# Reason Codes Reference
*Event Risk reports* contain *reason codes*, which are standardized identifiers used to explain the cause for a particular action, event or click, depending on the nature of the reason code.
Spiders and Bots
Risk Level: Critical
**Applies to clicks only.**
A click was generated by an automated web crawler (a'bot) rather than a person. These are software programs that systematically browse the internet to index content for search engines.
The crawler identified itself as non-human in its connection details, so it won't be counted as real user activity.
This type of reason code has an extremely low false positive risk.
Image Click
Risk level: Critical
**Applies to clicks only.**
A click was generated as a result of a page or ad loading, without any interaction or intention from a user to click on the link or ad.
Image clicks are usually a malicious attempt to defraud CPC or CPA programs by generating hidden clicks while users browse the internet unknowingly. Rarely, they can result from an innocent bad implementation on a partner’s website, but even then, they still cause misattribution to the partner.
This type of reason code has an extremely low false positive risk.
Data Center
Risk level: High
**Applies to both clicks and actions.**
The IP Addresses that the clicks and actions originated from belong to a data center e.g. AWS or Google Cloud.
Clicks and actions with `REF_datacenter` are an action-level reason code. The `REF_` indicates that the action's `REFERRER` is the cause of the risk flag. In this case, the IP address of the `REFERRER` was a data center.
Clicks and actions from data centers can fall into 2 main categories:
* Malicious attempts to defraud your program.
* Innocent clicks that are non-human. These clicks are part of partners inadvertently buying invalid traffic or webscrapers.
This type of reason code has a very low false positive risk. Occasional false positives can result from partners implementing tracking links in an unsupported way (e.g. server side redirects). Partners should [contact support](https://app.impact.com/support/portal.ihtml?createTicket=true&) in these cases.
Request Anomaly
Risk level: High
**Applies to clicks only.**
The HTTP request contains signals that indicate non-human activity.
**REF\_request\_anomaly**: The action’s referring click has abnormal request properties.
Actions with `REF_request_anomaly`, particularly without `REF_datacenter`, should be scrutinized closely as this can be an indicator of cookie stuffing.
Similar to *datacenter clicks*, anomalies can fall into 2 main categories:
* Malicious attempts to defraud your program.
* Innocent clicks that are non-human. These clicks are part of partners inadvertently buying invalid traffic or webscrapers.
This reason code type has a very low false positive risk. Occasional false positives can result from unverified loading of clicks in the background in order to maintain a seamless user experience. If a partner has a valid reason use case they should [contact support](https://app.impact.com/support/portal.ihtml?createTicket=true&).
Proxy
Risk level: High
**Applies to clicks and actions.**
The IP Address that the click and action originated from is a known proxy.
Clicks and actions originating from *known proxies* are more likely to be malicious in intent, as these IPs are often used to hide the true source of activity. We recommend a careful manual review of any events flagged with this reason code before you approve payouts.
This reason code type has a very low false positive risk.
IP Reputation
Risk level: Suspect
**Applies to clicks and actions.**
IP Reputation uses a specialized algorithm to analyze the historical behavior of an IP address. The `REF_` version of the reason code means that the clicks and actions with `REF_ipreputation` were flagged for IP reputation.
By identifying patterns typically associated with fraud, it flags clicks and actions that show a higher risk of malicious intent. We recommend carefully reviewing any events flagged for this reason code before approving payouts.
This reason code type has a low false positive risk.
Domain Reputation
Risk level: Critical/Suspect
**Applies to clicks only.**
Domain Reputation uses a specialized algorithm to analyze activity associated with a specific domain to determine its legitimacy. The `REF_` version of the reason code means that the clicks with `REFERRER` was flagged for domain reputation.
Clicks originating from domains with a poor reputation are more likely to be malicious. We recommend carefully reviewing any events flagged with this reason code before approving payouts.
This reason code type has a low false positive risk. Occasional false positives can result from services holding out-of-date information.
Conversion Spoofing
Risk level: Critical/Suspect
**Applies to actions only.**
A spoofed conversion refers to a fake event or action that never happened. Spoofed conversions are automatically placed into a reversed state, ready for your review in [Review At Risk Actions](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/review-at-risk-actions).
Client-side integrations (like JavaScript) can be vulnerable to bad actors creating fake conversion events in order to receive rewards, either directly via a partner account, or more commonly via the reward scheme of a loyalty/rewards type partner.
To detect spoofed conversions, our system analyzes internal signals alongside your specific `orderId` and conversion URL patterns to ensure every event is genuine.
This reason code type has a medium false positive risk.