Botman Trap Definitions

Traps for Non Human Threat

Bot Network – A threat falls under this trap when the activity origin is traced back to a Bot Network. It’s essentially a network of computers containing malicious code that work together to perform tasks that are assigned by the network’s creator or controller. In this case the activity would be faking clicks or conversions.

If you switch on this trap, Bot Network traffic will stop.

Mismatch UA – A threat falls under this trap when the UA mismatches between two sequential activities. For ex: a mismatch between a request and a impression or a click and a conversions etc. When the actions are sequential this information cannot be different.

If you switch on this trap, traffic with a mismatch in UA will stop.

Mismatch IP – A threat falls under this trap when the IP mismatches between two sequential activities. For ex: a mismatch between a request and a impression or a click and a conversions etc. When the actions are sequential this information cannot be different.

If you switch on this trap, traffic with a mismatch in IP will stop.

Mismatch Referer – A threat falls under this trap when the Referrer mismatches between two sequential activities. For ex: a mismatch between a request and a impression or a click and a conversions etc. When the actions are sequential this information cannot be different.

If you switch on this trap, traffic with a mismatch in Referrer will stop.

Stacked – Comes under the Viewability detection umbrella. A threat falls under this trap when the activity is traced to an hidden source. In this case the activity would be multiple ads stacked over each other and the click is generated from a ad which is hidden/non viewable.

If you switch on this trap, traffic coming from a stacked ad will stop.

Non Clickable – Comes under the Viewability detection umbrella. A threat falls under this trap when the activity is traced to an 1×1 pixel source. In this case the activity could be a click traced back to an ad which is 1×1 pixel in size which is not viewable.

If you switch on this trap, traffic coming from a non clickable ad will stop.

Off Screen – Comes under the Viewability detection umbrella. A threat falls under this trap when the activity is traced to a non-viewable area. In this case the activity could be a click traced back to an ad which is rendered off the screen limits and is not viewable.

If you switch on this trap, traffic coming from a off the screen ad will stop.

Emulator – A threat falls under this trap when the activity is traced back to originating from an Emulator device. In this case the activity could be a impression or a click getting originated from a emulator rather than a original device.

If you switch on this trap, traffic coming from a Emulator device will stop.

Trojan – A threat falls under this trap when the activity is traced back to originating from a Trojan network. These are typically a network of computers containing Trojan horses that work together to perform tasks that are assigned by the network’s controller.

If you switch on this trap, traffic coming from a Trojan network will stop.

eReader – A threat falls under this trap when the activity is traced back to originating from a eReader device. These are typically spoofed devices and do not represent an actual device.

If you switch on this trap, traffic coming from an EReader device will stop.

Gaming Console – A threat falls under this trap when the activity is traced back to originating from a Gaming Console device. These are typically spoofed devices and do not represent an actual device.

If you switch on this trap, traffic coming from a Gaming Console will stop.

Internet Explorer 6 – A threat falls under this trap when the activity is traced back to originating from a IE 6 browser. These are typically spoofed browsers as their UA’s are easily available online for disposal.

If you switch on this trap, traffic coming from IE6 Browser will stop.

TV Traffic – A threat falls under this trap when the activity is traced back to originating from a Television device. These are typically spoofed devices and do not represent an actual device.

If you switch on this trap, traffic coming from a TV device will stop.

Unknown Browser – A threat falls under this trap when the activity is traced back to originating from an Unknown browser and this is not possible as every activity needs to have this information if they are coming from a genuine browser.

If you switch on this trap, traffic coming from an Unknown Browser will stop.

UserAgent Botnet – This is a sophisticated trap and will start action after sufficient information is captured by the system. You will need to enter these three values to start capturing data accordingly.

Sample Vol – ex: 100

Duration – in minutes. Ex: 30 mins

Threshold % – Ex: 15%

Simulated iPhone – A threat falls under this trap when the activity is traced back to originating from a software or an emulator simulating to behave like an iPhone device.

