ClickGUARD analyzes many aspects of an IP address in order to assess if an IP address is a known threat. This includes fetching IP information from various anti-fraud, geo-location and blacklist services. That means ClickGUARD is able to learn if an IP address is:

  • an anonymous proxy (exit address for anonymizing services such as HTTP/Socks proxies, VPNs or Tor)?
  • a fake crawler (Suspicious web scraper impersonating popular and legitimate crawlers)
  • a port scanner (port scanning as in the common way to search for exploitable security vulnerabilities in running network services)
  • an attack source (known source of various cyber attacks), including the type of the attack (web, mail, ssh, ftp, sip, etc.)
  • hosting a bot (part of a malicious botnet), including botnet type (bad, brute force, scan, spam, referrer spam, etc.)
  • blacklisted for any other fraud or abuse related reason

By cross-referencing the information about an IP address across multiple services ClickGUARD is able to determine the threat level and classify it as:

  • low - the default for IP addresses not associated with bad behavior
  • medium - high probability for unwanted ad clicks
  • high - high probability for abusive, disruptive and fraudulent ad clicks

Did this answer your question?