Spider AF detects two types of invalid traffic: general and sophisticated.

General invalid traffic (GIVT):

Sophisticated invalid traffic (SIVT):

What is it?

Crawlers are programs that automatically browse the internet. Some crawlers collect data to sell, and others may collect info about rivals' campaigns or pricing.

How do we detect this?

We detect this based on the IP, internet service provider, or user agent details.
Repeated traffic from the same IP address is common, so we can prevent this by blocking the address.

What is it?

Data centers are facilities with racks of computers for large systems such as cloud services. These data centers may scan public websites to collect information. Data centers do not use the same IP addresses as normal users.

How do we detect this?

We can detect this using our own list of IP addresses. Repeated traffic from the same IP address is common, so we can prevent this by blocking the address.

What is it?

Apps that use the internet show user agent data to identify themselves. This data can show when a request for a page does not come from a person using a browser.

How do we detect this?

We can detect this based on the user agent data.

What is it?

Bots are remotely controlled computer programs that are often used for hacking and other malicious attacks.

How do we detect this?

We identify bots based on clues such as browser automation tools. Repeated traffic from the same IP address is common, so we can prevent this by blocking the address.

What is it?

Bad actors may fake the user agent to make fraudulent traffic look like normal activity.

How do we detect this?

We can detect this by looking at details such as whether the user agent and platform data match.

What is it?

This refers to repeated access from the same IP address or browser. This can include competitors checking the content of your ads.

When the bidding price for ads is high, there is a high chance of fraudulent users clicking to deplete your budget and hide your ads.

How do we detect this?

We detect this by tracking repeated traffic from the same IP or browser.

What is it?

A user can hide their identity with a virtual private network (VPN) or proxy server. They may use these for fraudulent activity. Most users do not use these tools, so we consider this to be invalid traffic.

How do we detect this?

We detect this based on the IP address.

What is it?

Domain spoofing shows a fake source for incoming traffic. This fraudulent traffic often aims to deplete advertising spending.

How do we detect this?

We can detect this when the referrer data and page location do not match.

What is it?

This refers to techniques used to disguise or falsify a user's actual geographic location. By using a geomask, users can make it appear as though they are accessing a service from a different region or country than they actually are.

How do we detect this?

It's detected when the IP information and the device's time zone settings don't match.