 So hello everyone. My name is Ryan Talavis and my presentation is titled the Beaver Project. So this is a 101 on digital advertising and ad technology and ad fraud. So I work for Svilo. So we're a web categorization company. So we work with digital advertising. I work for FIRA as well. Then I did some work on honeypots and security analytics. So this will all like fold together after I go through this thing. So in any case, let's talk about our main topics. So we'll talk about first the business and currency of digital advertising. It's like why am I even talking about this? Why is this even relevant? Then we're going to go through like ad tech, the ecosystem. I can't go through like that much details with the ecosystem, but I will give you the basics like how to start off with the foundations and stuff. Because this is a very, very complex ecosystem. Then after that we'll go through like ad fraud. We'll talk about the taxonomy, the different types of ad fraud, such as like publisher based ad fraud, malicious and objectionable content, and of course non-human traffic and my pet project there, the Beaver project. So first, why are we even talking about this? So the business of digital advertising. Basically we are talking about this because digital advertising is big money. So the total digital ad spend is estimated about $60 billion this 2015. And it is estimated also that five years from now the digital ad spend would be about $100 million. So it is a big pie and a lot of different people would like a big chunk of those pie. So that's why this is a very, very important topic right now, like in ad tech and even in security. So let's talk about the currency of digital advertising. So digital advertising has several metrics, but one of the most important and primary metric is the number of delivered or served impressions. When I say impressions that's views. But the primary problem here is not all online ads are actually seen. So you probably understand like advertisers are obviously not interested really. They're not interested in paying for ads that were never seen obviously right. So here's the thing. Let's go through like the different metrics here. So when you start viewing an ad, you'll see first right, there's an ad there on the left hand side of the viewable impression. You see the ad and that's the viewable impression. So you have the clicks, which is the other one. Then you have the conversion and the conversion could be a purchase. It could be a sign up form and stuff like that. But what we're going to really talk about and focus in this talk is really the viewable impressions because that is really the primary metric that we're talking about. And if like the primary metric, if the impression is fraudulent in most cases, all the whole chain would be fraudulent. So that is basically the currency of digital advertising. What I'm going to go through next is like the ecosystem. So when I first moved to digital advertising, I came from security. And when I first came to digital advertising, someone showed me this. This is the loom escape of digital advertising. And when I saw that like, oh man, I don't know what to do with this. So it's very complicated. And well, we won't go through this today. So what we're going to go through is like a distilled version. So I actually made this, but I even distilled it more. We're going to talk about the main entities in digital advertising, which is the advertiser, the demand side platform, the ad exchange, the supply side platform, and the publisher. So this is my real 101 version here. So here's my 101 version. So first to think about is like the two ends of the spectrum. So the two ends of the spectrum is the advertiser, which are the ones who sell the product, and the publisher, who is selling the ad space, the media space. There you're like, it's your blog. It's like CNN. It's ESPN. And obviously the advertisers are the main product guys, like Nike, Ford, and all of those kinds of guys. So the advertisers would have, typically the big advertisers would have like advertising agencies like Mad Men stuff. So like here you have an advertising agency. One of the bigger ones is WPP. And then what happens here, they produce a concept. But in terms of digital advertising, the real important one is the demand side platform, the DSPs. So this is where really the magic happens. This is where the campaigns are made. It's very important because this is where you actually enter like targeting information. Like who do I want this ad to be served? Like what demographics, what location, and all of that stuff. So in the other end of the spectrum, you have the SSP, the supply side platform. So what the supply side platform is, is it manages the impressions that comes from the different publishers. And it all intersects in this ad exchanges. Think of the ad exchange as a marketplace, an auction place of these different impressions. And what happens is the DSP matches its criteria to all the impressions that are being sold. Let me give you like an example. Like for example, like Ford. Ford wants to do like an ad campaign for like say the F-150. So they wanted to do like a year-end F-150 campaign. So the advertising agency conceptualizes it. Then it goes to the DSP. So what happens there? Like okay, we want these ads to be shown at these particular times at, well, all devices. Then for only the United States, let's say that's their criteria, that's their targeting criteria. So for example, like my blog received the impression or a view from let's say the Philippines, like Manila. So it goes there, it goes to the auction house, and it sees like, hey, this impression is coming from Manila. Does it fit the criteria, like