Fraudlogix Digital Advertising Glossary of Terms

Ad Fraud (Advertising Fraud)
Any time engagement with an online ad has been forged to generate revenue.

Ad Network (Advertising Network)
A company that aggregates ad space from multiple websites, connecting website publishers and advertisers.

Ad Verification (Ad verification vendors)
Services/companies that report on and/or ensure that online ads appeared on the intended websites or to the intended target audience. They may also measure viewability and rate website placements for brand safety.

Often a form of malware that will automatically display ads to users when they’re online.

Ads.txt (Authorized Digital Sellers)
An initiative brought forth by the Interactive Advertising Bureau (IAB) that allows publishers to specify which ad tech companies are authorized to sell and resell ads on their pages. This was put in place to help stop domain spoofing.

Affiliate Advertising (Affiliate Marketing, Performance Advertising)
A form of performance marketing where a business pays a commission to another company (the affiliate) for every action that was produced by that company’s marketing efforts. Affiliates’ efforts may be measured and paid based on website visits, clicks, leads, sales, installs, and/or other actions.

Affiliate Fraud
A type of fraud that involves an affiliate forging an action (i.e., a website visit, click, lead, sale, install) in exchange for a commission. Affiliate fraudsters may use bots and even stolen credit cards to forge actions.

Anomaly Detection (Behavioral Analysis)
A way to detect suspicious behavior and/or bot activity. Large volumes of traffic are examined and baselines for normal traffic are established. Anomalies from the baselines are identified and weighted according to severity, the premise being that bots and fraudulent activity differ, sometimes only subtly,  from normal user activity.

Blacklisting (Blacklist, Blocklist)
In terms of ad fraud, it’s a way to block ad traffic from high-risk sources (i.e., high-risk IP addresses). They may be used to prevent a company from bidding on ad impressions that have a high probability of being fraudulent in the RTB environment. They may also be used to prevent fraudulent actions such as views, installs, clicks, and sales.

Bot (Internet Bot)
A bot is a software application that’s programmed to run automated tasks over the internet. In terms of ad fraud, bots are often malware programmed to visit websites to view and interact with ads, which generates forged (fake) impressions, views, and clicks.

Bot Detection
The collection of methods that a company uses to detect bots and the ad traffic generated by them. This may include behavioral and/or statistical analysis.

In terms of ad fraud, a collection of compromised (infected) devices that are all running the same bot malware and controlled by the same fraudster. The fraudster may be able to change the actions of the botnet and direct where the botnet traffic should go.

Bot Traffic
The website/ad visits/views that are generated by a bot.

Brand Safety
In online marketing, advertisers must be cognizant of ad placements and a brand safety strategy is used to avoid having their ads appear on websites or pages that may be harmful to a brand’s image.

Click Farm
A group of people that are paid to visit websites and click on ads.

Click Fraud (fraudulent clicks)
A form of ad fraud where an ad/link is repeatedly clicked by a human or bot to fraudulently generate revenue in a cost-per-click (CPC) advertising model.

CPA (Cost per Acquisition/Cost per Action)
An online marketing model that pays an affiliate for every acquisition/action that results from the affiliate’s online marketing efforts. This may include sales, form completions, signups, customers, etc.

CPC (Cost per click), PPC (Pay per click)
An online marketing model where the advertiser pays for every click of an ad.

CPI (Cost per Install)
An online marketing model for mobile apps (often associated with affiliate marketing) where a company pays a commission for every install of its app.

CPL (Cost per Lead)
An affiliate marketing model where a company pays a commission for every lead/form submission the affiliate company generates.

CPM (Cost Per Thousand Impressions/Cost per mille)
An online advertising pricing model used in the programmatic RTB space where advertisers are charged a set price for every 1,000 impressions of their ad (e.g., with a $1 CPM an advertiser is paying $1 for their ad to be shown 1,000 times).

Data Center Traffic
Website traffic that originates from a server in a datacenter, not a residential or corporate location, indicating that it was not created by a human.

Desktop Device
A device that’s typically used on the desktop and runs Windows or Mac operating systems (e.g., PCs, laptops, and Macs).

Desktop Fraud
Fraudulent ad traffic that originates from desktop devices.

