Taxonomy
Traffic Classifications (referred to as Threat Profiles) categorize all traffic as valid (VAL), bot (BOT), or nonstandard (NSD). Each category reflects HUMAN’s decision about the authenticity of a specific interaction.
This traffic is further labeled with reason codes that provide insight into why HUMAN responded with the given classification. Each reason code corresponds with a more readable “threat category”.
Below is a table with each reason code, the corresponding “threat category”, and a brief explanation of what it means.
Threat Profile | Reason Code | Threat Category | Explanation |
Bot - Traffic results from automation or a compromised device | |||
BOT | BOT-ENT_BVR | Abnormal Entity Behavior | The traffic showed inauthentic behavior only exhibited by automation. This includes unnatural mouse movements, keystrokes, and anomalous visitation patterns (e.g. timed page loads or diurnal activity). |
BOT | BOT-API | API Abuse and Signal Evasion | The traffic attempted to directly access the application API outside of the intended flow of the application, or attempted to block the signal collection. |
BOT | BOT-BFA | Brute Force Attack | The traffic is making an anomalously large number of requests in a short period of time. |
BOT | BOT-KNO_MAL | Known Botnets and Malware | The traffic shows signs of originating from a known botnet or malware. |
BOT | BOT-KNO_SPD | Known Spider | The traffic originates from a known spider or crawler. Bots with this label are generally considered “safe” or “good”. |
BOT | BOT-RPA | Replay Attack or Manipulated Request | The traffic showed signs of manipulating or tampering with the HTTP requests to your application. |
BOT | BOT-BOT | Sophisticated Bot | The traffic showed signs of belonging to a more sophisticated bot. These signs include spoofing devices or browsers running automation tools such as Puppeteer or Playwright, or accessing your application using a headless browser. |
Non Standard - Traffic that exhibits suspicious or anomalous behavior, but does not meet the precision threshold to be marked BOT. | |||
NSD | NSD-ENT_BVR | Abnormal Entity Behavior | The traffic showed inauthentic behavior only exhibited by automation. This includes unnatural mouse movements, keystrokes, and anomalous visitation patterns (e.g. timed page loads or diurnal activity). However, the traffic did not meet the precision threshold to be marked as a bot. |
NSD | NSD-ANO_DEV | Anomalous Device | The traffic originated from a deprecated or legacy device. |
NSD | NSD-ANO_USR | Anonymized User | The user attempted to make themselves anonymous. This includes traffic originating from an undeclared VPN or a data center. |
NSD | NSD-BAD_REP | Bad Reputation | The traffic originates from an IP that has a high rate of abuse and malicious activity. |
NSD | NSD-INF_DEV | Infected Device | There is evidence to suggest that the device is infected based on its activity in Ad Fraud or other nefarious purposes. It is uncertain if the particular action is performed by the user or by the malware on the device. |
Valid - Valid traffic that does not show any signals indicating automation or malicious behavior | |||
VAL | VAL-NEU | Neutral | There were no observed irregular behavior or signals to suggest bot activity. |