the bidding criteria? No. Like there's no F-150s in Manila. So what happens there is it gets rejected. And for example, something comes in, like hey, this impression comes from Colorado, from a mobile site. So it actually fits the criteria. So that's when the DSP starts the bid. And if it wins the bid, the ad is served. So that is really like general gist of what's happening in an ad exchange. So I know this is pretty high level and we can go there, we can go like into more detail, like after this, I'll just be walking around here if you guys want to talk to me about the ad ecosystem. But this is enough to start talking about ad fraud and all that kind of stuff. So one thing you might want to go deeper is like how do you actually like serve an ad? So here is a process of serving an ad. There's actually three things. First, make the campaign. So that's where the DSP part happens, right? DSP would usually have like a campaign management system. And this campaign management system will have like the ability to like add targeting information, which I will show you a little bit, like some screenshots, like bigger screenshots. So I think it's hard to see there. So with the bidding process also, the bidding process is what I told you guys about, about the ad exchange, where all the impressions are happening and where the DSPs and the SSP link together. Then if the bid wins, then the ad is served. So let me give you like some quick screenshots of like what campaign management system looks like. So you see here, you can actually define what your budget is. Then you can like set like different demographics, like what location you want this particular ad to show up. Then you can also like do a lot of things. You can actually pick what particular operating systems it should show up in, like what particular devices it should show up in, like all different platforms you can actually pick. So it's very good at these targeting. So just think about that. And then you can also do like all sorts of stuff, like contextual stuff. You can do keywords, topics, sentiment. So it's very, very like, very smart, very smart in terms of targeting. So next you can actually pick also what inventory, like what publishers to publish on. So it's very, very good at that. Then here's the thing, you can actually like, you can start uploading your creatives here. So you can actually like upload your GIFs, your JPEGs, and your flash files. So you're probably thinking, right? Like malvertising, redirects, targeting. So these you can do, like you can do all start stuff with this one. Like you can do like targeted attacks if you wanted to. But that's why like malvertising is so big now. But we're not going to talk, we're going to talk about like malvertising in a little bit. So I think that is enough for the background. We can talk now about like the ad fraud problem itself. So what is ad fraud? So it is the deliberate practice of attempting to serve ads that have no potential to be viewed by a human user. So basically like you're serving ads, and no one, and you're purposely serving ads that no one is seeing. So that is basically the definition of ad fraud. Though in the taxonomy it's kind of weird, but you'll see that later. So the problem, there's a lot of claims about how big and the extent of the problem is. So in some cases in the low end, they say that ad fraud and like fraudish impressions are about 13% at the low end and 60% at the high end. So what's the significance of this? If you think about let's use the low end, like the 13%. So if you think about it, the total digital ad spend is 60 billion. So even with 30%, that's about 7 billion, I think. So that is a pretty big chunk of the pie, right? So who's losing money? Obviously the advertisers. So a lot of people are saying, yeah, they have too much money anyway. But hey, that's a big chunk of change. So in any case, who are the actors? Who are actually like making money out of this? So obviously the ones who sell traffic. So they make money out of like generating traffic. And the next one, obviously who makes money in advertising? It's the publishers. It's like the blogs, the big websites and all of that stuff. So how do they make money? So if they purchase traffic, there's a cost there. And they get money from the advertisers. So they make money off of the spread. So in maybe two weeks from now, I'm releasing another paper called the economics of ad fraud. So I guess just wait for it and stuff. So what are we doing about it? So before I go through that, I want to introduce you to the interactive advertising bureau. So when I first started, when I moved to my new job in digital advertising, the first meeting I went to was the anti-malware group of the IAB. So the IAB actually develops industry standards for online digital advertising. So they are actually doing really good things. But honestly, it's a bit confusing. I was confused at first, especially with the ad fraud taxonomy. They have this cool list about ad fraud. Here's just a quick outline. And it had me baffled because some of it is crisscrossing and why is this actually ad fraud? So what I'm going to do now is actually distill this taxonomy into something a little bit simpler and a little bit more straightforward. So there are basically three main types of ad fraud. The first one is publisher tricks to increase impression count. We'll talk about that later. Second one is serving illegal or malicious content. The third one is using non-human traffic to increase impressions. So you see here, right? Two, the one and three, two of them are actually directly related to increasing impressions. So directly related for like generating money. But the second one