Invalid Traffic Types
Tapper provides robust ad fraud protection by identifying and mitigating various forms of invalid traffic (IVT). Below is a comprehensive guide to the types of invalid traffic Tapper detects, their characteristics, and how they can be configured for optimal performance.
Description: These are clicks where the script is loaded but no user events are recorded, suggesting potentially fraudulent behavior.
User Input: Minimum number of suspicious sessions.
Default Setting: 5 per day.
Description: Instances where the script for an ad click does not load, and no events are recorded.
Default Settings: 3 per hour.
Description: Sessions with very short durations that do not meet user-defined minimum engagement criteria.
User Input: Minimum seconds on site.
Default Rule: At least two sessions with durations below the defined threshold are considered bounced.
Description: Detects excessive ad clicks from a single user within a specific time frame.
User Input: Number of clicks and time frame.
Default Settings:
5 clicks in 60 seconds.
6 clicks in 1 hour.
7 clicks in 24 hours.
If user-defined limits are not set, the default values will apply.
Tapper detects bots using several parameters:
Suspicious User Agent: User agent strings indicating automated tools.
JavaScript Disabled: Indicates bot-like behavior as modern browsers typically have JavaScript enabled.
Suspicious Screen Resolution: Screen resolutions smaller than 1x1 pixel.
OS-Device Mismatch: Mismatch between the operating system and device type as extracted from the user agent.
Selenium Bot: User agent strings containing “headless,” indicating bot automation tools.
VPN Detection:
User Input: Option to block VPN traffic.
Mechanism: IPs are cross-referenced against the IPinfo dataset to identify VPN usage.
Description: Identifies discrepancies in the geographical origin of clicks.
User Input: Block or allow clicks from specific countries.
Description: Tracks anomalous behavior patterns.
User Input: Currently under development for advanced configuration.
Description: Flags scenarios where multiple user agents are detected from the same public IP address.
Key Behavior: No blocking services are applied when click thresholds are associated with public IPs.
Description: Flags IP addresses associated with data centers or proxy servers, as they are often sources of automated or bot traffic.
Description: Blocks devices with suspicious IP activity.
User Input: Adjustable number of IPs and time frame.
Default Setting:
6 IPs associated with one device over periods of one hour, one day, or one week will trigger a block.
Description: Flags mismatches between IP-based geographical location and the device’s time zone settings.
Tapper leverages threat detection insights from datasets like IPinfo to identify malicious activity:
Data Center Traffic: IPs belonging to cloud providers or data centers.
Known Attackers: IPs involved in malicious activities like malware or botnets.
Known Abusers: IPs linked to spam, harvesters, or nuisance bots.
Threat Indicator: Triggered if an IP address is flagged as a known attacker or abuser.
1. Suspicious Ad Click
Description: These are clicks where the script is loaded but no user events are recorded, suggesting potentially fraudulent behavior.
User Input: Minimum number of suspicious sessions.
Default Setting: 5 per day.
2. Aborted Ad Click
Description: Instances where the script for an ad click does not load, and no events are recorded.
Default Settings: 3 per hour.
3. Bounced Traffic
Description: Sessions with very short durations that do not meet user-defined minimum engagement criteria.
User Input: Minimum seconds on site.
Default Rule: At least two sessions with durations below the defined threshold are considered bounced.
4. Ad Click Limit Exceed
Description: Detects excessive ad clicks from a single user within a specific time frame.
User Input: Number of clicks and time frame.
Default Settings:
5 clicks in 60 seconds.
6 clicks in 1 hour.
7 clicks in 24 hours.
If user-defined limits are not set, the default values will apply.
5. Bot Detection
Tapper detects bots using several parameters:
Suspicious User Agent: User agent strings indicating automated tools.
JavaScript Disabled: Indicates bot-like behavior as modern browsers typically have JavaScript enabled.
Suspicious Screen Resolution: Screen resolutions smaller than 1x1 pixel.
OS-Device Mismatch: Mismatch between the operating system and device type as extracted from the user agent.
Selenium Bot: User agent strings containing “headless,” indicating bot automation tools.
VPN Detection:
User Input: Option to block VPN traffic.
Mechanism: IPs are cross-referenced against the IPinfo dataset to identify VPN usage.
6. Location Fraud
Description: Identifies discrepancies in the geographical origin of clicks.
User Input: Block or allow clicks from specific countries.
7. Behavior Analysis
Description: Tracks anomalous behavior patterns.
User Input: Currently under development for advanced configuration.
8. Public IP Detection
Description: Flags scenarios where multiple user agents are detected from the same public IP address.
Key Behavior: No blocking services are applied when click thresholds are associated with public IPs.
9. Data Center/Proxy IPs
Description: Flags IP addresses associated with data centers or proxy servers, as they are often sources of automated or bot traffic.
10. Device IP Rule (Suspicious Device Block)
Description: Blocks devices with suspicious IP activity.
User Input: Adjustable number of IPs and time frame.
Default Setting:
6 IPs associated with one device over periods of one hour, one day, or one week will trigger a block.
11. Geomask (Location Spoofing)
Description: Flags mismatches between IP-based geographical location and the device’s time zone settings.
12. Threat Detection Indicators
Tapper leverages threat detection insights from datasets like IPinfo to identify malicious activity:
Data Center Traffic: IPs belonging to cloud providers or data centers.
Known Attackers: IPs involved in malicious activities like malware or botnets.
Known Abusers: IPs linked to spam, harvesters, or nuisance bots.
Threat Indicator: Triggered if an IP address is flagged as a known attacker or abuser.
Updated on: 04/12/2024
Thank you!