Skip to main content

Anti Fraud

Fraud traffic is always unwelcomed because they will eat your money, with MaxConv, there are several ways to spot fraud traffic.

susv_r.png

Suspicious Visits

We will flag traffic as suspicious when we found it meets any one of following characteristic:

1. IP from Datacenter

We have collected 720+ (still growing) datacenter ASNs(autonomous system number), if MaxConv found a IP's ASN belong to one of them, the system flag it.

Below is a shot view of ASNs we collected, if you have suspicious ones, please report it to us, we will add it to the list.

datacenter-asns.png

2. Library Request

Library refers to programmatic traffic, which is initiated by CUrl, Python spider, PHP...etc, when we extract library information from user agent, we flag it as suspicious.

The detected library list is:

aiohttp, Akka HTTP, AnyEvent HTTP, Apache HTTP Client, Aria2, Artifactory, Azure Data Factory, Buildah, BuildKit, C++ REST SDK, Containerd, containers, cPanel HTTP Client, cri-o, curl, Dart, docker, Embarcadero URI Client, Faraday, fasthttp, GeoIP Update, go-container registry, Go-http-client, Google HTTP Java Client, got, GRequests, gRPC-Java, Guzzle (PHP HTTP Client), gvfs, hackney, Harbor registry client, Helm, HTTPie, httplib2, HTTPX, HTTP_Request2, Insomnia REST Client, Jakarta Commons HttpClient, Java, Java HTTP Client, jsdom, libdnf, libpod, LUA OpenResty NGINX, Mechanize, Mikrotik Fetch, Node Fetch, OkHttp, Open Build Service, Pa11y, Perl, Perl REST::Client, PHP cURL Class, Postman Desktop, Python Requests, Python urllib, quic-go, r-curl, ReactorNetty, req, REST Client for Ruby, RestSharp, Resty, ScalaJ HTTP, Skopeo, SlimerJS, Typhoeus, uclient-fetch, Ultimate Sitemap Parser, Unirest for Java, urlgrabber (yum), uTorrent, Wget, Windows HTTP, WinHttp WinHttpRequest, WWW-Mechanize

3. Web crawler

Web crawler is an Internet bot that systematically browses the World Wide Web and that is typically operated by search engines for the purpose of Web indexing.

Check detected web crawler list here

TTB Avg. (The average of Time to Bounce)

MaxConv calculate the time it takes from campaign visit to lander click, it's called TTB (Time to Bounce) in reporting.

It focus on measuring how attractive your lander is, a real human take some time to read your lander content, but most fraud traffic will ignore it and click the CTA link right away.

So if you found average TTB value from a specific placement is very short, you should consider it as suspicious traffic, and block it in your source when possible.

However, if the average TTB is acceptable short, maybe just bcause your lander is not that attractive, what you should do is optimize it :)

Please be noted that if you want to investigate detailed TTB value, go to the Click Data, which is a raw click data list, gives you a full detail of every single event(visits/clicks...etc)

TTC Avg. (The average of Time to Convert)

It's similar to TTB, but calculating the time it takes from offer visiting to offer converting.

The time to converting depends on offer type, so you should have a basic idea about how long it will take for a regular conversion, for example, a human take about 1~3 minutes to fill a leadgen form, so if you found the average TTC is shorter than that, pay close attention to those traffic, they may are sophisticated bot.

Continuous Adding

We will add more metrics to find fraud traffic, if you have a good idea, please share it with us 😉