Botman Trap Definitions

Home  >  Knowledge Base  >  Botman Trap Definitions

Traps for Non Human Threat

Bot Network - A threat falls under this trap when the activity origin is traced back to a Bot Network. It’s essentially a network of computers containing malicious code that work together to perform tasks that are assigned by the network’s creator or controller. In this case the activity would be faking clicks or conversions.

If you switch on this trap, Bot Network traffic will stop.

Mismatch UA - A threat falls under this trap when the UA mismatches between two sequential activities. For ex: a mismatch between a request and a impression or a click and a conversions etc. When the actions are sequential this information cannot be different.

If you switch on this trap, traffic with a mismatch in UA will stop.


Mismatch IP - A threat falls under this trap when the IP mismatches between two sequential activities. For ex: a mismatch between a request and a impression or a click and a conversions etc. When the actions are sequential this information cannot be different.

If you switch on this trap, traffic with a mismatch in IP will stop.

Mismatch Referer - A threat falls under this trap when the Referrer mismatches between two sequential activities. For ex: a mismatch between a request and a impression or a click and a conversions etc. When the actions are sequential this information cannot be different.

If you switch on this trap, traffic with a mismatch in Referrer will stop.


Stacked - Comes under the Viewability detection umbrella. A threat falls under this trap when the activity is traced to an hidden source. In this case the activity would be multiple ads stacked over each other and the click is generated from a ad which is hidden/non viewable.

If you switch on this trap, traffic coming from a stacked ad will stop.


Non Clickable - Comes under the Viewability detection umbrella. A threat falls under this trap when the activity is traced to an 1x1 pixel source. In this case the activity could be a click traced back to an ad which is 1x1 pixel in size which is not viewable.

If you switch on this trap, traffic coming from a non clickable ad will stop.

Off Screen - Comes under the Viewability detection umbrella. A threat falls under this trap when the activity is traced to a non-viewable area. In this case the activity could be a click traced back to an ad which is rendered off the screen limits and is not viewable.

If you switch on this trap, traffic coming from a off the screen ad will stop.


Emulator - A threat falls under this trap when the activity is traced back to originating from an Emulator device. In this case the activity could be a impression or a click getting originated from a emulator rather than a original device.

If you switch on this trap, traffic coming from a Emulator device will stop.


Trojan - A threat falls under this trap when the activity is traced back to originating from a Trojan network. These are typically a network of computers containing Trojan horses that work together to perform tasks that are assigned by the network’s controller.

If you switch on this trap, traffic coming from a Trojan network will stop.


eReader - A threat falls under this trap when the activity is traced back to originating from a eReader device. These are typically spoofed devices and do not represent an actual device.

If you switch on this trap, traffic coming from an EReader device will stop.

Gaming Console - A threat falls under this trap when the activity is traced back to originating from a Gaming Console device. These are typically spoofed devices and do not represent an actual device.

If you switch on this trap, traffic coming from a Gaming Console will stop.


Internet Explorer 6 - A threat falls under this trap when the activity is traced back to originating from a IE 6 browser. These are typically spoofed browsers as their UA’s are easily available online for disposal.

If you switch on this trap, traffic coming from IE6 Browser will stop.


TV Traffic - A threat falls under this trap when the activity is traced back to originating from a Television device. These are typically spoofed devices and do not represent an actual device.

If you switch on this trap, traffic coming from a TV device will stop.


Unknown Browser - A threat falls under this trap when the activity is traced back to originating from an Unknown browser and this is not possible as every activity needs to have this information if they are coming from a genuine browser.

If you switch on this trap, traffic coming from an Unknown Browser will stop.

UserAgent Botnet - This is a sophisticated trap and will start action after sufficient information is captured by the system. You will need to enter these three values to start capturing data accordingly.

Sample Vol - ex: 100

Duration - in minutes. Ex: 30 mins

Threshold % - Ex: 15%

Simulated iPhone - A threat falls under this trap when the activity is traced back to originating from a software or an emulator simulating to behave like an iPhone device.

Fake iPhone - A threat falls under this trap when the activity is traced back to originating from a device disguised as a iPhone or a spoofed User agent.


Fake Crawler - A threat falls under this trap when the activity is traced back to originating from a device disguised as a fake crawler. These are typically spoofed devices

If you switch on this trap, traffic coming from a spoofed crawler will stop.


Crawler Bot - A threat falls under this trap when the activity is traced back to originating from a Crawler Bot. The intention of these bots could be to steal important information from the website/property or scrap information.

If you switch on this trap, traffic coming from a Crawler bot will stop.

Honey Trap - A threat falls under this trap when the activity is traced back to bots clicking on invisible ads


Data Center - A threat falls under this trap when the activity origin is traced back to a Data Center. It’s essentially a network of computers or  Hosting provider machines that are faking clicks.

If you switch on this trap, traffic coming from a Data Center will stop.


Good Bot - A threat falls under this trap when the activity origin is traced back to a Good Bot IP. These IP’s typically belong to bots from Google, or other search engines that visit your website for indexing.

If you switch on this trap, traffic coming from a Good bot will stop.


AdWare - A threat falls under this trap when the activity origin is traced back to AdWare programs. These programs are typically present on a users machine and fake clicks or other activities without the users knowledge. They are also controlled by a master controller that orders the actions to be taken.

If you switch on this trap, traffic coming from a AdWare will stop.

ClickSpam - A threat falls under this trap when there is a burst of clicks coming in from a particular source in a very short duration and there are a few other internal parameters that are checked for to flag ClickSpam.

If you switch on this trap, traffic flagged as Click Spam will stop.


Malware - A threat falls under this trap when the activity origin is traced back to a Malware. Malware is a malicious software that is written with the intent of damaging devices, stealing data and generally causing a mess. These are typically Viruses, Spywares, Ransomwares, etc that act secretly and are controlled by a master controller that orders the actions to be taken.

If you switch on this trap, traffic coming from a Malware network will stop.


Known Attack Source - A threat falls under this trap when the activity origin is traced back to a Source that’s historically known to be a hidden source that attacks digital assets.

If you switch on this trap, traffic coming from a known attack source will stop.

Traps for Spam Threat

Desktop - A threat falls under this trap when the activity origin is traced back to a Desktop. A very useful trap when you are running a strictly mobile traffic campaign.

If you switch on this trap, traffic coming from a Desktop device will stop.


Adult Traffic - A threat falls under this trap when the activity origin is traced back to Adult website/referrer. Any click or conversion originating from a adult website can be filtered using this trap.

If you switch on this trap, traffic coming from a Adult website or referrer will stop.


Spam Domains - A threat falls under this trap when the activity origin is traced back to a domain that is historically known to be involved in spamming activities.

If you switch on this trap, traffic coming from a domain marked spam will stop.


Spam Network - A threat falls under this trap when the activity origin is traced back to a network that is historically known to be involved in spamming activities.

If you switch on this trap, traffic coming from a Spam network will stop.


Pop - A threat falls under this trap when the activity origin is traced back to a Pop over or a Pop under ad.

If you switch on this trap, traffic coming from a Pop ad will stop.


Torrent - A threat falls under this trap when the activity origin is traced back to a Torrent domain/referrer.

If you switch on this trap, traffic coming from a Torrent website/referrer will stop.

IFrame - A threat falls under this trap when the activity origin is traced back to an Iframe.

If you switch on this trap, traffic coming from an Iframe will stop.

Traps for Proxy/TOR Threat

TOR Exit Node - A threat falls under this trap when the activity origin is traced back to a sophisticated proxy network.

If you switch on this trap, traffic coming from a Proxy network or a sophisticated proxy network will stop.

Hardik Gandhi