Trojan Traffic is a high-risk threat detected by identifying devices infected with a Trojan virus. This threat arises when the source is suspected of initiating click spam or view spam attacks. Detection involves pattern analysis of traffic from the source, triangulating it with the source IP and its historical behaviour.

Bot Network traffic refers to non-human traffic generated by global bot networks designed to mimic users and artificially inflate audience numbers. This high-risk threat is detected by identifying such bot-generated traffic.

Known Attack Sources is a high-risk threat detected by identifying traffic from IP addresses with a history of launching attacks on email-related services (POP3, IMAP, SMTP). These IP addresses are flagged due to their past malicious activities.

Empty Referrer traffic involves web traffic that arrives without a valid or identifiable referrer URL. This is detected by examining the "referrer" header field in HTTP requests, which typically indicates the originating webpage.

Offscreen traffic is characterized by ad impressions displayed outside the visible area of a user's device screen. This non-human traffic is detected as it does not represent genuine user engagement.

Crawler traffic consists of visits from legitimate web crawlers (e.g., search engine bots) which, while non-human, are classified as clear and are not considered fraudulent.

Fake Crawlers are bots that masquerade as legitimate crawlers (e.g., Google, Bing) to copy content, increase traffic, and load servers. These bots are detected by their false identification.

IFrame traffic involves pages loaded within clearly visible iframes, with proper user and browser attributes. This is considered standard and not inherently malicious.

Hidden IFrame traffic occurs when pages are loaded within invisible iframes, complete with accurate user and browser attributes, to generate fraudulent ad impressions or clicks without user knowledge.

Data Center traffic originates from servers in data centres or known cloud platforms rather than residential or corporate networks. This high-risk traffic does not involve real human users and is detected by its source.

Click Spam involves sending fake clicks or traffic to a website to inflate traffic numbers or disrupt site performance. This is detected by analysing patterns of excessive or unnatural clicking behaviour.

eReader traffic involves activities originating from spoofed eReader devices. These do not represent actual devices and are detected by identifying inconsistencies in device behaviour and attributes.

Gaming Console traffic involves activities originating from spoofed gaming console devices. These are detected by identifying discrepancies in device behaviour and attributes.

Internet Explorer 6 traffic involves activities originating from spoofed IE 6 browsers, often using easily available user agent strings. This is detected by analysing the legitimacy of the browser attributes.

TV Traffic involves activities originating from spoofed television devices. These are detected by identifying inconsistencies in device behaviour and attributes.

Fake iPhone traffic involves activities originating from devices disguised as iPhones or using spoofed user agents. Detection involves analysing the authenticity of the device and its attributes.

Honey Trap traffic involves bots clicking on invisible ads, detected by identifying patterns of non-human engagement with hidden advertisements.

Obsolete Browsers refer to outdated web browsers no longer supported by developers, making them vulnerable to security threats. Detection involves identifying traffic from these outdated browsers.

Empty User Agent traffic involves HTTP requests where the user agent header field is empty, lacking information about the client or browser. Detection involves flagging such incomplete requests.

Incompatible Browser-Window Version traffic occurs when a web application is not compatible with the browser or window version being used. Detection involves identifying discrepancies in compatibility.

PhishTraffic is traffic originating from phishing attacks, detected by analyzing data patterns and anomalies indicative of malicious intent.

Spoofed IP traffic involves modifying the source IP address field in a packet to disguise the true origin. Detection involves identifying inconsistencies in IP address information.

Missing OS Information traffic involves requests where critical OS information (e.g., vendor, name, version) is unknown or missing. Detection involves flagging such incomplete requests.

Fake Push Traffic involves generating artificial or non-genuine notifications or alerts to drive traffic to specific content. Detection involves identifying patterns of fraudulent push notifications.

Bad Domains refer to websites associated with fraudulent activities. Detection involves identifying traffic from these known malicious domains.

Invalid Port traffic involves incoming traffic from ports not typically used for advertising transactions. Detection involves flagging such unusual port activity.

Dolt Bot traffic involves spoofing the user agent string while keeping the same cookie ID. Detection involves identifying discrepancies in user agent information.

IPUA Spam involves requests or clicks from the same IP and user agent combination within a short interval. Detection involves analyzing the frequency and timing of such requests

Spoofed Device ID Fraud for CTV involves manipulating unique identifiers associated with CTV devices for fraudulent purposes. Detection involves identifying inconsistencies in device ID information.