Domain Spoofing (Domain Masking)
A form of ad fraud that occurs when a publisher fraudulently declares a domain name in a bid request that’s different from where the ad will actually be run (e.g., the publisher declares “” in the bid request but the ad will actually be served on “”). This is done to trick advertisers into running their ads on sites where they normally wouldn’t and/or to increase the amount the advertiser will pay for the ad placements. It opens advertisers up to brand safety issues, wastes ad dollars by placing ads on low-quality domains, and can be harmful to legitimate publishers whose domain names are being spoofed.

Domain Reputation
A collective quality score for a domain as it relates to ad placements within the online advertising system. A reputation score may be generated from data that includes the amount of fraudulent traffic seen on that domain, the average viewability, domain registration information and more.

DSP (Demand Side Platform)
The technology platform on the buy side of the programmatic system that allows advertisers to bid on and purchase online ads in real time. They also allow advertisers to target specific online audience segments with their ads.

Exchange (Ad Exchange)
The technology platforms that act as a marketplace between the buy and sell sides of the real-time-bidding (RTB) programmatic system. They normally have ad inventory from multiple supply sources and networks and have multiple DSPs integrated with them to bid on and purchase inventory.

Fraudulent Traffic (Fake Traffic, Invalid Traffic, Nonhuman Traffic)
Ad traffic that’s been generated by bots, malware, compromised devices, or other fraudulent means and is falsely masquerading as human traffic by visiting, viewing, and interacting with online ads.

Ghost Sites (ghost websites, fake websites)
In terms of ad fraud, websites that have been set up with the sole intention of fraudulently generating revenue by serving ads to bot traffic. Publishers of these sites often design them to look like real websites and then monetize them through the programmatic RTB system. Very few, if any, humans visit them and almost all the traffic to them is fraudulent. Bots are often programmed to visit numerous ghost sites to click and interact with the advertisements.

Hijacked Device (Compromised Device)
A device (e.g., mobile phone, PC, laptop, tablet, etc.) that has some sort of malware installed on it and may be controlled and/or manipulated by outside hackers. In terms of ad fraud, compromised devices may have malware on them that instructs bots to open browsers, visit websites, and interact with ads, often unbeknownst to the owner. These devices may be part of a larger botnet. Because these devices have malware on them and may be able to be accessed and controlled by outside hackers, they are considered compromised and a security risk.

Install Fraud (Fraudulent Installs)
App installs that have been generated by bots, malware, compromised devices, or install farms falsely masquerading as legitimate app users. Most often associated with affiliate fraud where an affiliate is paid a commission for every install it generates.

Invalid Traffic (IVT) (Non-human traffic)
The MRC (Media Rating Council) considers Invalid traffic to be a collective term for both General and Sophisticated invalid traffic. It defines the two different types of invalid traffic as follows:

General Invalid Traffic (GIVT)
“Traffic identified through routine means of filtrations executed through application of lists or with other standardized parameter checks”. Examples include: “known data-center traffic (determined to be a consistent source of non-human traffic; not including routing artifacts of legitimate users or virtual machine legitimate browsing),  bots and spiders or other crawlers (except those as noted below in the “Sophisticated Invalid Traffic” category), activity-based filtration using campaign or application data and transaction parameters from campaign or application data, non-browser user-agent headers or other forms of unknown browsers and pre-fetch or browser pre-rendered traffic.”

Sophisticated Invalid Traffic (SIVT)
“Consists of more difficult to detect situations that require advanced analytics, multi-point corroboration/coordination, significant human intervention, etc., to analyze and identify.  Key examples are: bots and spiders or other crawlers masquerading as legitimate users; hijacked devices; hijacked sessions within hijacked devices; hijacked ad tags; hijacked creative; hidden/stacked/covered or otherwise intentionally obfuscated ad serving; invalid proxy traffic (originating from an intermediary proxy device that exists to manipulate traffic counts or create/pass-on non-human or invalid traffic or otherwise failing to meet protocol validation); adware; malware; incentivized manipulation of measurements (fraudulent incentivized promotion of an entity, without its knowledge or permission);  misappropriated content (where used to purposefully falsify traffic at a material level); falsified viewable impression decisions; falsely represented sites (sites masquerading as other entities for illegitimate purposes) or impressions; cookie stuffing, recycling or harvesting (inserting, deleting or misattributing cookies thereby manipulating or falsifying prior activity of users ); manipulation or falsification of location data or related attributes; and differentiating human and IVT traffic when originating from the same or similar source in certain closely intermingled circumstances.”

