Data Center Traffic—The Traffic That Doesn’t Belong To You
Have you ever wondered how the internet delivers every piece of information you request almost instantly? Or how a Google search delivers billions of results to you—in a fraction of a second? All this happens because of data centers.
How Does a Data Center Work?
Data centers are facilities responsible for housing several network computers and storage systems used in storing and processing large amounts of enterprise data.
To give you a visual example, here’s what it looks like inside a data center.
Every data center consists of many interconnected systems working together to process information faster and better.
For these systems to work effectively, they need to scour the web looking for relevant information using bots. These bots are tagged “good bots,” because they only curate and store publicly available information in their data centers.
However, the use of data centers contributes to several cases of online scams—with a major one being programmatic ad fraud.
Recent reports show data center traffic accounts for 48% of all fraudulent traffic with other activities like location obfuscation and activity-based infiltration following the trail.
This recent trend in fraudulent data center traffic contributes to the $35 billion loss advertisers lose due to ad fraud yearly.
Another report from the World Federation of Advertisers (WFA) estimates loss to ad fraud to hit $50 billion by 2025. As you can see, fraudsters are not slowing down anytime soon, and the sooner you protect your ad, the better.
In this guide, we’ll cover all you need to know about data center traffic, and how you can protect your ads from fraudulent ones.
What Is Data Center Traffic?
Data center traffic is any traffic whose IP address shows it’s originating from a server rather than common devices like personal computers and smartphones.
For example, giant corporations like Amazon, Facebook, Tesla, Google, and Microsoft own some of the largest data centers we use in processing information.
By default, traffic from these data centers is not illegal or bad for your websites. Instead, they’re “bot-generated,” and make up 25% of the traffic distribution. But this takes a different turn with cybercriminals building and running their own data centers to hide their shady practices.
Among the several fraudulent activities these criminals run with data centers, programmatic ad fraud shows the most financial gain, running at a global cost of $65 billion to affected businesses.
How Traffic From Fraudulent Data Centers Work
The general setup of a data center is a network of servers, each having its IP address. Fraudsters can send out massive traffic out of their data centers with these addresses.
However, most ad fraud detection—and sometimes hosting providers, prevent multiple requests from a single IP address within a short period. But that was the old way, and fraudsters have evolved in their mode of attack.
Fraudsters purchase IP addresses from traders and brokerages for a few bucks off the black market or darknet with data centers. This gives them access to thousands of IP addresses for their next attack.
And here’s how they do it. Fraudsters will program their bots to direct the advertiser’s campaign traffic and run up fake impressions. Then, to avoid detection, the bot will switch to a new IP address for each visit to the campaign.
On the advertiser’s end, this shows up as legitimate traffic—meanwhile, it’s all fake, resulting in poor ROI on ad spend.
What Are The Effects of Fraudulent Data Center Traffic On Businesses?
Large-scale traffic from fraudulent data centers contributes to businesses losing $1.7 billion yearly to ad fraud attacks like:
A good example is the LeoTerra scheme in 2021 that falsified 20.5 million CTV devices per day by infecting the SSAI (server-side ad insertion) of major apps and accessing their inventory. This represents over 20 times more of the previous year and 40 times the average increase of the last three months.
Although DV, an ad-verification platform, shut this operation down in July of the same year, recent reports show 18% of unprotected CTV ads traded during the period of the scheme were from invalid traffic.
Another report from DV shows a 44% drop in bot scams, as fraudsters are moving to data centers in performing their spoofing attacks on a much larger scale.
These spoofing attacks use server-side ad insertion in creating fake CTV inventory across many devices, apps, and IP addresses.
Because of the complexity in differentiating real traffic from data center traffic, the MRC considers data center traffic sources non-human traffic. Hence, it renders non-human traffic invalid.
Before labeling all invalid traffic as fraudulent, there are two types:
- GIVT—General Invalid Traffic
- SIVT—Sophisticated Invalid Traffic
Types of Invalid Traffic
GIVT—General Invalid Traffic
Also called “known data center traffic,” GIVT is the least risky and is an accepted form of invalid traffic. Traffic from these sources runs in the background and scans for publicly available information on your website without mimicking human behavior.
Examples of GIVT include:
- Bots, spiders, and crawlers from search engines
- Known invalid data center traffic
- Pre-fetch or browser pre-rendered traffic
- Activity-based infiltration from campaign or application data
- Invalid ad placements
Overall, GIVT is based on measuring and improving the data it collects without inflating ad impressions.
SIVT—Sophisticated Invalid Traffic
The Sophisticated Invalid Traffic (SIVT) is traffic with malicious intent mimicking human behavior to trick advertisers into thinking its impressions are real. This type of invalid traffic is harder to detect because fraudsters use botnets to mimic actual humans through device fingerprinting.
Examples of SIVT include:
- Adware and malware
- Cookie stuffing
- Falsification of location data
- Fake bots and crawlers from unknown data centers
- Hacked user devices
Fraudulent data centers fall under SIVT as they inflate ad impressions and would often try everything possible to avoid detection.
For example, Aleksandr Zhukov, nicknamed the “King of Fraud,” and his accomplice, ran an ad fraud operation between 2014 and 2018, defrauding U.S. advertisers of more than $7 million in fake ad impressions.
According to the report, they used 650,000 IP addresses and 2,000 computers housed in several data centers in Dallas, Texas, Amsterdam, and the Netherlands to load ads on fabricated websites spoofing over 6,000 domains. This is just one of many cases of fraudulent data centers fueling ad fraud activities.
How To Identify Fraudulent Data Center Traffic
Detecting fake ad traffic from data centers can be tricky because the traffic is sometimes indistinguishable from real traffic. And manually going through your traffic analytics report may not yield a positive result. Below are 3 recommendations to detect invalid data center traffic.
Close To 100% Bounce Rate
Bounce rate measures how web visitors engage with your website before they exit. A higher bounce rate demonstrates little to no engagement. and a lower bounce rate is high engagement.
Fraudsters looking to target your ads with fake data center traffic will instantly visit and exit with no meaningful interaction. This shows the traffic has a high bounce rate since visitors aren’t engaging with your website.
You can attribute high bounce rate to poor website design, bad load time, or bad content quality. However, if you notice a significant part of your website is experiencing close to a 100% bounce rate, this may indicate invalid traffic, most likely from a data center.
Sudden Spike In Traffic
If you notice a sudden spike in traffic without reason, try investigating it. Let’s say you typically get 30,000-45,000 monthly visitors on your website. Then, out of nowhere, it spikes to 200,000 in one afternoon and drops back to 30,000. That traffic is most likely from data centers sending you a wave of invalid traffic.
Multiple Clicks From A Single IP Addresses
Data centers purchase many IP addresses to mask their location. Often, these IP addresses will visit a website, and click on ads multiple times within a short period.
If you notice anything like this in your traffic report, be sure to block the IP address or block the entire location it’s coming from.
Use Edgemesh’s Ad Protection Service
Running a marketing campaign puts you on every ad fraudster’s radar. Unfortunately, without the right ad protection service, your marketing budget might be going directly into frauders’ pockets.
At Edgemesh, we take website protection to another level by extending our services to your core marketing areas like ads. Our ad protection feature helps you block invalid traffic from fraudulent data centers so you don’t waste your marketing budget on traffic that won’t convert.
Thinking of running your ads but scared of invalid traffic? Get Ad Protection Services with Edgemesh Server!