is actually a little bit different. It's serving content. It's about serving the wrong kind of content. So let's go for the first one first. So the idea of publisher tricks to increase impression count is to make not really one ad impression, but make a few ad impressions look like more ad impressions. So how does that happen? So some of the prominent examples here are the hidden pixels. Yeah, one by one is an old one, but it's usually they term it like hidden pixels or ad stacking. Those are prominent examples. So how does that happen? Like for example, like I view one website and I see one ad, like that red block there, assume that's an ad. So you see one ad, but the publisher reports that I saw three. So that's how the publisher tricks work. Let me give you like some examples, like with the hidden pixels and the ad stacking. So typically you want to see this. So if you see this, you see three ads, right? So that is legit. That's correct. But for example, you see this, like hidden ads. So when you look at the page, like let's say you look at that page, you see no ads, but it is actually serving 10 or more. And why? Because they're embedding the ads or the webpage containing the ads and like these tiny iframes that you cannot see. So you're actually generating like a ton of impressions without anyone seeing the ads. So that's the general idea of these hidden ads. Then it's the same thing with ad stacking. You pretty much just stack the ads. So I guess you see this a lot in porn sites or something. So for example, you see one ad, then you don't know that there's other ads there. So you see one ad, but it's actually generating or serving, like let's say more, like 10 or more or something like that. So the thing here is like, you know, this is kind of effective, but you know, it's rarely seen now. Less than before. Because you know why? Because it's risky to the publisher. Because the publishers make money out of their site. And the publishers are doing this on their site. So it can be directly attributed to them. So they don't want that happening. So that's why this is a little less prevalent nowadays. These like publisher tricks to do this. So let's go to the next one. Oops, oops, oops. Okay. So serving objectionable and malicious content. So sometimes ad fraud doesn't directly mean increasing impressions. So though it could lead to that. So in this case, like the prominent examples are like serving malware. So like malvertising. Sometimes adware, but that's a gray area. Then scams like fraud, fraudulent websites and stuff like that. Then non-brand safe or objectionable. When I say objectionable, non-brand safe, these are serving ads that pertain to like violence, child pornography, hate and stuff like that. So there's also like cool categories regarding like objectionable categories that you'll see. So how does this work? Well, we just go back to our, like how ads are served. So for example, you were like a malicious advertisers. You wanted to like ascend like IRS scam or something through an ad. Then you just make the, you just make the correct campaign, like campaign setup in the DSP. And if you win the bid, you pretty much just like get all your ads through the publisher, which ends up in the user. So it's fairly straightforward. That's also what happens like when you talk about like malvertising as well. So that is the malicious content stuff. So I'll give you some examples. So when I started like doing research on this, I was looking at an ad network. I was looking at the inventory of an ad network. And well, needless to say in some ad networks, the inventory, like the publisher inventory is like very dirty. So you see here, like they were serving malware. There's tons of adware. Here's the thing when I say like some cases, like even if you serve like like illegal content, it could actually generate more like more impressions such as adware. Then like here's an interesting thing like scams and stuff. And the power of like targeted advertising is, oh, it's too small. Like for example, in that very left hand side, the square in the lower left, I actually like loaded that in our Manila office. So the interesting thing is like I got like a fraudulent like Scamish website that's directed to the locale. So you see there it's in pesos and all the department stores there are actually like in the local area. So it's really smart doing it this way like sending your malicious stuff through ads because you can actually target specific demographics. So that's what's really cool about that stuff. So now we can start talking about non-human traffic. So most of the time when you talk about non-human traffic, you think about bots and it really it is bots. But in some cases it gets lumped in like some other stuff gets lumped in some gray areas. And it's not actually bots, but actually like human impressions that are kind of low quality. So I'll show that to you guys in a little bit. So let's talk about non-human traffic. So what is the best way to investigate this? So when I started this, the best way to investigate this was actually start buying traffic as well. So that's what I did. So the two main questions that I wanted to answer is what is purchased internet traffic made of and can I buy internet traffic and get away with it? So that's the start of well the Bieber project. So the Bieber project is really it's all like just a ton of Bieber blogs that I made that are basically honey pots. So that's really it. And I did not make the content by myself. So I just grabbed it from different sites, but I had a ton of them. So anyway, so the idea here is to like buy purchase traffic and purposely direct those fraudulent impressions in those blogs. And in