ClickGUARD analyzes many aspects of an IP address in order to assess if an IP address is a known threat. This includes fetching IP information from various anti-fraud, geo-location, and blacklist services. That means ClickGUARD is able to learn if an IP address is:
- an anonymous proxy (exit address for anonymizing services such as HTTP/Socks proxies, VPNs, or Tor)
- a fake crawler (Suspicious web scraper impersonating popular and legitimate crawlers)
- a port scanner (port scanning as in a common way to search for exploitable security vulnerabilities in running network services)
- an attack source (a known source of various cyber attacks), including the type of the attack (web, mail, SSH, FTP, SIP, etc.)
- hosting a bot (part of a malicious botnet), including botnet type (bad, brute force, scan, spam, referrer spam, etc.)
- blacklisted for any other fraud or abuse-related reason
By cross-referencing the information about an IP address across multiple services ClickGUARD is able to determine the threat level and classify it as:
- low - the default for IP addresses not associated with bad behavior
- medium - high probability for unwanted ad clicks
- high - high probability for abusive, disruptive, and fraudulent ad clicks
Comments
0 comments
Please sign in to leave a comment.