Invalid Traffic Types

Tapper provides robust ad fraud protection by identifying and mitigating various forms of invalid traffic (IVT). Below is a comprehensive guide to the types of invalid traffic Tapper detects, their characteristics, and how they can be configured for optimal performance.

1. Suspicious Ad Click

Description: These are clicks where the script is loaded but no user events are recorded, suggesting potentially fraudulent behavior.
User Input: Minimum number of suspicious sessions.
Default Setting: 5 per day.

2. Aborted Ad Click

Description: Instances where the script for an ad click does not load, and no events are recorded.
Default Settings: 3 per hour.

3. Bounced Traffic

Description: Sessions with very short durations that do not meet user-defined minimum engagement criteria.
User Input: Minimum seconds on site.
Default Rule: At least two sessions with durations below the defined threshold are considered bounced.

4. Ad Click Limit Exceed

Description: Detects excessive ad clicks from a single user within a specific time frame.
User Input: Number of clicks and time frame.
Default Settings:

• 5 clicks in 60 seconds.
• 6 clicks in 1 hour.
• 7 clicks in 24 hours.

If user-defined limits are not set, the default values will apply.

5. Bot Detection

Tapper detects bots using several parameters:

• Suspicious User Agent: User agent strings indicating automated tools.
• JavaScript Disabled: Indicates bot-like behavior as modern browsers typically have JavaScript enabled.
• Suspicious Screen Resolution: Screen resolutions smaller than 1x1 pixel.
• OS-Device Mismatch: Mismatch between the operating system and device type as extracted from the user agent.
• Selenium Bot: User agent strings containing “headless,” indicating bot automation tools.

6. VPN Detection

• User Input: Option to block VPN traffic.
• Mechanism: IPs are cross-referenced against the IPinfo dataset to identify VPN usage.

7. Location Fraud

Description: Identifies discrepancies in the geographical origin of clicks.
User Input: Block or allow clicks from specific countries.

8. Behavior Analysis

Description: Tracks anomalous behavior patterns.
User Input: Currently under development for advanced configuration.

9. Public IP Detection

Description: Flags scenarios where multiple user agents are detected from the same public IP address.
Key Behavior: No blocking services are applied when click thresholds are associated with public IPs.

10. Data Center/Proxy IPs

Description: Flags IP addresses associated with data centers or proxy servers, as they are often sources of automated or bot traffic.

11. Device IP Rule (Suspicious Device Block)

Description: Blocks devices with suspicious IP activity.
User Input: Adjustable number of IPs and time frame.
Default Setting:

• 6 IPs associated with one device over periods of one hour, one day, or one week will trigger a block.

12. Geomask (Location Spoofing)

Description: Flags mismatches between IP-based geographical location and the device’s time zone settings.

13. Threat Detection Indicators

Tapper leverages threat detection insights from datasets like IPinfo to identify malicious activity:

• Data Center Traffic: IPs belonging to cloud providers or data centers.
• Known Attackers: IPs involved in malicious activities like malware or botnets.
• Known Abusers: IPs linked to spam, harvesters, or nuisance bots.
• Threat Indicator: Triggered if an IP address is flagged as a known attacker or abuser.

**

Updated on: 06/01/2025