Bot Detection for
Ad Tech
Ad fraud drains billions from digital advertising every year. Bots generate fake impressions, fraudulent clicks, and manipulated conversions — destroying campaign ROI and advertiser trust. Stop invalid traffic before it enters your supply chain.
How Bots Attack Ad Tech
Ad fraud is the most profitable form of cybercrime after drug trafficking. Here are the six primary attack vectors targeting your ad supply chain.
Click Fraud
Bots or click farms generate fake clicks on PPC ads, draining advertiser budgets without any conversion potential. Competitors weaponize click fraud to exhaust rivals' daily ad spend.
Impression Fraud
Bot traffic inflates CPM-based ad impressions. Pixel stuffing, ad stacking, and invisible iframe loading create millions of "impressions" that no human ever sees.
Attribution Manipulation
Bots inject fake install signals, click-jack organic conversions, and manipulate last-click attribution models to steal credit from legitimate channels.
CTV & Video Fraud
Server-Side Ad Insertion (SSAI) spoofing, device impersonation, and bot-driven CTV traffic exploit the high CPMs of connected TV advertising.
Domain Spoofing
Fraudsters impersonate premium publisher domains to sell low-quality inventory at premium prices. Ads.txt helps but doesn't stop sophisticated spoofing networks.
Bot Traffic Laundering
Residential proxy networks and compromised devices launder bot traffic to appear as real users from legitimate ISPs, bypassing datacenter IP blocklists.
Ad Tech Use Cases
Pre-Bid Traffic Quality Filtering
DSPs process billions of bid requests daily. Every fraudulent impression you bid on wastes budget and erodes advertiser trust. By scoring IPs before placing bids, you can filter out bot traffic at the source — before a single dollar is wasted.
- ✓Score bid request IPs in <50ms to meet RTB latency requirements
- ✓Detect datacenter IPs, residential proxies, and VPN exit nodes
- ✓Flag known bot network IPs and abuse-history signals
- ✓Create IVT segments for pre-bid decisioning
- ✓Feed risk scores into bid-shading algorithms
import httpx
from typing import Optional
class PreBidFilter:
"""Filter bid requests using IPASIS IP intelligence."""
def __init__(self, api_key: str):
self.client = httpx.AsyncClient(
base_url="https://api.ipasis.com/v1",
headers={"Authorization": f"Bearer {api_key}"},
timeout=0.05, # 50ms max for RTB
)
self.cache = {} # Use Redis in production
async def should_bid(
self, bid_request: dict
) -> tuple[bool, Optional[str]]:
"""Returns (should_bid, reason) for a bid request."""
ip = bid_request.get("device", {}).get("ip")
if not ip:
return False, "no_ip"
# Check cache first (critical for RTB latency)
if ip in self.cache:
risk = self.cache[ip]
else:
resp = await self.client.get(f"/ip/{ip}")
risk = resp.json()
self.cache[ip] = risk
# GIVT: Block datacenter and known bot IPs
if risk.get("is_datacenter") or risk.get("is_bot"):
return False, "givt_datacenter"
# SIVT: Flag residential proxies and VPNs
if risk.get("is_residential_proxy"):
return False, "sivt_residential_proxy"
# High risk score = likely invalid traffic
if risk.get("risk_score", 0) >= 70:
return False, f"high_risk_{risk['risk_score']}"
# Known abuse history
if risk.get("abuse_score", 0) >= 80:
return False, "abuse_history"
return True, None
# Usage in bid handler:
# should_bid, reason = await filter.should_bid(bid_req)
# if not should_bid:
# log_ivt(bid_req, reason)
# return NoBidResponse()Supply-Side Traffic Quality
SSPs and publisher monetization platforms must ensure traffic quality to maintain advertiser relationships and avoid clawbacks. IVT rates above 2-3% trigger advertiser audits, rate reductions, or termination. IPASIS helps you filter before impressions enter the exchange.
