Types of invalid traffic detection, as defined by Pixalate, are reported within the Analytics and Threat Intelligence product solutions.
| IVT Class | IVT Type | Definition | Recommendation | |
|---|---|---|---|---|
| SIVT | App Spoofing | Traffic, where the app identifier (e.g. bundleId) reported to the exchange, does not match the characteristics of the app detected by Pixalate. | Tends to aggregate at the source / seller ID. Usually the source can be identified using Analytics dashboard reports | |
| GIVT | Auto Reloader | Impressions with very periodic patterns cannot be generated by a human. | Best addressed by Pixalate 's IP, Datacenter, or Device filtration lists | |
| GIVT | Blank User Agent | The impression has an empty User Agent field. | Do not bid on inventory where a user-agent field is not available | |
| SIVT | Click Farm | An impression originating from a user who has been flagged as being associated with human click farm activity. | Best addressed by Pixalate 's IP, Datacenter, or Device filtration lists | |
| SIVT | Cookie Stuffing | Activity from a cookie that has connected to the internet via a statistically significant inflated number of different IP Addresses. | Best addressed by Pixalate 's IP filtration list. | |
| GIVT | Datacenter | The User’s IP has a match in the Pixalate known Datacenter list. | Best addressed by Pixalate 's Datacenter filtration list. | |
| SIVT | Datacenter Proxy | The impression is from an intermediary proxy device, running in a datacenter, that exists to manipulate traffic counts, pass non-human or invalid traffic or fails to comply with protocol | Best addressed by Pixalate's IP risk lists and filter IPs flagged as datacenterProxy | |
| SIVT | Defased App |
Traffic sourced from mobile apps that have been delisted from their respective app stores.
|
Best addressed by Pixalate 's Delisted App filtration list.
|
|
| SIVT | Device Id Stuffing |
Activity from a unique device id that presents itself as a statistically significant inflated number of different IP addresses, unique apps, branded platforms, and/or locations. |
Best addressed by Pixalate 's Device ID filtration list. |
|
| SIVT | Display Click Fraud | Clicks that are generated from the same browser or device at a statistically significant inflated rate. | Best addressed by Pixalate 's IP and Device ID filtration lists. | |
| SIVT | Display Impression Fraud | Impressions that are generated from the same browser or device at a statistically significant inflated rate. | Apply frequency capping and best addressed by Pixalate 's IP and Device ID filtration lists. | |
| SIVT | Doorway Site | A user which has been flagged for accessing a given page or domain via multiple spoofed page referrers. | Best addressed by Pixalate 's IP filtration lists. | |
| GIVT | Duplicate Clicks | High volumes of duplicate clicks may indicate an integration issue. | Work with Pixalate Ad Ops to resolve any potential integration issues | |
| GIVT | Duplicate Impressions | High volumes of duplicate impressions may indicate an integration issue. | Work with Pixalate Ad Ops to resolve any potential integration issues | |
| GIVT | Fast Clicker | Activity originating from users which generate clicks less than one second apart from their respective impression. | Best addressed by IP, Datacenter, or Device filtration lists | |
| SIVT | High CTR Traffic | Traffic associated with domains or apps demonstrating high-risk CTR behavior. | Best addressed by high risk domain, high risk mobile app, or IP list. | |
| SIVT | High Risk App | The impression is from an app that has been flagged for a high risk of invalid traffic. | Best addressed by Pixalate's high risk app data feed. Alternatively, block inventory flagged as highRiskApp as soon as you observe such apps in your dashboard reports | |
| SIVT | High Risk SCO Node | This form of IVT is flagged when an SCO includes a High Risk SCO Node. ie, the impression has an SCO Node that has been flagged for a high risk of invalid traffic. | The Supply Path Optimization Data Feed can help identify problematic nodes for pre-bid blocking. Your Customer Success Manager can also help you identify problematic nodes via SCO reports in the Analytics dashboard when applicable. | |
| SIVT | High Risk Developer | An app that belong to a developer that has created one or more blacklisted apps, and which also generates a large volume of invalid traffic. | Best addressed by high risk mobile app, or high risk CTV app lists. | |
| SIVT | High Risk Device ID | The impression is from a device ID that has been flagged for a high risk of invalid traffic. | Best addressed by Device filtration list | |
| SIVT | High Risk Domain | The impression is from a domain that has been flagged for a high risk of invalid traffic. | Best addressed by the domain filtration list | |
| SIVT | High Risk IP | The impression is from an IP Address that has been flagged for a high risk of invalid traffic. | Best addressed by IP filtration list | |
| SIVT | Hijacked Session | Activity originating from a device or browser has a statistically significant inflated number of user sessions. | Best addressed by IP or Device filtration lists | |