those blogs actually have like like means to record the impressions and what particular types of characteristics and attributes that I wanted to get. And then I collected the information and did the analysis. So I said collected, right? So I used a lot of JavaScript and I use a lot of like server sized script and combined it and you can get a lot out of a browser using JavaScript, right? There's a ton of stuff that you can get. And that's really what I used to figure out. Like what is this traffic actually is? And I just stored the data for analysis and just went through it. Then next is the fun stuff. I started buying traffic. So initially I was thinking like, oh, this might be hard. Like where do I buy traffic? Because like unlike like like for example, it's like hard to get like typically it's I thought it was going to be as. Difficult as getting like malware. But no, it's actually really easy. So there were a ton of vendors that I found like selling traffic. And these are just one of the few I probably like I use 30 for this experiment. And there's also like traffic marketplaces out there where you can buy all sorts of stuff. So not only internet traffic, not only impressions, but you can buy like YouTube views, YouTube likes, YouTube subscribers. Twitter followers. And actually like I spoke in the DEF CON kids this morning, that other one, the Roots Asylum, it was a little what I presented was a little bit different. It wasn't ad tech. So so I did like an experiment. So I had I had a Twitter account. So I opened that like maybe a long time ago when I started like because I gave a talk here in DEF CON. And I think it before and I think I needed a Twitter account. So I had that Twitter account like open for four years. And I had 21 followers for four years. And a few days ago I started buying followers. And now I have 4,000 followers. Impressive. So anyway, so so enough about that. So that's off topic. So traffic marketplaces. And now let's talk about like what is purchase internet traffic made off. So well, bots really, like most of it. So how do you know, as I mentioned, like the clues are actually in the impression itself. Like you grab it using JavaScript or some server site code and you just analyze it. So there are a lot of clues. And you know, right? Like browsers can leak a ton of information about you, about what you're doing. And all you need is like some quick JavaScript. Honestly, I'm not a JavaScript guru or anything like that. I was just using like like like W3C stuff. So anyway, so, so you can look for suspicious informations. For example, like plugins. Does it have plugins? Like a lot of bots doesn't have plugins. There's a plugin match what the browser is and all of that stuff. Mind types, screen attributes. Does it even have screen attributes and window attributes? How big is the viewport? Is it giving you like the correct viewports? Product identifiers are all the product identifiers matching. So does it look like that it's actually saying that browser is actually what it's saying it is? Navigator, location attributes, frame rates. Does it even have like a frame rate? Like a frame rate, the animation frame rates, right? Like is it even rendering JavaScript? So there's a ton of stuff that you can look at and determine whether it's like non-human traffic. And of course, user agents. But as you all know, like user agents are very easy to forge and stuff like that. But you know, oh, these are just like the clues, like sometimes like all the stuff that I've collected. But sometimes the clues are really obvious. Now, when I started buying like internet traffic, the cheapest one I noticed didn't even care to mask the traffic that it was like bots. So it was like plain sight in their user agents. So the cheaper you get, the more bots and cheaper bots you get. So not all traffic are made equal. So I say like, this is actually like inaccurate. It should be like weaker approaches and like smarter approaches. So what are the weaker approaches? Well, you use traffic generators. So there's a ton of traffic generators out there that you can buy. You can purchase traffic, right? But why not generate the traffic yourselves? So you can use like traffic generators. So there's a lot out there and I won't really like go through each one of them. And the thing is like I made like a summary of all of this. Yeah, so I'll stop here. Like the custom stuff. So you can actually like do custom stuff. And it's too small there, but you see like a lot of these custom stuff are actually made by like through like UBOT Studio. I'm not sure if anyone is familiar with UBOT Studio, but it's an awesome software. It's not malicious. It's actually a legit software. And what you use it for is for webmasters to help facilitate like automating stuff in their websites. Like logging in, doing stuff, posting stuff. But you know, all good things can have like a bad aspect as well. And you can also use this to like create followers. Click on likes, create subscribers and all of those stuff. So you can like pretty much manipulate that. But really it's like the auto it of internet bots. So it's really like very, very useful. And it has like a scripting language and all of that stuff. So you'll see a lot of the bots that they're being sold is actually made out of like UBOT Studio. So traffic generator statistics. What are the important things to look for if you are buying a traffic generator? So obviously it has to be able to like click on links and click on selected areas. Then delays are very important because you can't have just bombarding like the website, right? Then obviously changing user agents is very important as well. Custom referrers are important. If