In the mobile advertising world, there are numerous fraud tactics, one of which is duplicate IP addresses. This method involves generating app installs through mass clicks on ads from the same IP address over a short period of time. Understanding this tactic begins with the basics—what an IP address is and how fraudsters use it for their purposes.

What is an IP Address?

IP, or Internet Protocol, is a unique address made up of numbers assigned to each device connected to the internet or a local network. This address can be likened to a mailing address, but in the digital world. It allows devices to communicate with each other, sending and receiving data across the network.

How Does Fraud with Duplicate IP Addresses Work?

Fraud involving duplicate IP addresses occurs when one or multiple fraudsters generate artificial traffic from a single physical location, using different devices under one IP address. While theoretically possible that several people in the same café, using the same public Wi-Fi, might see and click on the same ad, in practice, the chances of this are extremely low. It's far more likely that the observed activity is the result of a fraudster aiming to maximize the number of clicks and app installs before moving to another location or changing their IP address.

Examples of Duplicate IP Address Fraud

Café Fraud

Imagine a scenario where a fraudster uses public Wi-Fi in a café to generate app installs. They might have multiple devices, such as smartphones and tablets, connected to the same network. After viewing an ad on one device, they quickly switch to another, click on the same ad, and install the app. For the advertiser, this appears as a series of installs from one IP address in a short time, which is unrealistic for regular users.

Using VPNs and Proxy Servers

A fraudster might use VPNs or proxy servers to simulate activity from different IP addresses. However, at some point, they might accidentally or intentionally generate a multitude of installs from the same IP address provided by the VPN service, which would also be considered duplicate IP.

Device Farms

On device farms, where hundreds or thousands of phones are connected to the network to create artificial traffic, duplicate IP addresses can be observed if they all access the internet through the same router or access point. This creates a massive amount of traffic from repeating IP addresses, which is a clear sign of fraud.


In the case of botnets, infected devices may be spread across the world but are centrally controlled. If botnet management is mishandled, a situation may arise where numerous requests for app installs come from identical or very similar IP addresses in a short period of time.

Why Duplicate IP Addresses Are a Problem

Fraud in mobile advertising harms the entire industry, including advertisers, platforms, and end-users. Advertisers spend significant funds on advertising campaigns, expecting real installs and user engagement. However, when fraudsters use the tactic of duplicate IP addresses, advertisers pay for artificially generated actions that bring no real value. This leads to distorted advertising effectiveness data and a loss of advertising budget on fake traffic.

Pricing Models and Fraud

Pricing models in mobile advertising, such as CPM (cost per thousand impressions), CPI (cost per install), and CPA (cost per action), create incentives for fraudsters to generate fake traffic. Since advertisers pay for specific actions, such


The use of duplicate IP addresses in fraud undermines trust in advertising campaigns and increases costs for advertisers without a real increase in engagement or revenue. Recognizing and preventing such fraud schemes is a key task for mobile advertising platforms and advertisers striving to ensure the effectiveness and integrity of their advertising campaigns. The application of advanced technologies and algorithms for identifying and blocking suspicious activity helps to reduce risks and protect advertising investments.