Usage example:
has(profiling.device.signals, 'REMOTE_DESKTOP')
Remote Desktop
profiling.device.signals
| Signal | Category | Description |
|---|---|---|
| REMOTE_DESKTOP | SCAM | Uses move interval, scroll interval and frame rate to detect remote desktop |
| SOCIAL_ENGINEERING_BY_REMOTE_DESKTOP | SCAM | Uses hesitancy if remote_desktop detected |
Bot Detection
profiling.device.signals
| Signal | Category | Description |
|---|---|---|
| BROWSER_AUTOMATION | AUTOMATION | Uses mouse biometrics to detect if browser is running on automation software like Selenium etc. |
| CREDENTIAL_AUTOMATION | ATO_RISK | Uses key biometrics to detect if form is filled using automation software like openBullet etc. |
| WURFL_BOT | BOT | Detects bot using useragent info through WURFL |
Emulator & Cloning
profiling.device.signals
| Signal | Category | Description |
|---|---|---|
| ANDROID_SDK_EMULATOR | EMULATOR | Uses keywords in various sdk system, build configs |
| APP_CLONING_DETECTED | APP_CLONING | Uses profiling.android.system.java_io_tmpdir |
| CLONING_APP_{app_name} | APP_CLONING | Name of the app used for cloning |
| MULTIPLE_USERS_ENABLED | APP_CLONING | Non-zero user index observed in profiling.android.system.java_io_tmpdir |
Virtual Machine
profiling.device.signals
| Signal | Category | Description |
|---|---|---|
| TCP_OS_MISMATCH | ANOMALY | TCP and Javascript OS do not match |
| POSSIBLE_VM | ANOMALY | If TCP_OS_MISMATCH but no proxy |
identity[*].email[*].signals
| Signal | Category | Description |
|---|---|---|
| DISPOSABLE_DOMAIN | EMAIL_RISK | Email domain matches known temporary list |
has(identity['ACCOUNT'].email['PERSONAL'].signals, 'DISPOSABLE_DOMAIN')
Formed from several sources, with large contributor from:
public list.