Types of invalid traffic detection, as defined by Pixalate, are reported within the Analytics and Threat Intelligence product solutions.
| IVT Class | IVT Type | Definition | |
|---|---|---|---|
| SIVT | appSpoofing | Traffic, where the app identifier (e.g. bundleId) reported to the exchange, does not match the characteristics of the app detected by Pixalate. | |
| GIVT | autoreloader | Impressions with very periodic patterns cannot be generated by a human. | |
| GIVT | blankUserAgent | The impression has an empty User Agent field. | |
| SIVT | clickFarm | An impression originating from a user who has been flagged as being associated with human click farm activity. | |
| SIVT | cookieStuffing | Activity from a cookie that has connected to the internet via a statistically significant inflated number of different IP Addresses. | |
| GIVT | datacenter | The User’s IP has a match in the Pixalate known Datacenter list. | |
| SIVT | datacenterProxy | The impression is from an intermediary proxy device, running in a datacenter, that exists to manipulate traffic counts, pass non-human or invalid traffic or fails to comply with protocol | |
| SIVT | defasedApp |
Traffic sourced from mobile apps that have been delisted from their respective app stores.
|
|
| SIVT | deviceIdStuffing | Activity from a device that has connected to the internet via a statistically significant inflated number of different IP Addresses. | |
| SIVT | displayClickFraud | Clicks that are generated from the same browser or device at a statistically significant inflated rate. | |
| SIVT | displayImpressionFraud | Impressions that are generated from the same browser or device at a statistically significant inflated rate. | |
| SIVT | doorwaySite | A user which has been flagged for accessing a given page or domain via multiple spoofed page referrers. | |
| GIVT | duplicateClicks | High volumes of duplicate clicks may indicate an integration issue. | |
| GIVT | duplicateImpressions | High volumes of duplicate impressions may indicate an integration issue. | |
| GIVT | fastClicker | Activity originating from users which generate clicks less than one second apart from their respective impression. | |
| SIVT | highCTRTraffic | Traffic associated with domains or apps demonstrating high-risk CTR behavior. | |
| SIVT | highRiskApp | The impression is from an app that has been flagged for a high risk of invalid traffic. | |
| SIVT | highRiskDeviceId | The impression is from a device ID that has been flagged for a high risk of invalid traffic. | |
| SIVT | highRiskDomain | The impression is from a domain that has been flagged for a high risk of invalid traffic. | |
| SIVT | highRiskIP | The impression is from an IP Address that has been flagged for a high risk of invalid traffic. | |
| SIVT | hijackedSession | Activity originating from a device or browser has a statistically significant inflated number of user sessions. | |
| GIVT | IABcrawler | Activity originating from bots that use a User Agent string which matches a User Agent on the list of IAB known crawlers. | |
| GIVT | IABdummyBot | Activity originating from bots that use a User Agent string that does not match any existing browser. | |
| GIVT | idioBots | Bots (or users) that change their User Agent string (spoofing), while keeping the same cookie. | |
| SIVT | IPObfuscation | An IP that has been spoofed such that the impression is rendered to a different IP address than the one originally offered | |
| SIVT | locationObfuscation | Activity originating from an IP where multiple impressions deviate from the geographic location that is reported in the advertising transaction. | |
| SIVT | malware | The impression is from domains or pages known to host malware. | |
| SIVT | maskedIP | The IP of a user does not match the IP and the associated ISP reported in the advertising transaction. | |
| SIVT | maskediCloudRelayIP | The IP of a user does not match the IP and the associated ISP reported in the advertising transaction, and the reported IP was claimed to be an iCloud Private Relay IP address. | |
| SIVT | phishing | The impression is from domains or pages associated with phishing tactics. | |
| GIVT | privateIP | The IP Address associated with the ad impression is from the private network space. | |
| SIVT | proxy | The impression is from an intermediary proxy device that exists to manipulate traffic counts, pass nonhuman or invalid traffic or fails to comply with the protocol. | |
| SIVT | publisherFraud | Publishers operating domains or apps which violate standard ad serving practices including, for example, stacked ads, high ad density and inflated impression counts. | |
| SIVT | smartbot | Bots (or users) that change their browser agent string (spoofing) and cookies very often under the same IP, creating low volume traffic or high-volume traffic under configuration that looks like a busy enterprise network. | |
| GIVT | TOR | Traffic originating from a TOR network node. | |
| SIVT | videoClickFraud | Video ad clicks that are generated from the same browser or device at a statistically significant inflated rate. | |
| SIVT | videoImpressionFraud | Video ad impressions that are generated from the same browser or device at a statistically significant inflated rate. |