We are talking about fraud. If you work with the “lower” internet—push notifications, native ads, or pops—you are in the risk zone by default. Bots imitate clicks, fake conversions, and simply burn through your ROI.
Let’s figure out how to recognize the “junk” and how to properly clean placements to run profitable campaigns.
1. Push Notifications: Phantoms of Subscriptions
Fraud in push is specific. Here, we are fighting not just bots, but also “dead souls”.
Signs of Fraud:
- Unrealistic CTR: If you see a CTR higher than 5-7% on a standard creative, the network is likely mixing in click-fraud.
- Instant Bounce (Bounce Rate 95%+): A user clicks on a push and closes the tab faster than it loads. This is script work.
- Abnormally High Click Speed: The difference between sending the push and the click is less than 1 second. A live person doesn’t react that fast.
- Subscription Age: If only “Fresh” traffic (up to 24 hours) converts, and everything else is dead silent, the network might be “padding” impressions with an old database.
2. Native Ads: Artificial Interest
Native is considered higher quality, but the fraud here is “smarter”.
Signs of Fraud:
- Geo-Mismatch: You target Tier-1 (USA), but in the tracker, you see visits from IP addresses of data centers or proxies in Southeast Asia.
- Perfect Distribution: If clicks show a flat graph 24/7 without accounting for time zones and human sleep patterns, it’s a bot farm.
- Lack of Events: A bot might click, but it rarely imitates complex behavior (scrolling, dwelling on text, clicking through to a second page).
3. Pop Traffic (Popunder/Clickunder): The Kingdom of Bots
There is the most fraud here because the format is aggressive and cheap.
Signs of Fraud:
- CTR = 100%: In pops, there is no concept of CTR in the usual sense (impression = redirect), so look at time on site.
- User-Agent “From the Past”: A huge number of visits from prehistoric versions of Chrome or Safari.
- Forbidden Devices: For example, traffic arriving from Linux when you are targeting only mobile devices.
Deep Analysis: How Exactly You Are Being Tricked
I understand there are enough superficial tips in affiliate marketing. Let’s get “under the hood” and break down the mechanics of fraud, and then create a concrete checklist for cleaning.
Fraud is not always just an “absence of leads.” It is the imitation of activity.
1. Push: Click Farms and “Zombie Subscriptions”
There are two types of “dirt” in push:
- Scripted Clicks: When the ad network itself generates clicks on its own notifications to increase CTR and charge you money (if you are running on CPC).
- Expired Traffic: The user unsubscribed or deleted their browser long ago, but the system sends push notifications into the “void” or emulates clicks on devices that are no longer active.
2. Native: Hidden Frames and Smart Scroller Bots
Native is trickier because it mimics content.
- Hidden Ads: The ad block loads in an invisible 1×1 pixel frame. The user doesn’t see it, but the impression is counted.
- Smart Bots: Modern bots can scroll a page to the middle, simulating reading an article, and only then click on the offer.
3. Popunder: Aggressive Redirects
It’s simple here: your landing page opens in a background window.
- Proxy/Data Center IP: 70% of fraud in pops comes from server capacities (Amazon AWS, DigitalOcean), not from real people with mobile internet.
- Multi-tabbing: A script opens 10-20 windows of different offers at once. The chance that a user gets to yours is zero.
Technical Markers (Red Flags) in the Tracker
If you see these metrics, the placement goes into the ban list immediately:
| Marker | What it Means | Normal | Fraud / Junk |
| Time on LP | Time spent on the landing page | 10–40 seconds | < 2 sec (bot) or > 10 min (stuck tab) |
| LP CTR | Click-through from pre-lander | 10% – 30% | 0.5% (junk) or 90% (script-clicker) |
| Device Model | Phone Model | Diversity of models | 1000 clicks from the exact same Chrome/Android version |
| ISP | Internet Service Provider | Comcast, AT&T, Vodafone | Amazon, Google Cloud, DigitalOcean |
The “Ruthless Cleaning” Algorithm (Workflow)
Cleaning is not intuition; it is mathematics. Here is how I do it:
To avoid draining your balance, use the “Occam’s Razor” tactic—cut off everything unnecessary.
Step 1: Pre-filtration (Blacklist at the Start)
Don’t wait for budget drain. Before launching on any network (PropellerAds, Adsterra, MGID, etc.), ask your manager for a “Global Blacklist” or a list of placements with low Quality Scores for your GEO. They usually provide them if you ask politely.
