Danish adtech company Adform says it has uncovered “one of the largest bot networks to be discovered in digital advertising”. ‘HyphBot’ is a highly sophisticated ad fraud operation responsible for millions of false impressions, according to the company.

They also say the scheme was netting as much as $US1.2 million a day.

Some of the world’s premium media brands have been caught up in the scam, as have Australian publishers like News Corp and Fairfax Media, along with television network Nine. Realestate.com.au was also targeted.

“HyphBot was generating up to 1.5 billion requests per day and it generated fake traffic on more than 34,000 different domains, including premium publishers, and more than a million different URLs,” according to Adform.


Download Bridging the AdTech and MarTech Divide today.


The discovery is detailed in a company white paper, How Adform Discovered HyphBot. The paper is based on a two-month investigation following the initial discovery in August.

The operation uses domain spoofing to scam advertisers and publishers out of potentially hundreds of thousands of dollars per day by creating fake traffic. According to Adform, this included premium inventory sites like The Economist, CNN, The BBC and Apple.

Infected devices and browsers created a network of bots which generated fake traffic. More than half a million mostly American IP addresses were accessed and produced the non-human traffic, according to the authors.

However, Adform doesn’t know the full extent of the infection of the computers and browsers that HyphBot utilised.

The main inventory target was video representing over 90 per cent of the false impressions, according to the report.

An analysis of IP addresses revealed 1.7 billion requests came from the United States, 6.8 million fro the UK and 2.4 million from Canada. According to the authors, ‘A lot of this traffic could have been avoided if most industry players were using Ads.txt.”

However, they do concede the strategy “does not guarantee fraud free”.

A similar point was made by Method Media Intelligence ad fraud specialist Shailin Dhar earlier this month.

Dhar told Which-50, “The ads.txt has merit in that it’s a great thing to have publishers list out who they work with. It does not address the fraudulent traffic problem. All it helps us with is knowing that an impression was either spoofed, resold, or injected by adware.”

According to Jonas Jaanimagi, Executive Consultant IAB Australia, “This Hyphbot story only highlights the importance the entire industry committing to the IAB’s ads.txt solution. Criminals running illegal domain-spoofing activities such as Hyphbot and Methbot, can be immediately shut down by all publishers aggressively adopting and accurately maintaining the details on the ads.txt files on their domain.”

He described ads.txt as a simple yet elegant solution that protects everyone. “But it can only work as a result of mass adoption by media sellers coupled with a commitment to usage by all programmatic media buyers.”

Adform recommended DSPs and SSPs check their data warehouses for the suspicious patterns and cookie requests outlined in the white paper. It’s also necessary to contact all networks sending traffic from these patterns, the authors said.

“If networks are not transparent about their source, we suggest you shut them down. There needs to be a real cost of doing business with fraudulent players.”

Previous post

Marketo suffers second major outage this year

Next post

Man Vs Machine: When and Where Digital Channels Work