Hijacked devices, user sessions, ad tags and ad creatives

'Any user's device (browser, phone, app or other system) that has been modified to call html or make ad requests that is not under the control of a user and made without the user's consent. These include

Hijacked device with a fully automated browser - a hijacked device where the device is a browser and the modification is that the browser is hidden from user view and engaged in making html or ad calls.

Hijacked device with session hijacking - a hijacked device where a user is present and additional html or ad calls are made independently of the content being requested by the user. Ads and redirections are inserted into the user experience by the program running on the device.'

Classification 
Sophisticated Invalid Traffic
TrafficGuard Indicators

Behavioural anomaly detection - monitoring events (including post-install) that occur on mass. Bots follow programmed patterns

Irrational engagements - e.g. SDK says an IAP has occurred, but the advertiser doesn't report a legitimate purchase

Short time to install: Given the size of the app, the time between clicking the ad and downloading the app will be impossibly short

Rejection Codes score_ip_global
score_device_global
known_hosts_ip_global
lowtime_clicktoinstall_siteid
anonymous_useragent
manipulation_globalcookieid
manipulation_appsubpartnercookieid
excessive_ratio_newdevice_siteid
excessive_ratio_limitadtracking_siteid
Fraud Tactics Sophisticated Bot Driven Installs
Click Injection