Fake iPhone – A threat falls under this trap when the activity is traced back to originating from a device disguised as a iPhone or a spoofed User agent.

Fake Crawler – A threat falls under this trap when the activity is traced back to originating from a device disguised as a fake crawler. These are typically spoofed devices

If you switch on this trap, traffic coming from a spoofed crawler will stop.

Crawler Bot – A threat falls under this trap when the activity is traced back to originating from a Crawler Bot. The intention of these bots could be to steal important information from the website/property or scrap information.

If you switch on this trap, traffic coming from a Crawler bot will stop.

Honey Trap – A threat falls under this trap when the activity is traced back to bots clicking on invisible ads

Data Center – A threat falls under this trap when the activity origin is traced back to a Data Center. It’s essentially a network of computers or  Hosting provider machines that are faking clicks.

If you switch on this trap, traffic coming from a Data Center will stop.

Good Bot – A threat falls under this trap when the activity origin is traced back to a Good Bot IP. These IP’s typically belong to bots from Google, or other search engines that visit your website for indexing.

If you switch on this trap, traffic coming from a Good bot will stop.

AdWare – A threat falls under this trap when the activity origin is traced back to AdWare programs. These programs are typically present on a users machine and fake clicks or other activities without the users knowledge. They are also controlled by a master controller that orders the actions to be taken.

If you switch on this trap, traffic coming from a AdWare will stop.

ClickSpam – A threat falls under this trap when there is a burst of clicks coming in from a particular source in a very short duration and there are a few other internal parameters that are checked for to flag ClickSpam.

If you switch on this trap, traffic flagged as Click Spam will stop.

Malware – A threat falls under this trap when the activity origin is traced back to a Malware. Malware is a malicious software that is written with the intent of damaging devices, stealing data and generally causing a mess. These are typically Viruses, Spywares, Ransomwares, etc that act secretly and are controlled by a master controller that orders the actions to be taken.

If you switch on this trap, traffic coming from a Malware network will stop.

Known Attack Source – A threat falls under this trap when the activity origin is traced back to a Source that’s historically known to be a hidden source that attacks digital assets.

If you switch on this trap, traffic coming from a known attack source will stop.

iTraffic – A threat falls under this trap if the Traffic is originating from Safari browser on iPhone and iPad devices. This trap is strictly applicable for web push notification campaigns.

FastClickers – A threat falls under this trap if the time difference between a Request and the Click is below a preconfigured time set. This trap is applicable for Push notification campaigns.

Incompatible Browser-Windows Version – A threat falls under this trap when the originating browser and the Windows version do not match.

Spoofed UserAgent – A threat falls under this trap when the UserAgent does not match between a Request and the Click. This trap is strictly applicable for web push notification campaigns.

Headless Browsers – A threat falls under this trap when the event origination is from a web browser that does not have a GUI.

Watch Bot – A threat falls under this trap when a Bot is seen mimicking a Watch action on the website.

Login Bot – A threat falls under this trap when a Bot is seen mimicking a Login action on the website.

Signup Bot – A threat falls under this trap when a Bot is seen mimicking a Signup action on the website.

Buy Bot – A threat falls under this trap when a Bot is seen mimicking a Signup action on the website.

Free Bot – A threat falls under this trap when a Bot is seen mimicking a subscribe action for free information on the website.

Play Bot – A threat falls under this trap when a Bot is seen mimicking a Play content action on the website.

Download Bot – A threat falls under this trap when a Bot is seen mimicking a Download action on the website.

Install Bot – A threat falls under this trap when a Bot is seen mimicking a Install action on the website.

Subscription Bot – A threat falls under this trap when a Bot is seen mimicking a Subscribe action on the website.

Invalid Cookie – A threat falls under this trap when the action origination is found to be from a browser that does not support cookies. These browsers can also be a type of headless browser.

Spoofed Cookie – Flag traffic when each unique cookies- device/browser/OS/ information is getting spoofed with the incoming click from the same cookie.

Invalid Viewport – Flags Impression/click originating from non visible area on a display device.