Step 2: Tracker Setup
You can’t do anything in these sources without a good tracker (Keitaro, Binom, Voluum).
- Enable Proxy/VPN checks.
- Configure the passing of
site_id,pub_id, orsource_idparameters.
Step 3: Cutoff by “Empty” Clicks
Set a limit. For example:
If a placement gave 500 clicks and 0 clicks on the button on the pre-lander (LP CTR = 0%) — these are 100% bots or absolutely non-targeted traffic. Block the ID.
Step 4: Cutoff by “Empty” Events
If your landing page has a form or scrolling:
- Put a script on a Scroll 50% event.
- If a Site ID gives 1000 visits, but only 5 people performed Scroll 50% — the placement is mixing in scroller bots or “invisible” traffic.
Step 5: CR (Conversion Rate) Analysis / The Rule of Thumb
Create a table in the tracker and sort placements by spend.
- The Rule: If the average lead price on the offer is $5, and a placement has spent $15 (3x lead price) and yielded zero conversions — ban it without pity.
- Exception: If a lead costs $0.50, give the placement a chance to spend $2.50-$3.00.
Step 6: Grouping by Device and OS
Often it’s not the whole placement that frauds, but a specific combination. For example:
- Site ID 12345 + Android 12 — converts.
- Site ID 12345 + Windows — drives bots.In this case, you don’t have to ban the entire placement, just exclude the specific OS in the campaign settings.
Step 7: Regular Hygiene
Fraud placements migrate. What worked yesterday might “go bad” today.
- Whitelist: Collect placements that have yielded at least 2-3 profitable leads.
- Global Blacklist: Maintain your own list of “garbage” IDs and add them to new campaigns right at the start.
How to Automate the Process?
Modern trackers have an “Auto-optimization” section. Set up rules:
- Rule 1: If
Source_IDspent> $10ANDConversions < 1, then send theIDto “Paused” status (via API to the ad network). - Rule 2: If
ISPcontainsAmazon/Google/DataCenter, redirect this traffic to a blank page so as not to pay for the click (if the buying model allows).
How to Talk to Ad Network Support
If you find obvious fraud (for example, 90% of traffic from data center IPs), do not hesitate to demand a Refund.
How to write it:
“Hi! In campaign ID 98765, I recorded 40% of traffic coming from proxies and data centers (screenshot from tracker attached). This traffic violates my purchasing terms. Please audit these placements and issue a refund to my balance.”
Spoiler: Normal networks return the money because they value their reputation.
Summary
Ad fraud in push, native, and pop traffic is not an occasional anomaly — it is a permanent background risk that every media buyer must account for. Bots evolve, patterns shift, and even trusted sources can degrade over time. That’s why effective traffic cleaning is not a one-time fix, but a continuous operational process.
Allocating 10–20% of your budget to controlled test runs is not a loss — it’s the cost of entering the profit zone. These test campaigns expose abnormal behavior early, protect scaling budgets, and provide the data needed to make objective decisions instead of relying on assumptions.
The winning strategy in push, native, and pop advertising is simple but disciplined: test aggressively, analyze ruthlessly, clean placements daily, and scale only what proves its value. Advertisers who follow this routine don’t eliminate fraud completely — they minimize its impact and keep ROI predictable in an otherwise volatile environment.
Ad Fraud Detection & Cleaning Workflow
| Stage | What to Check | Key Red Flags | Action |
|---|---|---|---|
| Test Run | Small-budget launch | Instant clicks, no engagement | Isolate source |
| Early Data | CTR & time-to-click | <1s click delay | Flag placement |
| Behavior Analysis | Scroll & events | No user actions | Block zone |
| Conversion Check | Leads/sales | Zero post-click activity | Pause source |
| Scaling | Stable metrics | Metric drift | Re-test before scale |
FAQ — Questions & Answers (Separate Section)
What is the most common sign of ad fraud in push and pop traffic?
The most common signal is an unusually high CTR combined with zero engagement, no scrolling, or no conversions.
How much budget should be reserved for fraud testing?
A safe benchmark is 10–20% of the total budget, used exclusively for test campaigns and traffic validation.
Can trusted traffic sources suddenly become fraudulent?
Yes. Even reputable sources can degrade due to reselling, bot injection, or changes in sub-publishers.
Is manual cleaning still necessary if I use anti-fraud tools?
Yes. Tools help detect patterns, but human analysis is required to interpret anomalies and make final decisions.
How often should placements be cleaned?
Ideally, cleaning should be done daily, especially during scaling phases or when launching new campaigns.
