HUMAN analyzes a variety of signals to determine whether traffic is valid or invalid. Based on these signals, we group different forms of invalid traffic (also known as IVT) into specific threat categories, which provide transparency into the specific traits displayed by each click.
Each invalid click is either classified as General invalid traffic (GIVT) or Sophisticated invalid traffic (SIVT), then further broken down into specific threat categories that describe why the click is invalid. Each threat category is also divided into one or more subcategories with even more information about the kind of invalid traffic we detected; however, these subcategories are not an exhaustive list of all possible forms of IVT within the parent category.
There are also clicks that are classified as Incentivized, which are generated by non-IVT human users and do not count towards Click IVT.
Please note the definitions of the following terms used on the Click Defense dashboard:
General invalid traffic is any form of IVT that’s easy to identify via routine fraud detection methods like filters and industry-standard blocklists. These invalid clicks are often driven by simple bots or crawlers and aren’t always malicious.
GIVT click categories and subcategories include:
Ad clicks that originated in data centers whose IPs are linked to invalid activity (typically non-human traffic). These IP addresses are usually included on industry lists of known data centers.
Clicks that originated from a known data center and aren’t the byproduct of a legitimate user browsing via VPN or proxy. Most clicks that fall into this subcategory are non-human automated clicks.
Data center IP addresses listed in the TAG Data Center IP List.
A program or automated script that identified itself as non-human through a variety of identification mechanisms. These crawlers may be included in an industry list.
Self-declared bots that scan ad creatives for security and compliance. Categorized under GIVT, they are separated from other known crawlers to highlight their specific role in the ad ecosystem.
Crawlers listed in the IAB Tech Lab/ABC International Spiders and Bots List.
An ad that was rendered inside an iframe with 0x0 dimensions, making it functionally invisible to users.
Sophisticated invalid traffic is a form of IVT that resembles authentic behavior. Some of these invalid clicks are driven by malicious bots designed to evade detection; others involve misleading user interfaces that trick legitimate human users or real clicks whose parameters were altered. Since SIVT can’t be identified via the same routine methods used to identify GIVT, the only consistent way to detect SIVT is by using advanced tools that analyze each click.
SIVT click categories and subcategories include:
A program or automated script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler.
A coordinated group of programs or automated scripts that requested web content (including digital ads) without user involvement and without identifying themselves as crawlers.
A program or script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler but that is not part of an identified botnet.
A click on inventory with materially different declared attributes from the actual inventory being supplied, including ad traffic where the actual ad was rendered to an unexpected website or application, or other discrepancies between the expected and actual device type, geographical location, or media type. For example, inventory declared as iOS but detected as Android.
A click generated on a creative from inventory in an application that differed from the actual application where inventory was supplied.
A click generated on a creative on a domain that differed from the actual domain where inventory was supplied.
Ad clicks on traffic that claimed to originate from a real user device but displayed signs of emulation or other invalid device traits, like an impossible device/model combination.
A click that had a significant mismatch between its declared and detected parameters. For example, the transacted click may have declared itself as an iOS device, but the click was detected on a Windows device.
A click whose properties were modified in an attempt to conceal evidence of automated or otherwise inauthentic behavior.
A web page, application, or other visual element that was modified to falsely include one or more ads. This includes rendering ads that aren’t visible to the user, injecting ads without a publisher’s consent, or tricking users to click on an ad.
An ad that couldn’t be seen because it was hidden behind other ads or website content, displayed in a tiny iframe, or rendered unviewable by other means.
A series of ad placements in which multiple ads were layered on top of each other, leaving only the topmost ad visible. Clicks may be falsely attributed to hidden ads, artificially inflating engagement metrics.
Clicks that exhibited unusual behavior, such as interactions with non-viewable links or abnormally fast mouse movements, indicating potential manipulation or automation.
Clicks generated by non-IVT human users who receive a reward or benefit in exchange for engaging with an advertisement or link - excluding rewarded traffic such as extra lives or coins that cannot be converted into monetary reward. This category specifically includes traffic originating from domains or IP addresses that have been verified and classified as incentivized human activity. This category of clicks does not count towards Click IVT, but provides further insight on click activity.