Proxies for Ad Fraud Detection: Verify Display Ads Across Geos

Ad fraud costs the global digital advertising industry an estimated $84 billion annually. In Southeast Asia, where digital ad spend is growing rapidly but fraud detection infrastructure is still maturing, the problem is particularly acute. Fraudsters exploit the complexity of programmatic advertising, geo-targeting, and mobile-heavy traffic to siphon off advertising budgets.

This guide explains how mobile proxies serve as a critical tool for detecting and preventing ad fraud across Southeast Asian markets. Whether you are an advertiser, agency, or fraud detection specialist, understanding how to use proxies for fraud detection will help you protect your ad spend.

Understanding Ad Fraud: Types and Tactics

Ad fraud takes many forms. Before you can detect it, you need to understand what you are looking for.

Impression Fraud

Fraudsters generate fake ad impressions to collect CPM-based revenue:

Pixel stuffing — Ads are loaded in 1×1 pixel iframes, technically “served” but invisible to users
Ad stacking — Multiple ads are layered on top of each other in a single ad slot, with only the top ad visible
Hidden ads — Ads load in background tabs, behind content, or off-screen
Auto-refresh fraud — Pages automatically refresh to generate new impressions without user action

Click Fraud

Fraudsters generate fake clicks to drain CPC budgets or inflate publisher revenue:

Bot clicks — Automated scripts that click on ads
Click farms — Human workers paid to click ads manually
Click injection — Mobile malware that generates clicks just before an app install to claim attribution credit
Redirect chains — Users are bounced through multiple intermediaries, each claiming a click

Domain Spoofing

Fraudsters misrepresent which website an ad appears on:

Domain masking — Low-quality sites disguise themselves as premium publishers in bid requests
App spoofing — Fraudulent apps claim to be legitimate apps in programmatic bid streams
Subdomain fraud — Fraudsters create subdomains that appear related to legitimate publishers

Geo Fraud

Particularly relevant for SEA campaigns:

Location spoofing — Traffic from one country is made to appear as if it comes from a higher-value country
Geo-mismatch — Ads targeted to Singapore users are actually being shown to users in lower-cost markets
VPN/proxy masking — Fraudsters use proxies themselves to make their traffic appear to come from target geos

Why Mobile Proxies Are Critical for Fraud Detection

To catch fraud, you need to see what is actually being served to users in each target market. This requires accessing the ad ecosystem from the perspective of real users in each location.

The Verification Problem

When you try to verify ads from your office, you see what the ad network serves to your IP address and location. This tells you nothing about what is happening in other markets. Fraudsters exploit this by:

Serving legitimate ads to known verification IP ranges while running fraud on other traffic
Showing different content based on geographic location
Detecting datacenter IPs and altering behavior when they suspect monitoring

How Mobile Proxies Solve This

Mobile proxies provide genuine carrier IP addresses that ad networks treat as real user traffic:

Fraud Detection Need	Mobile Proxy Capability
See ads as local users see them	Country-specific mobile carrier IPs
Avoid detection by fraudsters	IPs indistinguishable from real users
Scan at scale	IP rotation prevents rate limiting
Verify across markets	Multi-country SEA coverage
Check mobile ad placements	Native mobile IP addresses

Using DataResearchTools mobile proxies, fraud detection teams can connect through carrier IPs in Singapore, Malaysia, Thailand, the Philippines, and Indonesia to verify exactly what is being served in each market.

Building a Proxy-Based Ad Fraud Detection System

Architecture Overview

A comprehensive fraud detection system has several components:

Proxy layer — Mobile proxies across target geos
Collection layer — Automated browsers and scripts that load pages and capture ad data
Analysis layer — Systems that compare collected data against expected behavior
Alert layer — Notifications when anomalies are detected
Evidence layer — Archival of screenshots, network logs, and ad responses for investigation

Step 1: Set Up Multi-Geo Proxy Access

Configure mobile proxy connections for each market you need to monitor:

Singapore — Singtel, StarHub, M1 carrier IPs
Malaysia — Maxis, Celcom, Digi carrier IPs
Thailand — AIS, DTAC, TrueMove carrier IPs
Philippines — Globe, Smart, DITO carrier IPs
Indonesia — Telkomsel, Indosat, XL Axiata carrier IPs

Each connection should be configurable for:

IP rotation frequency
Sticky session duration
Concurrent connection limits
Protocol (HTTP/HTTPS/SOCKS5)

Step 2: Automated Ad Collection

Build scrapers that visit your ad placements and collect data:

import json
from datetime import datetime

def collect_ad_data(proxy, url, geo):
    """Visit a page through a mobile proxy and collect ad information."""
    result = {
        "timestamp": datetime.utcnow().isoformat(),
        "geo": geo,
        "url": url,
        "proxy_ip": get_proxy_ip(proxy),
        "ads_found": [],
        "network_requests": [],
        "page_metrics": {}
    }

    # Launch headless browser through proxy
    # Capture all network requests (especially ad calls)
    # Record which ad creatives were loaded
    # Measure viewability metrics
    # Take screenshot for visual verification

    return result

Key data points to collect:

All network requests to ad servers (doubleclick, adsense, ad exchanges)
Ad creative URLs and content
Ad positions on the page (viewability)
Page load timing
Redirect chains
JavaScript execution logs

Step 3: Cross-Geo Comparison Analysis

Compare ad serving data across different geos to detect anomalies:

Geo-mismatch detection:

If your campaign targets Singapore, connect through a Singapore mobile proxy and verify your ad is served
Connect through a non-target country (e.g., Vietnam) and verify your ad is NOT served there
If your ad appears in non-target geos, investigate whether the publisher is misrepresenting traffic geography

Placement consistency checking:

