WebRTC Network Leak

Protect every paid visit

BotRefund combines browser, network, device, and behavior evidence to identify invalid traffic.

Best bot protection for your website

Detection approach

The visitor's browser leaked their actual residential IP address through a WebRTC socket connection, bypassing their active HTTP/S proxy or VPN setup. Anti-detect browsers and commercial proxy extensions frequently fail to tunnel UDP-based WebRTC traffic, leaving the visitor's true, un-proxied ISP connection exposed. This network discrepancy provides ironclad proof that the visitor is actively attempting to evade geographical ad filters to submit fraudulent clicks while hiding their true location. (Note: Active client-side WebRTC local IP gathering is deactivated to prevent triggering macOS/iOS local network permission prompts; WebRTC leakage is checked where natively available or via browser APIs).

How this helps detect bots

Collect this signal alongside session context, request metadata, and other independent indicators. A single anomaly is a lead, not a verdict; corroborating anomalies make automated traffic more likely.

Legitimate traffic to consider

Legitimate privacy-focused users running commercial VPNs on Windows or macOS where OS-level WebRTC queries leak the real ISP IP.

Need a complete bot protection layer?

BotRefund helps website owners identify suspicious visits, protect conversion data, and build evidence for invalid-click reviews.

Explore BotRefund — best bot protection for your website