A newly revealed ad fraud bot is taking advantage of large unaudited ads.txt files, impacting billions of video advertisements and stealing millions of dollars from advertisers, according to ad verification company Integral Ad Science.

IAS says the bot, known as the 404bot in reference to its domain spoofing, has existed since at least 2018 with its activity fluctuating each year. The company says a conservative estimate of the 404bot’s impact to date is over 1.5 billion ads impacted, generating fraudsters at least $15 million.

Current activity levels are relatively low but the fraud detection company revealed 404bot for the first time this week and warned activity could spike again at any time. Already it has affected high and low profile domains, according to IAS, which has alerted its own clients but will not disclose the affected domains publicly.

Source: Integral Ad Science.

Most of the impacted traffic is served on US IP addresses but some Australian sites have been affected, according to IAS.

The company regularly discovers and monitors bot activity but rarely reveals fraud schemes publicly to “reduce unnecessary panic in the ecosystem”. 

“But with 404bot, we felt differently; the botnet has been too active for too long with no clear signs of it being shut down,” a whitepaper released this week states. 

“We decided to make our collected botnet knowledge public in order to allow other players in the ad-tech ecosystem the opportunity to clean up their inventories.”


 404bot is designed to bypass ads.txt – the online advertising industry’s solutions to the practice of domain spoofing, where fraudsters infect devices and use them to generate billions of ad calls to fake URLs where low quality or fake inventory are passed off as regular, verifiable websites; with fraudsters collecting the ad revenue.

The bot is used only on Chrome on Windows exclusively.

The bot is able to bypass several domain spoofing preventative techniques but could be largely stopped if proper ads.txt practice was followed, according to IAS, which is calling on an industry-wide approach to a solution.

“The 404bot has been active since 2018 and its unchecked growth now warrants industry action,” said Evgeny Shmelkov, head of the IAS Threat Lab. “Publishers have done an excellent job in implementing Ads.txt but what we are learning from this bot is that it is crucial to continuously audit and update Ads.txt files.”

Previous post

Salesforce co-CEO steps down, Benioff makes a $1 billion acquisition

Next post

Business warned to conceal their cybersecurity insurance as ransomware attackers look for bigger paydays

Join the digital transformation discussion and sign up for the Which-50 Irregular Insights newsletter.