Tapper provides robust ad fraud protection by identifying and blocking various forms of Invalid Traffic (IVT). Below is a comprehensive guide to all IVT types Tapper detects, how they work, and how they can be configured.

1. Suspicious Ad Click

Description: Script is loaded but no user events are recorded, suggesting potentially fraudulent behaviour.

User Input: Minimum number of suspicious sessions.

Default Setting: 5 per day.

2. Aborted Ad Click

Description: Script for an ad click fires, but the website does not load and no events are recorded. If at least one session from the same user later shows valid interaction, the click is not blocked.

User Input:

• Click count
• Time window (in days)
• Minimum session duration (in seconds)

 Default Settings:

• 2 clicks in 1 day
• 3 clicks in 7 days
• 5 clicks in 14 days
• 10 clicks in 30 days

3. Bounced Traffic

Description: Sessions with short durations below a user-defined threshold.

User Input: Minimum seconds on site.

Rule: Two or more sessions under threshold = bounced.

4. Ad Click Limit Exceeded

Description: Excessive ad clicks from the same user in a short time period.

User Input:

• Ad click count
• Time window

Default Settings:

• 5 clicks in 60 seconds
• 6 clicks in 1 hour
• 7 clicks in 24 hours

Rule: If no custom setting is provided, defaults apply.

5. Bot Detection

Tapper uses a layered approach to detect bot traffic.

Bot Indicators:

• Suspicious User Agent
• JavaScript Disabled
• Screen Resolution < 1x1
• OS-Device Mismatch
• Selenium Bots (headless, webdriver, phantomjs, etc.)

Additional Rules (if <200 events recorded):

• Hardware concurrency > 24
• Timezone differs from IP by > 2 hours
• OS mismatch between fingerprint & user agent

6. Suspicious Device (Fingerprint Anomalies)

Description: Flags devices with fewer than 200 events and anomalies in hardware or OS.

Checks:

• High core count (>24)
• OS mismatch
• Timezone offset >2 hours

7. Threat Detection Indicators

Tapper uses threat data from sources like IPinfo and ipdata.co.

Threat Types:

• Data Center IPs
• Known Attackers (malware, botnets)
• Known Abusers (spam, scraping)

Rules (when <200 events):

• ASN not on allowlist
• is_threat or is_datacenter = true
• Wait 5 min if session is in progress and re-check.

8. VPN and Proxy Detection

User Input: Option to block VPN traffic.

Mechanism: IPs cross-referenced with ipdata.co to detect VPNs or proxies.

9. Location Fraud

Description: Discrepancy between claimed IP location and target geo settings.

User Input: Block/allow specific countries.

10. Public IP Detection

Description: Same IP used across different user agents.

Rule: No blocking enforced if public IPs are involved and thresholds are breached.

11. Geomask (Location Spoofing)

Description: Device time zone differs significantly from IP-based location.

Detection: Triggered if mismatch found.

12. Cross-Platform Blocking

Description: Tapper enforces fraud rules across both Google and Meta ad platforms.

User Input: Optional platform-level customisation.

13. Whitelist Converting IPs

Description: If a user reaches a "Thank You" page (conversion), their IP is automatically whitelisted to prevent future blocking.

Requirement: Conversion Tracking Code must be installed.

Advanced Rules

14. Network Speed Anomaly Detection

Description: Detects sessions where network speed and load times are inconsistent with normal human browsing. Bots often fetch or render pages unnaturally fast (e.g., sub-100ms load times for heavy assets) or with erratic latency patterns.

15. Behaviour-Based Anomaly Models

Description: Uses Tapper’s machine learning models to score session behavior against expected human interaction patterns (scrolling, cursor movement, event pacing, dwell time). Sessions with statistically abnormal patterns are flagged as fraudulent.

16. Suspicious ASNs

Description: Flags traffic originating from Autonomous System Numbers (ASNs) known for fraud, data centers, or click farms. Tapper maintains and updates deny lists based on threat intelligence sources (e.g., IPinfo, ipdata.co).

17. Conversion Probability Prediction

Description: Predicts the likelihood of a session converting using historical campaign data and funnel behavior. Sessions showing repeated clicks but with extremely low probability of conversion are classified as invalid.

Updated on: 25/08/2025