Threat Intelligence Center

Sender Support

Understanding Blacklists
ISP Filtering Reference
Threat Level Guide

Threat Classifications

Spam Traps & Honeypots
Recycled Traps & Moles
Oversight Seeds
Typo & Fake Emails
Black Holes
Dormant Accounts
Parked Resources
Threat Keys
Role Accounts
Disposable Emails
Bots/ Proxies ►

Blacklist Profiles

URIBL Advisory Sites
RBL Advisories
Blacklist Removal

Recent Articles

Spam Trap Hit?
Suspended ESP account?

Anti-Spam Blogs

Word-to-the-Wise Blog
Al Iverson Blog

Non-Human Invalid Traffic (Proxy/ Bot Detection)

Human or Bot? Friendly or Malicious? Protect against high-risk traffic sources (bad actors) and guard against ad-fraud in the form of Non-Human Invalid Traffic (IVT). Our sophisticated machine learning algorithms identify traffic originating from botnets, data center traffic, click farms, proxies, malicious script injectors and hijacked devices, delivering the highest quality reach to your clients while driving the strongest ROI for your in-flight campaigns.

Bot Primer

To advertisers, most bots are the nonhuman programs who generate fake ad impressions or serve hidden ads to trick browsers into downloading malware or spreading spam.

There are both legitimate and malicious bots out there. The legitimate ones keep the web running smoothly and ensure that the higher quality content gets seen, but malicious bots do the exact opposite.

Malicious bots are designed by hackers and other internet users to generate false ad impressions, serve spam and malware, overtake networks of computers to form botnets, and steal content and information. Their actions are becoming more human and advanced, making them harder to detect. One of the most costly types of malicious bots are click bots.

Click/ Ad Fraud

Click bots are the ad fraud bots that advertisers have grown to know and despise. These bots set out to intentionally engage with your advertising, therefore skewing your data incorrectly and costing you money for fraudulent clicks. Not only does this result in misinformation for marketers, but if you’re using pay-per-click (PPC) campaigns, those clicks add up to wasted dollars on fake visits that didn’t even come from humans, let alone your audience.

Anonymous Proxies

Another form of non-human invalid traffic is anonymous proxies designed to help the user hide their real IP address. It means you conceal your presence online and your actual location. No one will be able to establish a hidden connection with your PC.

IVT in anything, contaminates everything. Beyond generating waste and distrust, it undermines the integrity of every other effectiveness metric and hurts both buyers and sellers – degrading the value of the advertising industry as a whole.

Our sophisticated IVT detection is designed to protect media buyers, ad networks and sellers a trusted method to better protect their traffic and campaigns from IVT threats.

Intelligent Bot/Proxy/IVT Detection

We've built a database containing hundreds of thousands of browser and bot signature variants, anonymous proxies which allows us to accurately identify non-human, invalid traffic while allowing legitimate traffic to pass through. These threat signature have been classified into the following categories.

	Data Mining Crawler. A specific purpose-built Internet bot which systematically browses the internet in search of data exploits.
	Anonymizing Proxy/ TOR/ Click Farm. Anonymizing services create a tunnel between user and the internet. Users are hidden under the IP address of the VPN server.
	Fake Crawler/ Ghost Sites. IP addresses that do not belong to the robots of major search engines (Google, Bing, Yandex ..), but they send the useragent strings of these robots.
	Malicious Spam Bot. E-mail spambots harvest e-mail addresses from material found on the Internet in order to build mailing lists for sending unsolicited e-mail (such as Cutwail, Rustock, Lethic, Kelihos, etc.), which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware, dictionary mail harvesters etc.
	Known Attack Source. IP addresses scan HTTP/HTTPS for vulnerable installations of known web applications (phpMyAdmin, Joomla ..), Brute-Force Logins (Joomla, Wordpress ..) and run attacks on the services MAIL, SMTP, IMAP, POP3...

Constantly Updated Signatures

Redefining state-of-the art, every day. Our data analytics team collects traffic signals from across our global network to discover new bot variants and IVT traffic sources creating new threat signatures.