Spoofed Bundle ID Fraud involves manipulating the bundle identifier of an app to deceive ad networks and attribution platforms. Detection involves identifying discrepancies in bundle ID information.

Spoofed CTV Store URL refers to fraudulent URLs designed to mislead users about the legitimacy of CTV apps or content. Detection involves identifying inconsistencies in store URL information.

Store URL Missing refers to the absence of a URL for a specific app store or online store in an advertisement. Detection involves flagging such missing URL information.

Non-Existent App refers to apps that do not exist or are not available in legitimate app stores. Detection involves identifying traffic promoting such non-existent apps.

Domains without Ads.txt refer to websites that do not have an Ads.txt file implemented to declare authorized digital sellers. Detection involves identifying such domains.

Error Domains refer to categories of errors within a system that can lead to fraudulent activities. Detection involves identifying patterns of errors that may indicate fraud.

Unavailable Domains refer to websites that are not accessible or active. Detection involves identifying traffic from such inactive domains.

Injected Traffic involves artificially generated or injected traffic to deceive or defraud. Detection involves identifying patterns of traffic manipulation.

Fake Declared UA refers to fraudulent user agent information. Detection involves identifying discrepancies in user agent data.

Manipulated Device Cores involves falsifying information about the number of CPU cores in a device. Detection involves identifying inconsistencies in device specifications.

Fake Declared Browser refers to fraudulent information about the browser type or version. Detection involves identifying discrepancies in browser data.

Accidental Clicks involve unintentional clicks on advertisements. Detection involves analysing patterns of accidental user behaviour.

- Publishers clicking on their own ads

- Repeated ad clicks by users

- Publishers encouraging ad clicks

- Hidden or intrusive ads causing clicks

- Automated clicks by bots or click farms

Manipulated Device Memory involves falsifying information about device memory. Detection involves identifying discrepancies in memory data.

Bot Farms refer to organized networks of bots used for fraudulent activities. Detection involves identifying patterns of coordinated bot activity.

Pragmatic Machines traffic involves sources sending traffic from pragmatic machines. Detection involves identifying such traffic sources.

Language Discord traffic involves sources with mismatched language settings. Detection involves identifying discrepancies in language data.

Timezone Spoof involves manipulating the reported timezone of a user's device. Detection involves identifying inconsistencies in timezone information.

Hidden IFrame traffic involves fraudulently hidden ad placements within iframes. Detection involves identifying such hidden elements.

Active, Non-Readable traffic involves ad impressions that are active but not viewable by real users. Detection involves identifying such non-readable impressions.

Invisible traffic involves sources generating traffic from invisible frames. Detection involves identifying such hidden elements.

Invisible Chrome involves manipulating the Chrome browser to generate invisible ad impressions. Detection involves identifying such manipulation.

Invisible Edge involves sources generating traffic from invisible frames in the Edge browser. Detection involves identifying such hidden elements.

Invisible Chrome Mobile involves manipulating the Chrome mobile browser to generate invisible ad impressions. Detection involves identifying such manipulation on mobile devices.

Invisible Samsung Browser involves manipulating the Samsung Internet browser to generate invisible ad impressions. Detection involves identifying such manipulation.

In Page Invisible involves fraudulently generating invisible ad impressions embedded within webpages. Detection involves identifying such hidden elements.

Out of View traffic involves non-human traffic generating events from off-screen areas. Detection involves identifying such hidden elements.

Hidden traffic involves non-human traffic generating events from hidden frames. Detection involves identifying such hidden elements.

Crawler Bot traffic involves automated programs designed to mimic human behavior and interact with ads. Detection involves identifying such automated activities.

Too Many Cores - Safari involves manipulating the reported number of CPU cores in the Safari browser. Detection involves identifying discrepancies in device specifications.

Pixel Not Fired involves situations where a tracking pixel does not execute as expected. Detection involves identifying such tracking failures.

Manipulated Device Memory involves falsifying information about device memory. Detection involves identifying discrepancies in memory data.

Virtual Machine-Chrome involves using virtual machines to emulate the Chrome browser for fraudulent ad impressions. Detection involves identifying such virtual environments.

Virtual Machine-Opera involves using virtual machines to emulate the Opera browser for fraudulent ad impressions. Detection involves identifying such virtual environments.