you're not like CNN or something where you can just type it in directly in your browser, like for example you're like a blog, like a known blog. And you have like suddenly you have like millions and millions of impressions and you don't have a referrer. That is kind of suspicious, right? So usually you'd want to have like a referrer from a search engine and stuff like that. So you like someone found your site and went to your site. So that's some of the important things with traffic generators. Obviously proxy support is also very important because like you can't have your traffic coming from one IP. But here's the problem also with the IP proxy stuff. Like a lot of the one of the main things that like for interactive advertising Bureau IVs is like purporting, is like having checking like proxies. And a lot of the proxies you can like scrape from a lot of like different sites. So it's a race whether the good guys know the proxy address and versus you. So that's the challenge there. So but sometimes it is a little bit trickier so you can do like a more trickier things. So let me tell you about Jingling. So Jingling is actually a traffic exchange software. And it's in Chinese but there are like tutorials out there to like know what the buttons mean. So I'll tell you more about Jingling, which is pretty cool. So traffic exchange 101. So here, for example, I installed Jingling in my computer. So but the thing is like Jingling, it won't visit my website. Because if it visits my website, it's just pretty much a traffic generator, right? Jingling actually like visits other people's websites. And when you start visiting other people's websites, you generate tokens. And the more tokens you have, the more other people's computers that have Jingling installed, visits your website. So that is the general idea of like how Jingling works. So as you see, there's like traffic exchange. And you don't have to think about proxies because it's actually coming from different computers already. So that's the neat thing about Jingling. So let me show you some like a quick video of the Jingling stuff. So what I'll do is like I won't run the whole video. I mean like I'll just do like manual fast forward stuff. So here is Jingling on. Oh, it's not showing up. How does this work? It's not showing up. Maybe, maybe. Oh, there it is. There it is. Oh my. This is. Oh. Oh. Oh. Oh. Oh. Oh. Maximize. Oh, this is going to suck. Oh my. Oh, no. I'll drag it over. Yep. There, right? So I'm releasing. I'm releasing the thing. Oh, oh, it works. Oh, that embarrassed me. So where's that, that thing that, how do I actually like find the, oh my God. Thank you. Unfortunately, this is going to be really difficult for me. Okay. So let me go through this and yeah, it is going to be a little bit difficult. So yep. So you see there on the right, that's Jingling and I have like Warshark open. So let's go through this. So yes. So it's running. So started Jingling, added my site. So you see like Warshark is already running and I'm visiting like sites already. So this is my Bieber blog and you just see like these are my logs. So these are my website logs. So let's go. Let's continue. Let's continue. And you see here, I'm already receiving like impressions right off the bat. Let's go. So Jingling has started like a spawning process and it is very resource intensive. It actually like eats a lot of resources you'll see here. It's already connecting like to different IP addresses. And you see here like it's pretty much spiking my memory. And I have it at low priority actually. So lots of resource utilization. So let's see what's happening in the network. So it's already visiting a lot of sites. I'll have like some stats for you at the end of this. So there you go. So traffic on my computer is very busy. You see there in the on the left hand side with Warshark. It's really like like like banging away. So here's my logs and continually going stuff. And here's the interesting stuff. One of the main things that they told me with Jingling, one of the weaknesses is most of the traffic actually comes from China. But you know like in my most recent ones. No, it's actually coming from all over the world. And I don't have like actual stats, but in my sampling. Most of it is it's not really like all China and it's not majority even. So I'm getting like a lot of stuff here that stuff. So it's still working. Oops, I can't find it. There you go. So let's so so at this point like there's like already like a ton of Jingling processes there is very busy. Yep. So let us generate some stats now. So I'm generating the stats off Warshark. So here's the interesting thing here. So so what happened here? Like like I ran it for 30 minutes, just 30 minutes. So for 30 minutes, I generated 4000 HTTP requests from my computer alone. So so it's a lot and like I probably visited about 300 to 400 unique websites. So it is a lot of stuff. You might be wondering how much impressions did I get for that 30 minutes? I only got about 200. So it's not fair, huh? So I am actually like generating way more that I am getting. But still still like if you look at the impressions, they look like pretty quality impressions. And it's all over the world. So it's kind of useful. So next, let's move on. Oh, okay. We're done with the Jingling stuff. Oh, that's. Oh, oops. There then of course there is malware as well. So this is like the one of the last NHD stuff that I'm going to like show you guys. So the problem here is I have another video. So next, let me open the stuff for my adware video. Okay, let's move it here. Oh, it's not working. There you go. View and your screen. There you go. Here we go. So same with the Jingling stuff. I'm going to