Visit the same publisher from multiple geos
Compare the ads served in each location
Look for discrepancies that suggest the publisher is serving different content to verification traffic versus regular traffic

Volume validation:

Compare the impressions reported by the ad network for a specific publisher against the traffic that publisher actually receives
Use proxy-based monitoring to estimate real traffic levels and flag publishers claiming significantly more impressions than their actual traffic supports

Step 4: Anomaly Detection Rules

Set up rules to flag suspicious patterns:

Rule 1: Viewability check

Load the page through a mobile proxy
Measure whether the ad is actually visible (not hidden, stacked, or pixel-stuffed)
Flag ads with viewability scores below industry benchmarks

Rule 2: Redirect chain analysis

Monitor ad click redirect chains
Flag chains with more than 3-4 redirects (normal chains are typically 2-3 hops)
Identify unknown intermediaries in the chain

Rule 3: Creative mismatch

Compare the ad creative served to the creative you uploaded to the ad network
Flag cases where the wrong creative is displayed or the creative has been modified

Rule 4: Timing anomalies

Track how quickly ads load and become viewable
Flag pages where ads load in unusual patterns (too fast, suggesting pre-loading; or too slow, suggesting deferred/hidden loading)

Rule 5: Geographic inconsistency

Compare the geo reported by the ad network with the geo you connected from
Flag mismatches between your proxy location and the reported impression location

Step 5: Investigation and Evidence

When anomalies are flagged, conduct deeper investigation:

Manual verification — Connect through a mobile proxy and manually review the suspicious placement
Screenshot collection — Capture timestamped screenshots showing the actual ad rendering
Network traffic capture — Record full HAR (HTTP Archive) files showing all requests and responses
Historical comparison — Check if the pattern is new or has been ongoing
Cross-reference — Compare findings against your ad network’s reporting data

Specific Fraud Patterns in Southeast Asia

Mobile-Heavy Fraud

SEA is a mobile-first region, with mobile devices accounting for 70-90% of internet traffic in most markets. This means:

Mobile ad fraud is proportionally higher than in desktop-dominated markets
Click injection on Android devices is a significant issue
In-app fraud is harder to detect than web-based fraud

Low-Quality Traffic Arbitrage

Some publishers buy cheap traffic from low-quality sources and resell it as premium SEA traffic:

Traffic purchased from click farms (common in parts of SEA)
Bot traffic disguised as mobile user traffic
Traffic from non-target countries routed through local VPNs

Using mobile proxies to verify that traffic actually originates from the claimed carrier and location helps catch this type of fraud.

Social Media Ad Fraud

With heavy social media usage across SEA:

Fake engagement on sponsored posts inflates campaign metrics
Fraudulent accounts click on social media ads
Influencer fraud involves fake followers and engagement

Programmatic Supply Chain Fraud

The complexity of programmatic advertising creates opportunities:

Reselling inventory through multiple intermediaries (each taking a cut)
Misrepresenting inventory quality in bid requests
Ghost sites that exist only to collect ad revenue from programmatic exchanges

Tools and Technologies for Fraud Detection

Open-Source Tools

ads.txt / app-ads.txt validators — Verify authorized digital sellers
sellers.json parsers — Trace the supply chain of ad inventory
VAST tag inspectors — Analyze video ad serving tags for irregularities
HAR analyzers — Parse network traffic captures for suspicious patterns

Commercial Fraud Detection

HUMAN (formerly White Ops) — Bot detection and ad fraud prevention
DoubleVerify — Ad verification with fraud detection capabilities
Integral Ad Science — Brand safety and fraud prevention
Pixalate — Programmatic ad fraud detection
Forensiq (Impact) — Click and impression fraud detection

Building Custom Solutions

For teams building their own detection systems, the typical stack includes:

Proxy infrastructure — Mobile proxies like DataResearchTools for multi-geo verification
Browser automation — Playwright or Puppeteer for automated page rendering
Data pipeline — Apache Kafka or similar for streaming ad data collection
Analysis engine — Python/pandas for rule-based detection, scikit-learn for ML-based anomaly detection
Storage — ClickHouse or BigQuery for large-scale ad data analysis
Alerting — PagerDuty, Slack, or email for real-time fraud notifications

Measuring the Effectiveness of Your Fraud Detection

Track these metrics to assess your detection program:

Fraud detection rate — Percentage of fraudulent impressions identified
False positive rate — Legitimate impressions incorrectly flagged as fraud
Time to detection — How quickly fraud is identified after it begins
Recovery rate — Percentage of fraudulent spend recovered through refunds or credits
Coverage — Percentage of your ad spend that is actively monitored

Best Practices for Ongoing Fraud Prevention

Monitor continuously — Fraud patterns change; one-time audits are insufficient
Use multiple proxy geos — Verify from every market you target, not just one
Rotate verification IPs — Fraudsters can learn and adapt to static monitoring IPs
Combine automated and manual review — Automation catches patterns; human review catches novel schemes
Share intelligence — Work with industry groups like TAG (Trustworthy Accountability Group) to share fraud data
Audit your supply chain — Regularly review which exchanges and publishers are delivering your impressions
Demand transparency — Use ads.txt, sellers.json, and supply chain object (SCO) to verify authorized sellers

Conclusion

Ad fraud detection requires seeing the advertising ecosystem from the same perspective as real users. Mobile proxies make this possible by providing genuine carrier IP addresses across multiple Southeast Asian markets, allowing fraud detection teams to verify ads without alerting fraudsters. By building systematic detection workflows that combine automated scanning, cross-geo comparison, and anomaly analysis, advertisers can identify and eliminate fraudulent impressions before they drain campaign budgets. The investment in proxy-based fraud detection typically pays for itself many times over through recovered ad spend and improved campaign performance.