The "Bots, hosts and malware" threat category contains many rules, here are some of the key rules and the user behaviour that can trigger these rules.
Rule | Description |
Known malware app | Traffic originating from an App known to include adware or malware is very rarely a real user and far more likely to be a bot application. TrafficGuard will proactively invalidate traffic coming from these sources. |
Known bots useragent (UA) global | A high percentage of web traffic is made up of bots. Some bots such as the Google Search bot, or Slackbot are harmless but there are other malicious bots out there whose sole purpose is to commit ad fraud.
Traffic from any type of bot is not a legitimate user of your application and any engagement in your ads is often unintentional. |
Known residential proxy IP global | IP addresses that are suspected to be on an anonymizing network and belongs to a residential ISP. Bad actors use these residential proxies to look more legitimate and blend bot traffic with traffic from real users. |
Known device mismatch global | This is when the devices brand, model and OS version is mismatched between engagements.
By changing the devices information this type of activity seemingly generates large amounts of installs from different devices, but there is little to no in-app engagement after the install which suggests it is not a genuine install. |
Pattern time series IP global
| Fraudsters use algorithms to deliver invalid clicks at seemingly random times across multiple IP addresses to make the invalid clicks look as if they are coming from real users.
Trafficguard cross-checks the activity on IP addresses to see if similar patterns emerge, as activity on independent IP addresses should not correlate.
When there is correlation between the timing and volume of clicks across separate IP addresses they will be marked as an invalid. |