Page Intelligence IVT Taxonomy
HUMAN analyzes a variety of signals to determine whether traffic is valid or invalid. Based on these signals, we group different forms of invalid traffic (IVT) into specific threat categories, which provide transparency into the traits displayed by each pageview.
Each invalid pageview is classified as either General Invalid Traffic (GIVT), Sophisticated Invalid Traffic (SIVT), or Incentivized Traffic (IT). Then, they are further broken down into specific threat categories that describe why the pageview is invalid.
Each threat category can also be divided into more granular subcategories in our internal taxonomy.
All forms of IVT will be classified according to at least one parent category, but not all pageviews will have a corresponding subcategory. For example, one pageview might be specifically classified as “False Representation - Domain Spoofing,” but another might simply be classified as “False Representation.”
General Invalid Traffic (GIVT)
General invalid traffic is any form of IVT that’s easy to identify via routine fraud detection methods like filters and industry-standard exclusion lists. These invalid pageviews are often driven by simple bots or crawlers and aren’t always malicious.
GIVT categories and subcategories include:
Data Center
Traffic that originated in data centers whose IPs are linked to invalid activity (typically non-human traffic). These IP addresses are usually included on industry lists of known data centers.
Data Center With No VPN or Proxy Detected
Traffic that originated from a known data center and is not the byproduct of a legitimate user browsing via VPN or proxy. Most traffic that falls into this subcategory is non-human automated traffic.
TAG Data Center IP List
Data center IP addresses listed in the TAG Data Center IP List.
Known Crawlers
A program or automated script that identified itself as non-human through a variety of identification mechanisms. These crawlers may be included in an industry list.
AI Agents
User-agent patterns associated with AI agents.
Human Identified Crawlers
User Agents that match user-agent patterns HUMAN Security has designated as associated with automated or non-human traffic, but are not currently on the IAB list.
IAB Spiders - Include List Violations
User Agents that do not match the include list patterns in the IAB Tech Lab/ABC International Spiders and Bots List.
IAB Spiders - Exclude List Violations
User Agents that match the exclude list patterns in the IAB Tech Lab/ABC International Spiders and Bots List.
Irregular Pattern
Traffic that included one or more attributes (e.g., user cookies) associated with irregular behavioral patterns, such as non-disclosed auto-refresh traffic or duplicate pageviews.
Repeat Transactions
A pageview request with identical or near-identical attributes was presented multiple times within a short time span or continues to repeat over a long period of time (e.g., hours).
False Representation
Pageview traffic where some of the expected data differed from the actual data supplied. This can include traffic where the pageview occurred on an unexpected website or application, or discrepancies between the expected and actual device type, geographical location, or media type.
Invalid Transaction Parameters
A pageview whose transaction parameters were significantly misconfigured or malformed, often due to missing information or other benign errors.
Invalid Transaction Parameters - Blank UAs
A pageview containing a blank User Agent.
Invalid Transaction Parameters - Malformed UAs
A pageview containing a User Agent that is malformed.
Misleading User Interface
A web page, application, or other visual element that was modified to falsely include one or more measurable pageviews. This includes rendering content that isn’t visible to the user, injecting content without a publisher’s consent, or tricking users into unintended interactions.
Sophisticated Invalid Traffic (SIVT)
Sophisticated invalid traffic is a form of IVT that resembles authentic behavior. Some of these invalid pageviews are driven by malicious bots designed to evade detection; others involve misleading user interfaces that trick legitimate human users or real requests whose parameters were altered. Since SIVT can’t be identified via the same routine methods used to identify GIVT, the only consistent way to detect SIVT is by using advanced tools that analyze each pageview and request.
SIVT categories and subcategories include:
Automated Browsing
A program or automated script that requested web content without user involvement and without identifying itself as a crawler.
Botnets
A coordinated group of programs or automated scripts that requested web content without user involvement and without identifying themselves as crawlers.
General Automated Browsing
A program or script that requested web content without user involvement and without identifying itself as a crawler but that is not part of an identified botnet.
False Representation
Pageview traffic where some of the expected data differed from the actual data supplied. This can include traffic where the pageview occurred on an unexpected website or application, or discrepancies between the expected and actual device type, geographical location, or media type.
App Spoofing
A pageview that declared itself to have occurred in one application but it was detected to have occurred on another application.
Domain Spoofing
A pageview that declared itself to have occurred in one domain but it was detected to have occurred on another domain.
Emulators Masquerading as Real Devices
Traffic that claimed to originate from a real user device but displayed signs of emulation or other invalid device traits, like an impossible device/model combination.
Parameters Mismatch
A pageview that had a significant mismatch between its declared and detected parameters. For example, the pageview visitor may have declared itself as an iOS device, but the pageview visitor was detected on a Windows device.
Spoofed Measurements
A pageview whose properties were modified in an attempt to conceal evidence of automated or otherwise inauthentic behavior.
Misleading User Interface
A web page, application, or other visual element that was modified to falsely include one or more measurable pageviews. This includes rendering content that isn’t visible to the user, injecting content without a publisher’s consent, or tricking users into unintended interactions.
Ad Hiding
Content that couldn’t be seen because it was hidden behind other content, displayed in a tiny iframe, or rendered unviewable by other means.
Undisclosed Classification
Invalid traffic that couldn’t be classified using any of the other categories in the taxonomy or invalid traffic with sensitive attributes that HUMAN can’t disclose.
IVT - Machine Learning Model
Invalid traffic that was identified by HUMAN’s machine learning models but couldn’t be classified as a specific IVT category.
Incentivized Traffic
Pageviews generated by non-IVT human users who receive a reward or benefit in exchange for engaging with an advertisement or link - excluding rewarded traffic such as extra lives or coins that cannot be converted into monetary reward. This category specifically includes traffic originating from domains or IP addresses that have been verified and classified as incentivized human activity. This category of pageviews does not count towards Page Intelligence IVT, but provides further insight on intent of visitor on page.