Source: MRC Invalid Traffic Detection and Filtration Guideline Addendum, October 15, 2015

IP Address (Internet protocol address)
Numerical address assigned to a device or group of devices connected to the Internet.

IP Blocklist (IP Blacklist)
In terms of ad fraud, an IP blocklist includes high-risk IP addresses (i.e., a majority of the traffic from them is invalid).  An IP blocklist can be used to prevent ad fraud by automatically blocking, or bidding on, traffic from IP addresses on the list.

IP Intelligence
The collective real-time and historic data about an IP address used by companies to help determine the risk level of traffic coming from that IP. It may include data on invalid traffic and other granular-level device data such as user agents, browsers, operating systems, plugins, etc. that are present.

Lead Fraud (Fraudulent Leads)
Fake online form submissions (leads) masquerading as legitimate users interested in a product or service. Most often associated with affiliate fraud where an affiliate is paid a commission for every lead it generates. In these cases, leads are often generated by bots or other fraudulent means and the information provided in the forms is forged.

Malicious software often used to commit ad fraud. There are many different types of malware including adware, spyware, ransomware, viruses, worms, and Trojan horses. It can take many different forms, including executable codes and scripts.

Mobile Device
A device that’s typically used in mobile environments (e.g., smartphones).

Mobile Fraud
Fraudulent ad traffic that originates from mobile devices and the apps running on them.

Pirate Websites (Torrent sites)
Websites that illegally sell or stream unauthorized material, often movies, media, and other copyrighted material. These sites often have to resort to domain spoofing to monetize in the programmatic markets because they have been previously banned.

In the RTB market, the part of the bidding process that occurs before bids are placed by buyers. In the pre-bid environment, buyers are presented with information within a bid request regarding the ad placement. This includes information such as the IP address, domain, and cookie information. Using information in the bid request buyers can determine whether or not they want to bid on the ad placement and how much they’re will to pay. In terms of ad fraud and pre-bid fraud blocking, key variables in the bid request (e.g., the IP address, publisher, or domain) may be compared to what is currently known about each variable to determine the likelihood of the ad placement being fraudulent. In pre-bid ad fraud detection, bid requests from high-risk sources are identified and blocked in the pre-bid environment, thus preventing ad fraud from happening.

Programmatic (Programmatic Ad Traffic, Programmatic Advertising)
Automated buying of online ad inventory where algorithms are used to identify website viewers and serve them relevant ads using the real-time-bidding (RTB) process.

In terms of online advertising, any entity or company that publishes a website and monetizes it with advertising space.

Proxy Traffic
Ad traffic that has come from a proxy server or proxy network. User traffic from a proxy has been routed through a proxy device and is anonymized, making it difficult to trace and assess the quality of it. While there may be legitimate privacy reasons a user may use a proxy, ad fraudsters use them to mask the origin of fraudulent traffic.

RTB (Real Time Bidding)
In the online advertising space, RTB is the way programmatic ads are bought and sold on a per-impression basis – it’s the instantaneous auction of ad space that happens every time a user views a webpage that monetizes programmatically. Very basically, a user visits a website, which generates a bid request for the ad space on that page. The bid request contains information on that user (e.g., IP address, user agent, location, cookie information, etc.). Advertisers bid on the impression based on the information from the bid request and the winner of the auction gets their ad served to that user. This all happens in a fraction of a second.

SSP (Supply Side Platform)
The technology platform on the sell side of the programmatic RTB system that allows publishers to sell their ad inventory in real time.

Traffic (Ad Traffic)
The viewers, visits and interactions with online media (e.g., websites, ads, videos, etc.)

Traffic Sourcing (Sourced Traffic, Purchased Traffic)
A practice sometimes used by online publishers where they purchase or source an audience from third parties and sell the ad space to advertisers. This practice increases if advertiser demand outpaces the publishers’ inventory. An increased risk of fraudulent, bot-generated traffic is associated with sourced traffic.  

Online advertising metric that measures how long an ad was in view (if at all) for the end user.