Virtual Machine-Edge involves using virtual machines to emulate the Edge browser for fraudulent ad impressions. Detection involves identifying such virtual environments.

Virtual Machine-Desktop involves using virtual machines to emulate desktop operating systems for fraudulent ad impressions. Detection involves identifying such virtual environments.

Virtual Machine-Mobile involves using virtual machines to emulate mobile operating systems for fraudulent ad impressions. Detection involves identifying such virtual environments.

Click Farm involves groups or organizations generating fraudulent ad engagements to inflate metrics. Detection involves identifying patterns of coordinated fake clicks.

Invisible Screen involves generating ad impressions without displaying ads to users. Detection involves identifying such hidden elements.

Headless Browser involves using browsers without graphical interfaces to generate fake ad impressions. Detection involves identifying such headless environments.

IFrame involves embedding content from other pages within the current page. Detection involves identifying legitimate and fraudulent iframe usage.

Popup involves loading content in visible or partially visible popup windows. Detection involves identifying such popup activities.

IP Mis-match involves discrepancies between reported and actual IP addresses. Detection involves identifying such inconsistencies.

UA Mis-match involves discrepancies between reported and expected user agent strings. Detection involves identifying such inconsistencies.

Snuffed App involves apps removed from stores. Detection involves identifying traffic from such apps.

Store URL Missing involves missing URLs associated with ad impressions. Detection involves identifying such missing information.

Spoofed Mobile App Store URL involves fraudulent representations of mobile app store URLs. Detection involves identifying such spoofed URLs.

Referrer Mismatch involves discrepancies in referrer information. Detection involves identifying such inconsistencies.

FB Cloak involves techniques to bypass Facebook's ad review process. Detection involves identifying such cloaking techniques.

Tampered IP Address involves intentionally modified IP addresses. Detection involves identifying such manipulations.

Invalid Viewport involves irregular viewport settings. Detection involves identifying such discrepancies.

Content Verification involves assessing ad content for brand safety. Detection involves verifying the suitability of ad placements.

Geography Mismatch involves discrepancies between reported and actual geographic locations. Detection involves identifying such inconsistencies.

Potential Click Spam involves excessive API calls. Detection involves flagging traffic after 8 API calls per hour.

Masked IP involves discrepancies between provided and actual IP addresses. Detection involves identifying such inconsistencies.

Bundle High Risk involves bundles with high invalid traffic percentages. Detection involves flagging bundles with IVT >50%.

Bundle Medium Risk involves bundles with moderate invalid traffic percentages. Detection involves flagging bundles with IVT between 20% and 50%.

Bundle Low Risk involves bundles with low invalid traffic percentages. Detection involves flagging bundles with IVT <20%.

Click Conversion Mismatch involves discrepancies between click and conversion IPs. Detection involves flagging IP mismatches.

Short CTIT involves install times under 10 seconds, indicating potential fraud. Detection involves identifying such short click-to-install times.

Long CTIT involves install times exceeding 24 hours, warranting investigation. Detection involves identifying such long click-to-install times.

OffScreen involves ad impressions displayed outside the visible area. Detection involves identifying such non-human traffic.

Non-Routable IPs involve traffic from IP addresses that cannot be reached through standard routing. Detection involves identifying such invalid IP addresses.

Invalid Top Level Domain involves referrer or domain names with invalid TLDs. Detection involves identifying such invalid domain names.

Fingerprint Alert: Diverse IPs involves multiple hits from the same fingerprint but different IPs. Detection involves identifying such patterns within 24 hours.

Fingerprint Blitz involves more than 5 fingerprint views within a second. Detection involves identifying such high-frequency access patterns.

Multi-Fingerprint IP Alert involves multiple device fingerprints from the same IP. Detection involves identifying such patterns within 24 hours.

Multi-UA Identity Alert involves multiple user agents with the same fingerprint. Detection involves identifying such patterns within 24 hours.

Device Identity Integrity Monitor involves hits from the same fingerprint and IP but different user agents. Detection involves identifying such patterns within 24 hours.

Geo-Fingerprint Risk Alert involves multiple hits with the same fingerprint and coordinates. Detection involves identifying such patterns within 5 hours.

Adult Traffic involves traffic from adult sources. Detection involves identifying such sources.