Phish Traffic – Flags traffic sources caught doing phishing activities in the past.

Spoofed IP – Flags traffic where the IP address is spoofed.

Browser Version Missing – Flags traffic where the browser could be  Firefox, Chrome, Opera, Internet Explorer, Safari browser but there is no version information provided.

Missing Browser Information – Flags traffic where critical browser information like Browser Vendor, Browser Name, Browser Version is unknown or missing.

Missing OS Information – Flags traffic where critical OS information like OS Vendor, OS Name, OS Version is unknown or missing.

Non Adult Traffic – Flags traffic when the source is found to be non adult. Strictly to be used when you are expecting traffic to come from Adult sources.

Masked IP – Flags traffic when the User IP and the Header IP do not match.

Invalid Port – Flags traffic where the incoming traffic is coming from ports that cannot be a part of advertising transaction.

Dolt Bot – Flags traffic when the UserAgent and Cookie IDs are spoofed.

Click Farm – Flags is raised when there is a spike in the traffic in a short period of time from a certain IP address.

Screen Spoof – Flags traffic when the screen resolutions is getting spoofed.

Location Obscurification – Flags traffic where the location is getting spoofed between a prebid request and a postbid impression or click.

No Server – Flags traffic from IP addresses where the system administrators and ISPs owning the network have indicated that the servers should not be present.

Traps for Spam Threat

Desktop Traffic – A threat falls under this trap when the activity origin is traced back to a Desktop. A very useful trap when you are running a strictly mobile traffic campaign.

If you switch on this trap, traffic coming from a Desktop device will stop.

Adult Traffic – A threat falls under this trap when the activity origin is traced back to Adult website/referrer. Any click or conversion originating from a adult website can be filtered using this trap.

If you switch on this trap, traffic coming from a Adult website or referrer will stop.

Spam Domains – A threat falls under this trap when the activity origin is traced back to a domain that is historically known to be involved in spamming activities.

If you switch on this trap, traffic coming from a domain marked spam will stop.

Pop – A threat falls under this trap when the activity origin is traced back to a Pop over or a Pop under ad.
If you switch on this trap, traffic coming from a Pop ad will stop.

Torrent – A threat falls under this trap when the activity origin is traced back to a Torrent domain/referrer.

If you switch on this trap, traffic coming from a Torrent website/referrer will stop.

IFrame – A threat falls under this trap when the activity origin is traced back to an Iframe.

If you switch on this trap, traffic coming from an Iframe will stop.

Domain Age – Flags traffic coming from recently created domains.

Low ASD – Flags traffic from sources giving less than 1 minute of Average Session Duration in Google Analytics.

PopAsPush – Flags traffic from sources giving Pop traffic. Strictly to be used for Web push notification campaigns.

NonSmartTV – Flags traffic from Non Smart TV devices. To be used for CTV traffic campaigns.

Missing SubIds – Flags traffic from SubIds whose traffic is not recorded in Google Analytics.

NonSmartTV(Vast 4.0) – Flags traffic from Non Smart TV devices having VAST 4.0 tag. To be used for Web push notification campaigns.

Missing Referrer – Flags prebid requests from sources where the referrer information is missing.

Majestic Domains – Flags traffic coming from premium publishers at a freemium price.

Traps for User Discretion Traffic

TOR Exit Node – A threat falls under this trap when the activity origin is traced back to a sophisticated proxy network.

If you switch on this trap, traffic coming from a Proxy network or a sophisticated proxy network will stop.

Spam Network – A threat falls under this trap when the activity origin is traced back to a network that is historically known to be involved in spamming activities.

If you switch on this trap, traffic coming from a Spam network will stop.

Zombie – Flags traffic from IP networks hijacked from their original owners, some of which may have already been used for spamming.

Proxy servers – Flags traffic originating from Proxy servers.

Mail servers – Flags traffic originating from mail servers.

Web servers – Flags traffic from web servers used for spamming.

Nomail Domain – Flags traffic from domain names where the owners have indicated no email can ever originate from these domains.

Hardik Gandhi