Click Flooding
What it detects
Click flooding occurs when bots or compromised apps generate massive click volumes from a single source. The goal is to flood the attribution window so that a fraudulent click is the last recorded before a legitimate conversion — hijacking credit for organic installs.
How it works
Integr8 monitors click velocity per source over a sliding time window. When the click volume from a single IP, sub ID, or publisher exceeds the configured threshold within the time window, subsequent clicks from that source are blocked in real time.
The filter also evaluates Click-To-Install Time (CTIT). Abnormally high volumes combined with long CTIT distributions are a strong signal of flooding rather than legitimate user behavior.
Configuration
Navigate to Fraud Prevention > Click Fraud > Click Flooding to configure this filter.
| Parameter | Default | Range | Description |
|---|---|---|---|
click_threshold | 500 | 1–100,000 | Maximum clicks per source per time window before blocking |
time_window | 60 min | 1–1,440 min | Rolling window for click count measurement |
scope | IP | IP, SubID, Publisher | Aggregation key for counting clicks |
block_mode | Block | Block, Flag | Action taken when threshold is exceeded |
What happens when triggered
When the click threshold is exceeded:
- Block mode: Integr8 rejects the click with HTTP 403. No attribution is recorded.
- Flag mode: The click is recorded with a
fraud_reason: click_floodingtag. Conversions from flagged clicks are still tracked but marked as suspect.
You can review blocked clicks in Reports > Click Reports using the fraud_reason filter.
Related filters
- Click Spam — detects background click injection from malicious apps
- Sub-ID Validity Check — validates sub IDs used to segment click volume