datacenter hosting the bot where available. E.g., "somehost.com". Can be empty string.
anonymizerThe source of the traffic is from a known VPN or Proxy service.Usually the root domain name of the VPN or proxy service (if known). E.g., "somevpn.com". Can be empty string.
anonymizer-torThe source of the traffic is from the Tor anonymizing proxy network.Values include: "torproject.org".

Threat SPECT and Admin Dashboard

With Threat SPECT enabled, the MTCaptcha Admin Dashboard will provide detailed breakdown and historical trends for each of the RiskType.

Code Generator Snippet