Articles on: FAQs

Invalid traffic types

Tapper provides ad fraud protection by detecting and blocking clearly defined categories of Invalid Traffic (IVT). The rules below reflect only implemented, active detection logic, aligned with current system behavior and configuration options.


1. Suspicious Ad Click


Description

The Tapper script is loaded, but no user interaction events are recorded, indicating potentially non-human or fraudulent behavior.


User Input

  • Minimum number of suspicious sessions


Default Setting

  • 5 sessions per day


2. Aborted Ad Click


Description

An ad click is registered, but the website does not load and no events are recorded.


Exception

  • If at least one later session from the same user contains valid recorded events, the user is not blocked.


User Input

  • Ad click count
  • Time window (days, hours, minutes, seconds)


Default Settings

Clicks are flagged at 5 aborted clicks per day (configurable)


3. Bounced Traffic


Description

Short sessions that fail to meet a minimum engagement threshold.


User Input

  • Minimum seconds on site


Rule

  • Two or more sessions below the defined threshold are classified as bounced traffic.


4. Ad Click Limit Exceeded


Description

Excessive ad clicks from the same user within a short time frame.


User Input

  • Ad click count
  • Time window


Default Settings

  • 5 clicks in 60 seconds
  • 6 clicks in 1 hour
  • 7 clicks in 24 hours


Rule

  • If no custom limits are provided, default settings apply.


5. Bot Traffic


Description

Traffic identified as automated or non-human using a layered detection approach.


Bot Indicators

  • Suspicious or malformed user agent
  • JavaScript disabled
  • Screen resolution smaller than 1×1
  • OS and device mismatch
  • Automation frameworks detected (headless browsers, webdriver-based tools)


Additional Rules (applied when fewer than 200 events are recorded)

  • Hardware concurrency greater than 24
  • Device timezone differs from IP location by more than 2 hours
  • OS mismatch between fingerprint data and user agent


6. Suspicious Device (Fingerprint Anomalies)


Description

Devices with limited interaction history that show strong inconsistencies in hardware or operating system signals.


Applied When

  • Fewer than 200 events are recorded


Checks

  • Abnormally high core count
  • OS mismatch across signals
  • Timezone offset inconsistent with IP location


7. Threat Network Traffic


Description

Traffic associated with known threat networks or abusive infrastructure, evaluated using third-party IP intelligence.


Signals Used

  • Threat network indicators
  • ASN reputation checks


Rules (applied when fewer than 200 events are recorded)

  • ASN not present in the account allowlist
  • IP flagged as a threat by intelligence sources
  • If the session is still active, Tapper waits 5 minutes and rechecks before applying a block


Note: Data center signals are used as supporting context and are not a standalone block reason.


8. VPN and Proxy Traffic


Description

Traffic originating from VPNs or proxy services.


User Input

  • Option to enable or disable VPN/proxy blocking


Mechanism

  • IPs are checked against VPN and proxy datasets from IP intelligence providers.


9. Geo Inconsistency (Location Fraud)


Description

Traffic originating from locations that conflict with campaign geo-targeting or account-level country rules.


User Input

  • Allow or block specific countries


Action

  • IP ranges are blocked when geo inconsistency is detected.


10. Public IP Traffic


Description

Traffic where multiple distinct user agents originate from the same IP address, indicating shared or public network usage.


Rule

  • Click-threshold-based blocking rules are not enforced for public IPs to reduce false positives.


11. Geomask (Location Spoofing)


Description

Location spoofing detected when the device’s timezone settings do not align with IP-based geolocation.


Detection

  • Triggered when a significant mismatch is identified.


12. Cross-Platform Blocking


Description

Tapper enforces fraud detection and blocking consistently across supported paid media platforms.


Platforms

  • Google Ads
  • Meta Ads


User Input

  • Optional platform-level configuration


13. Whitelisted Converting Users


Description

Users who complete a conversion are excluded from future blocking to minimize false positives.


Requirement

  • Conversion Tracking Code must be installed on the confirmation (“Thank You”) page


Behavior

  • Any IP that converts is automatically whitelisted for future sessions.

Updated on: 26/02/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!