Gambling Traffic involves traffic from gambling sources. Detection involves identifying such sources.

Online Piracy involves traffic from pirated sources. Detection involves identifying such sources.

Terrorism involves traffic from terror-related sources. Detection involves identifying such sources.

Arms and Ammunition involves traffic from arms and ammunition sources. Detection involves identifying such sources.

Societal Crimes involves traffic related to crime and harmful acts. Detection involves identifying such sources.

Combat Fatalities involves traffic from death, injury, or military conflict sources. Detection involves identifying such sources.

Malicious Spam involves traffic from spam or harmful content. Detection involves identifying such sources.

Obscene Profanity involves traffic from sources with obscenity and profanity. Detection involves identifying such sources.

Regulated Items involves traffic from activities involving illegal drugs, tobacco, e-cigarettes, and alcohol. Detection involves identifying such sources.

Sensitive Topics involves traffic from sources involving debated sensitive social issues. Detection involves identifying such sources.

Intolerant Behaviour involves traffic from sources involving hate speech and aggression. Detection involves identifying such sources.

Desktop Traffic involves traffic originating from desktop devices. Detection involves identifying such sources.

NonSmartTV involves traffic from non-smart TV devices. Detection involves identifying such sources.

NonSmartTV (VAST4.0) involves blocking traffic from non-smart TV devices. Detection involves identifying such sources.

Missing Referrer involves pre-bid requests without referrer information. Detection involves identifying such incomplete requests.

Duplicate Click ID involves traffic with the same click ID. Detection involves identifying such duplicates.

Duplicate Impression ID involves traffic with the same impression ID. Detection involves identifying such duplicates.

Notorious Domains involve domains with a history of high invalid traffic. Detection involves flagging such domains based on historical data.

Majestic Domains involve blocking traffic from majestic domains. Detection involves identifying such sources.

Click Spam 30 involves a rating of click spamming activity. Detection involves identifying traffic with a severity rating of 30%.

Click Spam HR involves a higher rating of click spamming activity. Detection involves identifying traffic with a severity rating of 60%.

Pragmatic Networks involve traffic from pragmatic networks. Detection involves identifying such sources.

Pop under involves ads opening under the current browser window. Detection involves identifying such advertising methods.

Background involves traffic generating from background frames. Detection involves identifying such sources.

Full Screen Inactive involves traffic generating from inactive full screens. Detection involves identifying such sources.

Unknown Devices involve traffic from devices hiding their identity. Detection involves identifying such sources.

Incent Domains involve traffic from incentivized domains. Detection involves identifying such sources.

Virtual Private Network involves VPN IPs while blocking data center IPs. Detection involves identifying such traffic sources.

Unknown Browser involves traffic from unknown browser attributes. Detection involves identifying such sources.

Browser Version Missing involves traffic without browser version information. Detection involves identifying such incomplete requests.

Missing Browser Information involves traffic without critical browser information. Detection involves identifying such incomplete requests.

Spam Network involves rotating IPs refreshing every 7 days, generating fraudulent ad activities. Detection involves identifying such IPs.

Tor Exit Node involves potentially spam proxy traffic via TOR Exit Nodes. Detection involves identifying such sources.

Good Bot involves traffic from legitimate bots (e.g., search engine bots). Detection involves identifying such sources.

Zombie involves compromised devices used for fraudulent activities. Detection involves identifying such sources.

Proxy Servers involve intermediate servers acting as intermediaries. Detection involves identifying such sources.

Mail Servers involve servers responsible for email communication. Detection involves identifying such sources.

Web Servers involve servers hosting and serving web content. Detection involves identifying such sources.

No Server involves ad impressions without an associated server. Detection involves identifying such anomalies.

Nomail Domain involves domain names where no email should originate. Detection involves identifying traffic from such domains.

Click Threshold- US involves traffic from the same IP within 24 hours from the US. Detection involves identifying such patterns.

Click from an Application involves traffic from web pages accessed from applications. Detection involves identifying such sources.

iTraffic involves traffic from Apple devices not supporting push notifications. Detection involves identifying such sources.

Fast Clicker involves clicks with very low request and click time differences. Detection involves identifying such patterns.

PopAsPush involves sources giving POP or in-page push traffic. Detection involves identifying such advertising methods.

Flag if the user either has an Adblocker on or the Ad render has not happened.

​
​
​