Fraud reasons

Traffic violations (anomalies) are divided into these categories:
       
DEVICE (abnormal device parameters)
  • Fake device IDs (user agent, IDFA/Android ID, MAC address, etc.) and their combinations
  • Device emulators
  • Hijacked device where a user is present and additional HTML or ad calls are made independently of the content being requested by the user IP (all the violations identified by the IP address in conjunction with other parameters of conversion)
IP 
  • Multiple conversions from the same IP
  • Multiple conversions from the same IP subnet
PROXY (all the violations identified by the IP address in conjunction with other parameters of conversion)
  • Traffic that is routed through an intermediary proxy device or network where the ad is rendered in a user’s device where there is a real human user
  • IPs that are associated with known Botnets and Adware
  • User are actively hiding their identity or making conversions from an unwanted GEO
DATACENTER
  • Traffic originating from servers in data-centres or known cloud platform providers, rather than residential or corporate networks, where the ad is not rendered in a user’s device (there is no real human user)
SOURCE (all violations identified regarding traffic sources)
  • Click done from a suspicious site
  • Source traffic is not as declared
OS (OS related issues)
  • Abnormal device distribution within traffic (device models, browser versions, operating system, etc.)
ATTRIBUTION
Includes violations of that types:
  • Clickspamming - App installs previously attributed to clicked ads were discovered to be user-generated app installs randomly claimed by ad networks by spamming the fingerprinting algorithms

  • Cookie stuffing - the process by which a client is provided with cookies from other domains as if the user had visited those other domains. taking ad tags from a publisher’s site and putting them on to another site without the publisher knowledge

  • Click injection(Android only) - Android uniquely vulnerable to click injection fraud, in which an ad network takes credit for organic app installs

FraudScore system analyzes traffic using 75+ metrics starting with the device IDs, IP addresses and ending with a click density and TTI (time to install). Each metric has own particular weight, so when conversion happened it gets own Fraudscore rating. Fraudscore is used to determine the average conversion rate in this traffic.

Four fraud score levels:
  • ok - non suspicious traffic
  • low - low risk level (1-2 violations), fraud score: 0-33
  • mid - middle risk level (2-4 violations), fraud score: 33-66
  • high - high risk level (4+ low risk violations, or 3+ high risk violations), fraud score: 66+

If Fraud score is more than 25 we recommend you to pay more attention to the traffic.