Types of invalid traffic detection, as defined by Pixalate, are reported within the Analytics and Threat Intelligence product solutions.
| IVT Class | IVT Type | Definition | |
|---|---|---|---|
| SIVT | appSpoofing | Traffic, where the app identifier (e.g. bundleId) reported to the exchange, does not match the characteristics of the app detected by Pixalate. | |
| GIVT | autoreloader | Impressions with very periodic patterns cannot be generated by a human. | |
| GIVT | blankUserAgent | The impression has an empty User Agent field. | |
| SIVT | clickFarm | An impression originating from a user who has been flagged as being associated with human click farm activity. | |
| SIVT | cookieStuffing | Activity from a cookie that has connected to the internet via a statistically significant inflated number of different IP Addresses. | |
| GIVT | datacenter | The User’s IP has a match in the Pixalate known Datacenter list. | |
| SIVT | datacenterProxy | The impression is from an intermediary proxy device, running in a datacenter, that exists to manipulate traffic counts, pass non-human or invalid traffic or fails to comply with protocol | |
| SIVT | defasedApp |
Traffic sourced from mobile apps that have been delisted from their respective app stores.
|
|
| SIVT | deviceIdStuffing |
Activity from a unique device id that presents itself as a statistically significant inflated number of different IP addresses, unique apps, branded platforms, and/or locations. |
|
| SIVT | displayClickFraud | Clicks that are generated from the same browser or device at a statistically significant inflated rate. | |
| SIVT | displayImpressionFraud | Impressions that are generated from the same browser or device at a statistically significant inflated rate. | |
| SIVT | doorwaySite | A user which has been flagged for accessing a given page or domain via multiple spoofed page referrers. | |
| GIVT | duplicateClicks | High volumes of duplicate clicks may indicate an integration issue. | |
| GIVT | duplicateImpressions | High volumes of duplicate impressions may indicate an integration issue. | |
| GIVT | fastClicker | Activity originating from users which generate clicks less than one second apart from their respective impression. | |
| SIVT | highCTRTraffic | Traffic associated with domains or apps demonstrating high-risk CTR behavior. | |
| SIVT | highRiskApp | The impression is from an app that has been flagged for a high risk of invalid traffic. | |
| SIVT | highRiskSCONode | This form of IVT is flagged when an SCO includes a High Risk SCO Node. ie, the impression has an SCO Node that has been flagged for a high risk of invalid traffic.. | |
| SIVT | highRiskDeveloper | An app that belong to a developer that has created one or more blacklisted apps, and which also generates a large volume of invalid traffic. | |
| SIVT | highRiskDeviceId | The impression is from a device ID that has been flagged for a high risk of invalid traffic. | |
| SIVT | highRiskDomain | The impression is from a domain that has been flagged for a high risk of invalid traffic. | |
| SIVT | highRiskIP | The impression is from an IP Address that has been flagged for a high risk of invalid traffic. | |
| SIVT | hijackedSession | Activity originating from a device or browser has a statistically significant inflated number of user sessions. | |
| GIVT | IABcrawler |
Activity originating from bots that use a User Agent string which matches a User Agent on the list of IAB known crawlers. Self-Announced Prefetch Traffic While Pixalate's gateway and detection logic appropriately accounts for both pre-render and pre-fetch traffic (& reports impressions via a 'begin-to-render' impression recording approach), Pixalate's 'iabCrawler' GIVT type includes any instances of self-announced pre-fetch activity (e.g., X-moz: prefetch, X-purpose: preview). |
|
| GIVT | IABdummyBot | Activity originating from bots that use a User Agent string that does not match any existing browser. | |
| GIVT | idioBots |
Bots (or users) that change their User Agent string (spoofing), while keeping the same cookie. Enhanced Illogical Placement(s) Dimensions Detection GIVT detection logic includes mechanisms to further detect and account for illogical placement dimension, which are inappropriate for trafficked ad creatives in accordance with the Interactive Advertising Bureau's (IAB) Standard Ad Portfolio (July 2017 – VERSION 1.1). Measured traffic reflected in illogical placement dimensions (e.g., 0x0, 1x1, etc.) is now flagged and reported via Pixalate's 'idioBots' GIVT type. |
|
| SIVT | IPObfuscation | An IP that has been spoofed such that the impression is rendered to a different IP address than the one originally offered | |
| SIVT | locationObfuscation | Activity originating from an IP where multiple impressions deviate from the geographic location that is reported in the advertising transaction. | |
| SIVT | malware | The impression is from domains or pages known to host malware. | |
| SIVT | maskedIP | The IP of a user does not match the IP and the associated ISP reported in the advertising transaction. | |
| SIVT | maskediCloudRelayIP | The IP of a user does not match the IP and the associated ISP reported in the advertising transaction, and the reported IP was claimed to be an iCloud Private Relay IP address. | |
| SIVT | phishing | The impression is from domains or pages associated with phishing tactics. | |
| GIVT | privateIP | The IP Address associated with the ad impression is from the private network space. | |
| SIVT | proxy | The impression is from an intermediary proxy device that exists to manipulate traffic counts, pass nonhuman or invalid traffic or fails to comply with the protocol. | |
| SIVT | publisherFraud | Publishers operating domains or apps which violate standard ad serving practices including, for example, stacked ads, high ad density and inflated impression counts. | |
| SIVT | SCOunauthorizedDirectSeller | This form of IVT is flagged when the SCO includes an Unauthorized Direct Seller; meaning the ads.txt or app-ads.txt file does not list the seller in the first node of the SCO as DIRECT. | |
| SIVT | SCOunauthorizedDirectSellerPublisherMissing | This form of IVT is flagged when the first node of the SCO does not point to a publisher. | |
| SIVT | smartbot | Bots (or users) that change their browser agent string (spoofing) and cookies very often under the same IP, creating low volume traffic or high-volume traffic under configuration that looks like a busy enterprise network. | |
| GIVT | TOR | Traffic originating from a TOR network node. | |
| SIVT | videoClickFraud | Video ad clicks that are generated from the same browser or device at a statistically significant inflated rate. | |
| SIVT | videoImpressionFraud | Video ad impressions that are generated from the same browser or device at a statistically significant inflated rate. |