just forward it manually. So I will tell you about like the characteristics of a malware that does ad fraud. So let's go through here. So one of the first things you'll notice is you'll sell them notice anything. Just as with all types of them like malware is very like subtle. So let's go through it. But sometimes you do notice some funky stuff. Suddenly like like for example there, like just a pop up from a webpage came out. So where is it coming from? You're probably like I have an idea already. So the pop ups are actually coming from hidden windows like hidden browsers running in the background. So the malware is actually using your browser with your plugins with your mind types. Exactly like you're in and working like and running it off like in the background but just hidden. So that is very smart actually. So these are the like you probably see there the hidden windows already the next. Here's the funny thing though like like sometimes I have 10 minutes. So the funny thing here is like in some cases like what you see is you see clues like suddenly like if the malware author. Like makes a forgets to like mute the volume suddenly you're working and suddenly like an ad would play. And like you'll see that you'll hear the audio and but there's no like ad anywhere and there's no video anywhere. So that's when you'll see there. So let me make this a little bit faster since I have a 10 minutes already. So here as I mentioned like it hijacks the browser. It's very smart if you hijack the browser because you're using your piggybacking off the user actually. The user's browser. So it's very hard to like actually like fingerprinted as malicious because you're actually like piggybacking off the user's browser. So that's why it's like really smart. And aside from that what's really smart about some of the user's browsers. It actually generates scrolling behavior and mouse behavior. You see the scrolling there right. But the mouse behavior is not too obvious. But that's the other thing because in some cases you try to detect non human traffic by checking user events and user engagement. So they try to bypass this use by adding like some user movements. So let me end that then. So you can do like trends analysis to catch those. You can do machine learning and like pattern matching. And as I said you can do like user events and engagements humans in general are have my more purposeful purposeful pattern. Like they go from element to element. They have smoother movements mixtures of events and pauses. So I actually had like another video but I won't be showing that but I have like something here. Like the actual like my Bieber websites actually track the user engagements. So it's able to actually like like track like what element you hovered in how long you hovered in the element. What is your what if even if you highlighted the text like what text are you highlighting how long you're staying there what clicks you are doing. So it actually like gets way more because like some of the like malware they're very like jerky like they just like do a program scroll than a programmed mouse movement. So there should be like ways to look at other stuff. So as I mentioned there are gray areas here. Not all in NHD. Not all like traffic are made of bots. So here's the gray area. So in some cases when you buy traffic like the traffic vendors will actually put your website in other high traffic websites and serve it through frames pop unders and pop ups. And and a lot of like verification services miss that they all almost a lot of them will say like it's all bots but sometimes it's not. Sometimes it's human but low quality. So in this case like for example in one of the things that one of the vendors I looked at 70% of all the traffic came from like one pixel. Then other things is like a windows are not active windows usually this is indicative of like pop unders. So pop unders are actually a gray area because it pop unders it pop under. But it's it's difficult to say whether it was seen or not because it takes like human interaction to actually see a pop under. So can I actually buy internet traffic and get away with it. So first well if an advertiser know what to look for like the attributes I was telling you guys about yes you will get caught. But if not you will not get caught. And another thing that I discovered when like paying for like all this internet traffic is you get what you pay for. So lower prices you really get bots with the higher prices when you start buying traffic you'll get frames pop ups and pop unders. How much time do I still have so I don't have any more time of five minutes so I will just do like a quick wrap up. So we talked about like the business of advertising right so so the important thing to know there is like yes it is a very important field to start going into. Like as I mentioned it is a $60 billion industry right now and just it's just keeps on growing. And there is like a lot of stuff that you can like like figure out there. The next is the ecosystem. Remember important things publishers advertisers you have the demand side platforms where you do the campaigns and supply side platforms which manages the impressions. And you have the ad exchanges which are which are basically the the marketplaces for these impressions. And finally you have the publisher fraud you have the malicious content serving and the non human traffic. So that is it for me. So if you like my presentation please visit us at vello.com. So I would like to mention my books. It's totally unrelated to ad fraud or ad tech but please check it out anyway. So with that like I'll just be here if you have like any questions I'll be walking around. Thank you very much.