PureGuard is server-side bot detection built for pop, push, and native media buyers. 13 detection layers. Under 15ms decision speed. No JS tags. No pixel fires. No false positives.
“Can I PROVE it’s a bot?” — not “is it suspicious?”
A single weak signal never blocks traffic. PureGuard requires multiple converging pieces of evidence before making a block decision. One missing header is a data point, not a death sentence.
Every click gets a 0–10 trust score built from positive and negative signals. Borderline traffic is analyzed carefully, not killed on sight. The threshold is tunable per source.
The goal is finding gold zones vs trash zones. Bot detection is the means — zone intelligence is the end. No competitor offers zone-level quality scoring like this.
No JavaScript tags to load. No client-side latency. No pixel fires. PureGuard reads HTTP headers and fingerprints server-side, before the redirect even happens.
Competitors charge $3,000–$50,000/month. PureGuard is built for media buyers running $0.50–$1.00 CPM pop traffic. Enterprise-grade detection at a fraction of the cost.
Zone verdicts come from real Guard data: accept_rate, average trust score, hit volume. No statistical pattern matching without hard evidence to back it up.
Every click passes through all 13 layers in sequence. Hard kills exit immediately. Trust scoring layers accumulate evidence.
Cross-references every IP against FireHOL Level 1 — a curated list of 4,500+ known malicious IPs from botnets, scanners, and attack infrastructure. Updated every 6 hours via kernel ipset for zero-latency lookups.
22,000+ IPs flagged by the CrowdSec community intelligence network. Real-time threat sharing from thousands of servers worldwide. Kernel ipset integration for sub-millisecond matching.
Matches against 30+ known bot signatures: Puppeteer, Selenium, PhantomJS, curl, WebDriver, MauiBot, DataForSeoBot, and headless browser fingerprints. Pattern-based with zero false positives.
Chrome version numbers above 160 do not exist. Any UA claiming Chrome/161+ is a lazy bot that didn’t check the current release. Instant kill, zero ambiguity.
W3C-spec aware. Chrome 110+ legitimately sends .0.0.0 build numbers (privacy feature). But Chrome <110 with .0.0.0 is a spoofed user-agent — real old Chrome always sent full build numbers.
Detects rapid-fire clicks from the same IP within a configurable time window. Uses APCu in-memory cache for microsecond lookups. No database overhead, no disk I/O.
Identifies crawlers from ad verification companies: Pixalate, DoubleVerify, Snobi, Criteo, and other ad fraud detection bots that inflate your click counts without converting.
Sec-Fetch-Site, Sec-Fetch-Mode, and Sec-Fetch-Dest are browser-enforced headers that cannot be forged by simple HTTP clients. Missing: −2.0. Valid navigation: +1.0. Invalid combination: −0.5.
Checks IP against 50+ known cloud/datacenter ASNs (AWS, GCP, Azure, DigitalOcean, OVH, Hetzner, Vultr, Linode). Uses MaxMind GeoIP2 ASN database. Datacenter: −1.5. Residential: +0.3.
Chrome 89+ must send Sec-CH-UA Client Hints. Missing Accept-Encoding is abnormal. Connection: close is a bot fingerprint. Each inconsistency adds negative trust weight.
Source-aware referer pattern checking. Each traffic source has expected referer behavior. Empty referer from RTB sources gets −1.5 penalty. Context-dependent, not blanket rules.
Chrome 80+ uses HTTP/2 or HTTP/3 exclusively. A request claiming Chrome 131 but arriving via HTTP/1.0 is a clear bot fingerprint. Penalty: −3.0 (strong signal).
MaxMind ASN lookup identifies hosting providers. Additionally detects 12 known residential proxy ASNs (Luminati, Oxylabs, Smartproxy, etc.) that bots use to appear residential. Hosting: −2.0. Resi proxy: −1.5.
Every click starts at base 5.0 and accumulates positive and negative signals. The final score determines the verdict.
Same User-Agent, different verdict:
Chrome 131 on a mobile ISP in Thailand with valid Sec-Fetch headers → trust ~6.8 ACCEPT
Same Chrome 131 UA from an AWS IP, no Sec-Fetch headers, HTTP/1.0 → trust ~0.5 BLOCK
The UA string is identical. The surrounding evidence is completely different. That’s why trust scoring works and binary UA matching doesn’t.
Bot detection is the means. Zone intelligence is the end.
Every traffic source has hundreds or thousands of zones (publisher IDs). Some zones deliver 95% real humans.
Others deliver 95% bots. The difference between profit and loss is knowing which is which.
PureGuard aggregates Guard verdicts per zone — accept rate, average trust score, hit volume, bot evidence patterns,
device fingerprint diversity, conversion data — and produces a quality verdict for every zone, updated every 10 minutes.
Result: A ready-to-paste blocklist and whitelist for every traffic source you run. Export as CSV, flat text, or use the API. Updated every 10 minutes. No manual analysis needed.
Where PureGuard sits in your traffic chain.
Log all Guard decisions without blocking anything. See exactly what PureGuard would block before you flip the switch. Perfect for validating detection accuracy on your specific traffic sources.
Active blocking. Bots get redirected to dump URLs. Clean traffic reaches your money URLs. Zone blocklists auto-generate and update every 10 minutes.
Score traffic before you pay for it. Not after.
The traditional RTB flow burns money on bots:
Guard scores the bid request before you commit:
Built different. Built for media buyers, not enterprise marketing teams.
| Capability | PureGuard | ClickCease $150/mo |
Lunio $500/mo |
HUMAN $50K/mo |
|---|---|---|---|---|
| Pop/push traffic support | ||||
| Zone-level intelligence | ||||
| RTB pre-bid filtering | ||||
| Server-side (no JS tags) | ||||
| Auto zone blocklist | ||||
| Auto zone whitelist | ||||
| Detection layers | 13 | 3–5 | 5–8 | 20+ |
| Decision latency | <15ms | 100ms+ | 50ms+ | <10ms |
| Threat intelligence feeds | ||||
| ML behavioral analysis | ||||
| Free tier | 100K checks |
Why competitors don’t work for media buyers: ClickCease and Lunio are built for Google/Facebook advertisers — they use JS tags and client-side detection that doesn’t work with pop/push traffic. HUMAN (formerly White Ops) is enterprise-only at $50K+/month and doesn’t offer zone-level intelligence. None of them understand the media buying workflow: zones, blocklists, source-specific tuning, or cheap traffic economics.
From production traffic across pop, push, and RTB sources.
What’s coming next to the detection engine.
Connect your traffic source, enable Shadow Mode, and watch PureGuard score every click in real time. No code changes. No JS tags. Takes 2 minutes.