Articles on: FAQs

Invalid Traffic Types

Tapper provides robust ad fraud protection by identifying and mitigating various forms of invalid traffic (IVT). Below is a comprehensive guide to the types of invalid traffic Tapper detects, their characteristics, and how they can be configured for optimal performance.


1. Suspicious Ad Click


Description: These are clicks where the script is loaded but no user events are recorded, suggesting potentially fraudulent behavior.

User Input: Minimum number of suspicious sessions.

Default Setting: 5 per day.


2. Aborted Ad Click


Description: Instances where the script for an ad click does not load, and no events are recorded.

Default Settings: 3 per hour.


3. Bounced Traffic


Description: Sessions with very short durations that do not meet user-defined minimum engagement criteria.

User Input: Minimum seconds on site.

Default Rule: At least two sessions with durations below the defined threshold are considered bounced.


4. Ad Click Limit Exceed


Description: Detects excessive ad clicks from a single user within a specific time frame.

User Input: Number of clicks and time frame.

Default Settings:


  • 5 clicks in 60 seconds.
  • 6 clicks in 1 hour.
  • 7 clicks in 24 hours.


If user-defined limits are not set, the default values will apply.


5. Bot Detection


Tapper detects bots using several parameters:


  • Suspicious User Agent: User agent strings indicating automated tools.
  • JavaScript Disabled: Indicates bot-like behavior as modern browsers typically have JavaScript enabled.
  • Suspicious Screen Resolution: Screen resolutions smaller than 1x1 pixel.
  • OS-Device Mismatch: Mismatch between the operating system and device type as extracted from the user agent.
  • Selenium Bot: User agent strings containing “headless,” indicating bot automation tools.


6. VPN Detection


  • User Input: Option to block VPN traffic.
  • Mechanism: IPs are cross-referenced against the IPinfo dataset to identify VPN usage.


7. Location Fraud


Description: Identifies discrepancies in the geographical origin of clicks.

User Input: Block or allow clicks from specific countries.


8. Behavior Analysis


Description: Tracks anomalous behavior patterns.

User Input: Currently under development for advanced configuration.


9. Public IP Detection


Description: Flags scenarios where multiple user agents are detected from the same public IP address.

Key Behavior: No blocking services are applied when click thresholds are associated with public IPs.


10. Data Center/Proxy IPs


Description: Flags IP addresses associated with data centers or proxy servers, as they are often sources of automated or bot traffic.


11. Device IP Rule (Suspicious Device Block)


Description: Blocks devices with suspicious IP activity.

User Input: Adjustable number of IPs and time frame.

Default Setting:


  • 6 IPs associated with one device over periods of one hour, one day, or one week will trigger a block.


12. Geomask (Location Spoofing)


Description: Flags mismatches between IP-based geographical location and the device’s time zone settings.


13. Threat Detection Indicators


Tapper leverages threat detection insights from datasets like IPinfo to identify malicious activity:


  • Data Center Traffic: IPs belonging to cloud providers or data centers.
  • Known Attackers: IPs involved in malicious activities like malware or botnets.
  • Known Abusers: IPs linked to spam, harvesters, or nuisance bots.
  • Threat Indicator: Triggered if an IP address is flagged as a known attacker or abuser.


**

Updated on: 06/01/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!