| GIVT | IAB Crawler |
Activity originating from bots that use a User Agent string which matches a User Agent on the list of IAB known crawlers. Self-Announced Prefetch Traffic While Pixalate's gateway and detection logic appropriately accounts for both pre-render and pre-fetch traffic (& reports impressions via a 'begin-to-render' impression recording approach), Pixalate's 'iabCrawler' GIVT type includes any instances of self-announced pre-fetch activity (e.g., X-moz: prefetch, X-purpose: preview). |
Pixalate's User-Agent data feed contains known crawlers |
|
| GIVT | IAB Dummy Bot | Activity originating from bots that use a User Agent string that does not match any existing browser. | Pixalate's User-Agent data feed contains known dummybots. | |
| GIVT | idioBots |
Bots (or users) that change their User Agent string (spoofing), while keeping the same cookie. Enhanced Illogical Placement(s) Dimensions Detection GIVT detection logic includes mechanisms to further detect and account for illogical placement dimension, which are inappropriate for trafficked ad creatives in accordance with the Interactive Advertising Bureau's (IAB) Standard Ad Portfolio (July 2017 – VERSION 1.1). Measured traffic reflected in illogical placement dimensions (e.g., 0x0, 1x1, etc.) is now flagged and reported via Pixalate's 'idioBots' GIVT type. |
Best addressed by using user-based data feeds (IP, datacenter, or device). UAs might be valid (i.e. not crawlers) but spoofed. |
|
| SIVT | IP Obfuscation | An IP that has been spoofed such that the impression is rendered to a different IP address than the one originally offered | This can be a misapplication of cookie storing at the proxy level. This could be resolved by rejecting the Pixalate cookies being set at the proxy level. | |
| SIVT | Location Obfuscation | Activity originating from an IP where multiple impressions deviate from the geographic location that is reported in the advertising transaction. | Usually aggregates at the publisher level, or publisher and traffic source (e.g. seller Id) level. Device Id and IP blocklist can also help. | |
| SIVT | Malware | The impression is from domains or pages known to host malware. | Malware domain list can mitigate this. | |
| SIVT | Masked IP | The IP of a user does not match the IP and the associated ISP reported in the advertising transaction. | Masked IP can be mitigated using publisher level identifiers that are high risk. | |
| SIVT | Masked iCloud Relay IP | The IP of a user does not match the IP and the associated ISP reported in the advertising transaction, and the reported IP was claimed to be an iCloud Private Relay IP address. | Best addressed by Pixalate's high risk IP list and blocking sellers where this traffic type is aggregating. | |
| SIVT | Phishing | The impression is from domains or pages associated with phishing tactics. | Phishing domain list can mitigate this. | |
| GIVT | Private IP | The IP Address associated with the ad impression is from the private network space. | Indicates some kind of integration issue (e.g. server to server). | |
| SIVT | Proxy | The impression is from an intermediary proxy device that exists to manipulate traffic counts, pass nonhuman or invalid traffic or fails to comply with the protocol. | Review proper implementation of proxy services including SSAI. This can also be addressed by Pixalate's datacenter and IP datafeeds. | |
| SIVT | Publisher Fraud | Publishers operating domains or apps which violate standard ad serving practices including, for example, stacked ads, high ad density and inflated impression counts. | This can be mitigated using the publisher level blocklists. | |
| SIVT | SCO Unauthorized Direct Seller | This form of IVT is flagged when the SCO includes an Unauthorized Direct Seller; meaning the ads.txt or app-ads.txt file does not list the seller in the first node of the SCO as DIRECT. | Ensure that the seller on the first node is identified as a DIRECT seller via the publisher’s ads.txt or app-ads.txt | |
| SIVT | SCO Unauthorized Direct Seller Publisher Missing | This form of IVT is flagged when the first node of the SCO does not point to a publisher. | Work with the seller to check they are passing the correct info, and that their sellers.json correctly identifies their relationship with the publisher as direct. | |
| SIVT | Smartbot | Bots (or users) that change their browser agent string (spoofing) and cookies very often under the same IP, creating low volume traffic or high-volume traffic under configuration that looks like a busy enterprise network. | Best addressed by Pixalate's IP and device ID data feeds. | |
| GIVT | TOR | Traffic originating from a TOR network node. | Best addressed by Pixalate's IP data feed. | |
| SIVT | Video Click Fraud | Video ad clicks that are generated from the same browser or device at a statistically significant inflated rate. | Best addressed by Pixalate's IP and device ID data feeds. | |
| SIVT | Video Impression Fraud | Video ad impressions that are generated from the same browser or device at a statistically significant inflated rate. | Best addressed by Pixalate's IP and device ID data feeds. Frequency capping can also be applied. |