Such an analysis might look like the graph below
Posted: Mon Dec 23, 2024 5:55 am
4 Ways to Identify Installer Fraud
1. IP addresses
IP addresses can be spoofed to hide where the click came from. To check if IP addresses are blacklisted or listed elsewhere, we check them with a third-party software tool. This gives us insight into the credibility of the IP address used. The number of unique IP addresses could give us insight into whether multiple campaigns were used to install an app. How likely is it that a real user clicked on multiple ads from the same affiliate on the same day? And installed and opened them all? Not so likely.
Number of installs per IP address per affiliate per campaign in 1 day. Colors represent affiliates and numbers represent installs per campaign.
There are reasons to have multiple installs per day from the same IP address. An example would be a library where users can use the same IP address and Wifi. So digging a little deeper hong kong phone numbers into your data is advisable.
The graph shows that for an affiliate the same IP address was used for multiple campaigns. The underlying data shows that these were converted into installs per IP address within the same time frame (a few minutes!). This behavior cannot be displayed by a real user.
Fraudsters are innovative. A more advanced system would not use the same IP address for different fake installs, but use a proxy to diversify the data. To capture IP addresses within a certain range, we split the IP address into four parts. You do an analysis on the first three parts.
A report for such an IP range might look like the graph below.
Installs per IP range per affiliate in 1 day.
Although the number of installs per IP range is not necessarily suspicious, there could be a pattern to the number. What is also noticeable is that the IP range shown makes a jump to escape certain fraud algorithms. We should also keep in mind that the number of unique IP addresses depends on the country of origin. A combination of country and IP range helps us to detect possible proxy-like traffic.
1. IP addresses
IP addresses can be spoofed to hide where the click came from. To check if IP addresses are blacklisted or listed elsewhere, we check them with a third-party software tool. This gives us insight into the credibility of the IP address used. The number of unique IP addresses could give us insight into whether multiple campaigns were used to install an app. How likely is it that a real user clicked on multiple ads from the same affiliate on the same day? And installed and opened them all? Not so likely.
Number of installs per IP address per affiliate per campaign in 1 day. Colors represent affiliates and numbers represent installs per campaign.
There are reasons to have multiple installs per day from the same IP address. An example would be a library where users can use the same IP address and Wifi. So digging a little deeper hong kong phone numbers into your data is advisable.
The graph shows that for an affiliate the same IP address was used for multiple campaigns. The underlying data shows that these were converted into installs per IP address within the same time frame (a few minutes!). This behavior cannot be displayed by a real user.
Fraudsters are innovative. A more advanced system would not use the same IP address for different fake installs, but use a proxy to diversify the data. To capture IP addresses within a certain range, we split the IP address into four parts. You do an analysis on the first three parts.
A report for such an IP range might look like the graph below.
Installs per IP range per affiliate in 1 day.
Although the number of installs per IP range is not necessarily suspicious, there could be a pattern to the number. What is also noticeable is that the IP range shown makes a jump to escape certain fraud algorithms. We should also keep in mind that the number of unique IP addresses depends on the country of origin. A combination of country and IP range helps us to detect possible proxy-like traffic.