- ✓Pre-auction IVT filtering to protect sell-side inventory quality
- ✓Real-time MRC-aligned GIVT/SIVT classification
- ✓Granular publisher-level IVT reporting for transparency
- ✓Block bot traffic before it inflates publisher impressions
- ✓Protect revenue by preventing advertiser clawbacks
// SSP-side traffic quality middleware
const IPASIS_API = "https://api.ipasis.com/v1/ip";
async function classifyTraffic(ip) {
const cached = await redis.get(`ivt:${ip}`);
if (cached) return JSON.parse(cached);
const resp = await fetch(`${IPASIS_API}/${ip}`, {
headers: { Authorization: `Bearer ${API_KEY}` },
});
const data = await resp.json();
// MRC-aligned IVT classification
const classification = {
ip,
givt: data.is_datacenter || data.is_bot,
sivt: data.is_residential_proxy || data.is_tor,
risk_score: data.risk_score,
ivt_type: null,
action: "allow",
};
// GIVT — General Invalid Traffic
if (data.is_datacenter && !data.is_known_crawler) {
classification.ivt_type = "givt_datacenter";
classification.action = "block";
}
if (data.is_bot) {
classification.ivt_type = "givt_bot";
classification.action = "block";
}
// SIVT — Sophisticated Invalid Traffic
if (data.is_residential_proxy) {
classification.ivt_type = "sivt_proxy";
classification.action = "flag";
}
if (data.risk_score >= 80) {
classification.ivt_type = "sivt_high_risk";
classification.action = "block";
}
await redis.setex(`ivt:${ip}`, 300,
JSON.stringify(classification));
return classification;
}
// In auction handler:
// const ivt = await classifyTraffic(req.ip);
// if (ivt.action === "block") {
// metrics.increment("ivt_blocked", { type: ivt.ivt_type });
// return; // Don't include in auction
// }Conversion & Attribution Fraud Prevention
Affiliate networks lose millions to click injection, cookie stuffing, and fake conversions. Fraudulent affiliates use bots to generate fake installs, leads, and signups to collect CPA payouts. IP intelligence catches fraud patterns that attribution platforms miss.
- ✓Detect click injection and click flooding patterns
- ✓Flag conversions from datacenter IPs, VPNs, and proxy networks
- ✓Identify device farms and emulator-based install fraud
- ✓Score affiliate traffic quality in real-time
- ✓Prevent cookie stuffing with IP anomaly detection
- ✓Build fraud evidence for affiliate disputes
import httpx
async def validate_conversion(
conversion: dict, api_key: str
) -> dict:
"""Validate affiliate conversion for fraud signals."""
ip = conversion["ip"]
async with httpx.AsyncClient() as client:
resp = await client.get(
f"https://api.ipasis.com/v1/ip/{ip}",
headers={"Authorization": f"Bearer {api_key}"},
timeout=2.0,
)
risk = resp.json()
result = {
"conversion_id": conversion["id"],
"affiliate_id": conversion["affiliate_id"],
"verdict": "clean",
"flags": [],
"risk_score": risk.get("risk_score", 0),
}
# Datacenter IP = likely bot/emulator farm
if risk.get("is_datacenter"):
result["flags"].append("datacenter_ip")
result["verdict"] = "reject"
# VPN/proxy = hiding real location
if risk.get("is_vpn") or risk.get("is_proxy"):
result["flags"].append("anonymized_ip")
result["verdict"] = "review"
# Residential proxy = sophisticated fraud
if risk.get("is_residential_proxy"):
result["flags"].append("residential_proxy")
result["verdict"] = "reject"
# High abuse score = known fraud source
if risk.get("abuse_score", 0) >= 70:
result["flags"].append("abuse_history")
result["verdict"] = "reject"
# Geo mismatch (targeted campaign)
expected = conversion.get("target_country")
actual = risk.get("country_code")
if expected and actual != expected:
result["flags"].append("geo_mismatch")
if result["verdict"] == "clean":
result["verdict"] = "review"
return result
# Batch validation for daily reconciliation:
# for conv in today_conversions:
# result = await validate_conversion(conv, key)
# if result["verdict"] == "reject":
# hold_payout(conv["affiliate_id"], conv["id"])Ad Industry Standards & Compliance
IPASIS helps you meet the measurement and verification standards that advertisers and agencies demand.
