Click IVT Taxonomy

HUMAN analyzes a variety of signals to determine whether traffic is valid or invalid. Based on these signals, we group different forms of invalid traffic (also known as IVT) into specific threat categories, which provide transparency into the specific traits displayed by each click.

Each invalid click is either classified as General invalid traffic (GIVT) or Sophisticated invalid traffic (SIVT), then further broken down into specific threat categories that describe why the click is invalid. Each threat category is also divided into one or more subcategories with even more information about the kind of invalid traffic we detected; however, these subcategories are not an exhaustive list of all possible forms of IVT within the parent category.

📘

Note

Please note the definitions of the following terms used on the Click Defense dashboard:

  • Total Clicks: Total number of recorded clicks during the selected time frame, not filtered for IVT clicks.
  • IVT Clicks: Total number of clicks that were determined to be generated from an invalid endpoint. This includes general IVT clicks and sophisticated IVT clicks.

General invalid traffic (GIVT) clicks

General invalid traffic is any form of IVT that's easy to identify via routine fraud detection methods like filters and industry-standard blocklists. These invalid clicks are often driven by simple bots or crawlers and aren’t always malicious.

GIVT click categories and subcategories include:

Data Center

Ad clicks that originated in data centers whose IPs are linked to invalid activity (typically non-human traffic). These IP addresses are usually included on industry lists of known data centers.

Data Center with no VPN or Proxy Detected

Clicks that originated from a known data center and aren’t the byproduct of a legitimate user browsing via VPN or proxy. Most clicks that fall into this subcategory are non-human automated clicks.

TAG Data Center IP List

Data center IP addresses listed in the TAG Data Center IP List.

Known Crawler

A program or automated script that identified itself as non-human through a variety of identification mechanisms. These crawlers may be included in an industry list.

Known Crawler | Creative Scanner

Self-declared bots that scan ad creatives for security and compliance. Categorized under GIVT, they are separated from other known crawlers to highlight their specific role in the ad ecosystem.

IAB Spiders

Crawlers listed in the IAB Tech Lab/ABC International Spiders and Bots List.

Invalid Placement

An ad that was rendered inside an iframe with 0x0 dimensions, making it functionally invisible to users.

Sophisticated invalid traffic (SIVT) clicks

Sophisticated invalid traffic is a form of IVT that resembles authentic behavior. Some of these invalid clicks are driven by malicious bots designed to evade detection; others involve misleading user interfaces that trick legitimate human users or real clicks whose parameters were altered. Since SIVT can’t be identified via the same routine methods used to identify GIVT, the only consistent way to detect SIVT is by using advanced tools that analyze each click.

SIVT click categories and subcategories include:

Automated Browsing

A program or automated script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler.

Botnets

A coordinated group of programs or automated scripts that requested web content (including digital ads) without user involvement and without identifying themselves as crawlers.

General Automated Browsing

A program or script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler but that is not part of an identified botnet.

False Representation

A click on inventory with materially different declared attributes from the actual inventory being supplied, including ad traffic where the actual ad was rendered to an unexpected website or application, or other discrepancies between the expected and actual device type, geographical location, or media type. For example, inventory declared as iOS but detected as Android.

App Spoofing

A click generated on a creative from inventory in an application that differed from the actual application where inventory was supplied.

Domain Spoofing

A click generated on a creative on a domain that differed from the actual domain where inventory was supplied.

Emulators Masquerading as Real Devices

Ad clicks on traffic that claimed to originate from a real user device but displayed signs of emulation or other invalid device traits, like an impossible device/model combination.

Parameter Mismatch

A click that had a significant mismatch between its declared and detected parameters. For example, the transacted click may have declared itself as an iOS device, but the click was detected on a Windows device.

Spoofed Measurements

A click whose properties were modified in an attempt to conceal evidence of automated or otherwise inauthentic behavior.

Misleading User Interface

A web page, application, or other visual element that was modified to falsely include one or more ads. This includes rendering ads that aren’t visible to the user, injecting ads without a publisher’s consent, or tricking users to click on an ad.

Ad Hiding

An ad that couldn’t be seen because it was hidden behind other ads or website content, displayed in a tiny iframe, or rendered unviewable by other means.

Stacked Ads

A series of ad placements in which multiple ads were layered on top of each other, leaving only the topmost ad visible. Clicks may be falsely attributed to hidden ads, artificially inflating engagement metrics.

Compromised Clicks

Clicks that exhibited unusual behavior, such as interactions with non-viewable links or abnormally fast mouse movements, indicating potential manipulation or automation.