MRC Invalid Traffic Guidelines
The Media Rating Council defines GIVT (General Invalid Traffic) and SIVT (Sophisticated Invalid Traffic) standards. IPASIS provides signals aligned with both tiers:
- •GIVT: Datacenter IPs, known bots, crawlers, non-browser UA
- •SIVT: Residential proxies, VPN exit nodes, compromised devices, cookie manipulation
TAG Certified Against Fraud
The Trustworthy Accountability Group (TAG) requires fraud detection across the supply chain. IPASIS provides the IP intelligence layer that TAG-certified companies need:
- •Pre-bid and post-bid traffic filtering
- •Seller/publisher traffic quality scoring
- •IVT rate reporting and audit trails
IAB Tech Lab & ads.txt
While ads.txt/app-ads.txt combat domain spoofing, they don't address bot traffic. IPASIS complements IAB standards by adding traffic quality verification:
- •Verify traffic sources beyond ads.txt authorization
- •Detect bot traffic from authorized but compromised sellers
- •SupplyChain object enrichment with risk signals
Why Ad Tech Companies Choose IPASIS
Purpose-built for the speed and scale demands of programmatic advertising.
Sub-50ms Latency
RTB requires decisions in milliseconds. IPASIS responds in <40ms globally — fast enough for pre-bid decisioning without impacting auction latency.
Residential Proxy Detection
Detect traffic from residential proxy networks like Bright Data, Oxylabs, and SOAX that make bot traffic appear legitimate. The #1 blind spot in ad fraud.
Datacenter IP Coverage
Comprehensive datacenter IP detection covering AWS, GCP, Azure, DigitalOcean, Hetzner, and 500+ hosting providers. Catch GIVT at the source.
Abuse History Intelligence
IP-level abuse history from threat feeds, honeypots, and blocklists. Know which IPs have been flagged for fraud, spam, or botnet activity.
Simple REST API
Single API call returns risk score, VPN/proxy/Tor flags, datacenter detection, geolocation, and abuse history. No complex SDKs or JavaScript tags required.
Transparent Pricing
Simple per-query pricing that scales with your traffic. No contracts, no minimums, no hidden fees. Pay only for what you use.
CTV & Video Ad Fraud
Connected TV is the fastest-growing ad format — and the fastest-growing fraud target. CTV CPMs of $25-65 make it extremely lucrative for fraudsters.
Common CTV Fraud Vectors
- ⚠SSAI Spoofing: Server-side ad insertion servers faking CTV device headers
- ⚠Device Impersonation: Bots mimicking Roku, Fire TV, and Apple TV user agents
- ⚠App Spoofing: Low-quality apps claiming to be premium CTV inventory
- ⚠Loop Fraud: Repeated ad plays with no viewer present
How IPASIS Catches CTV Fraud
- ✓Datacenter Detection: Real CTV devices use residential IPs. Datacenter IPs claiming to be CTV = fraud.
- ✓Geolocation Verification: Match claimed device location against IP geolocation. Mismatches indicate spoofing.
- ✓Residential Proxy Flags: SSAI spoofing often routes through residential proxies to appear legitimate.
- ✓Risk Score Aggregation: Combine IP signals with behavioral patterns for comprehensive CTV fraud scoring.
Stop Paying for Bot Traffic
Every fraudulent impression, fake click, and bot conversion costs you money. Start filtering invalid traffic today with IPASIS — free tier available.