Most of the online ad industry sees fraud as an external threat, while it is mostly an issue with the supply chain of advertisers' campaigns.
A company that sells fraudulent web traffic for site monetization has won a contract to provide clicks to the US Government and is also launching their own fraud detection platform. This is an internal threat to the adtech environment where things are built on trust.
If taxpayer money is spent on fraudulent traffic and now the creators of fraudulent traffic are also the ones measuring its quality, this erodes the foundation of trust we operate on in our industry.
of1 19 The Dhar Method
Ad-Fraud In Our Own Backyard
A Dhar Method Publication
AdFraud is not only an external force penetrating the advertising ecosystem.
Unconventional web traﬃc practices with seemingly legitimate advertising companies
are an equally concerning side of the equation.
"The challenge for capitalism is that the things that breed trust, also breed the environment for fraud." - James
of2 19 The Dhar Method
Anyone that has read anything about ad-fraud has been exposed to the standard story of the
"cybercriminals" and "hackers" that are inﬁltrating the digital advertising ecosystem to syphon out
millions and billions of dollars in supposedly illicit funds. These types of press reports and stories have
helped fuel the idea that fraud is a problem that is external and a threat that is diﬃcult to protect
• What if the truth was entirely diﬀerent?
• What if advertising dollars generated by fraudulent practices are the product of behavior by companies in
our own backyard?
• What if the problem is internal and can be dealt with as such?
Many would say that the internal problem of fraud would be more easily addressed; and they would be
absolutely right. Even if the "cybercriminals" and "hackers" are the ones generating the traﬃc at the
source, there are hundreds of "publishers" and ad-networks that are funneling that fraudulent traﬃc
into the mainstream advertising ecosystem. And those publishers and ad-networks have corporations,
names, faces and bank accounts. Those four factors make them easily addressable and removable
pieces from the larger digital advertising system.
What is Internal vs. External?
Now the question is, how do you know who is bad and who is good?
Our instinct is to trust the trade-press to do the vetting of these companies and to provide us
information and stories that are supported by facts and truth. Unfortunately, there are some in the
trade-press and larger publisher circle that don't know enough about the nitty-gritty of ad-technology
and ad-fraud speciﬁcally to be able to discern what is legitimate and what is not.
Let's take the example of a company called eZanga. If you look it up online, you'll ﬁnd a Wikipedia page
and many articles that mention their anti-fraud eﬀorts and legitimate business practices dealing in
All of the articles and posts below lead up to what is the most important update regarding eZanga:
(2016, August 24) http://www.marketwired.com/press-release/ezanga-awarded-gsa-professional-services-
eZanga has won a contract from the US General Services Administration to provide PPC advertising
services to Federal Government Agencies.
The Federal government of the United States is now buying pay-per-click advertising from eZanga, a
company for which I will present evidence in the following sections to show, that generates, sources,
and sells fraudulent web visits and clicks.
This is a huge concern. Tax dollars are now potentially going to be spent on fraudulent advertising
of3 19 The Dhar Method
of5 19 The Dhar Method
of6 19 The Dhar Method
In 2014, eZanga posted a YouTube promotional video of their traﬃc service. The video has
approximately 1700 views and 0 comments. In the video at 0:38 the following statement is made by the
narrator: “Dave now buys pre-ﬁltered traﬃc from eZanga. And we ﬁnally got the third-parties to agree to
something: eZanga's traﬃc score's well.”
They are not purporting that the traﬃc is human nor oﬀering an explanation of how the traﬃc is
generated or where it comes from; they focus on one aspect, that it “scores well.”
A blog post on WebSite Magazine in 2014 state the following: ”While other traﬃc providers require clicks be
paid for before giving feedback on its quality, eZanga traﬃc is pre-ﬁltered to eliminate fraudulent clicks before
they are directed to clients’ websites. eZanga spends its own money to test each new source of traﬃc before
exposing it to their client base."
In 2015, a post on LeadsCon.com, the website for a prominent aﬃliate marketing and performance
advertising conference, wrote about how eZanga was unique in that they weathered the storm of the
recession in the United States after 2008. This post in isolation is inconspicuous but given the nature of
selling click traﬃc, it forced me to wonder how their business was so sustainable despite market trends.
of7 19 The Dhar Method
2015 also saw the release of eZanga’s WordPress plugin, which monetizes in-text traﬃc from content on
WordPress sites. For those who are unfamiliar, in-text traﬃc is when certain words in the content of a
site are converted to links to an advertiser’s landing page, who is bidding on those keywords.
"Digital marketing ﬁrm eZanga has released a new WordPress plugin called InText, which automatically places
advertisements sourced through eZanga on a blog or website. InText diﬀers from other WordPress advertising
plugins by working in real-time, identifying keywords and matching targeted advertising instantaneously where
other advertising plugins can take up to ﬁve minutes to register content."
of8 19 The Dhar Method
In a post on Entrepreneur, eZanga advises media buyers on how to avoid click-fraud by getting ﬁltered
traﬃc from a third party and only dealing with publishers you can speak to directly.
(ex-Director of Sales at eZanga, deﬁnes Click Fraud)
eZanga publicized the “MosQUito bug” which "drains" human traﬃc from "thousands, possible
millions" of infected wordpress and joomla sites. They published a list of 9,285 sites that were
supposedly infected in April of 2016 but there has been no update in the 4 months since then.
of9 19 The Dhar Method
Here are some of the sites that the “Mosquito Bug” had infected. This is 477 examples out of a total list
of over 9,000.
While pointing out a “bug” in the system is noble, its impact varies depending on the victims of the
bug. The sites on the list aﬀected by the Mosquito are far from mainstream. Many are even
pornography related with blog hosting.
of11 19 The Dhar Method
Although on the ﬁrst page of Google results, there is this:
A complaint about the quality of their traﬃc from 2009 with a series of comments back and forth
between their CEO/Founder and other complainants.
The CEO even responds with this statement:
"Now, let’s looks at complaint boards, many users complain about many things. A quick google search
(as you request) for companies like AT&T, APPLE and Coke-a-Cola will also produce results like:
-> AT&T scams loyal customers with "Free Upgrade" SCAM
-> Apple scams us again - no FW connector w/mini - iLounge
Heck, Coke-a-Cola even made it to this complaint board:”
The justiﬁcation, which is seemingly quite legitimate, is that every company gets complaints and that
eZanga is no diﬀerent.
Now, this is all what's publicly available and can be debated to no end.
So, I want to share with you my own experience with them in buying traﬃc. I reached out to them to get
traﬃc to my trusty old site www.eCelebNews.com.
I obviously would only want traﬃc that passes the major fraud ﬁlters so I chose to have access to all 5
that were available.
Integral AdScience, DoubleVerify, Moat, Forensiq, and Pixalate.
Let me be VERY CLEAR: None of these 5 actual fraud detection companies knew ahead of time,
that eZanga is selling traﬃc with their name on it.
The way this happens is that eZanga owns their own "publisher properties" which they run traﬃc to
and monetize in various ad-platforms. They sign up either directly or through a third party for access
to these ﬁlters to scan the quality of their traﬃc.
From the perspective of the fraud-detection vendors, they are just dealing with a publisher that seems
to occasionally have questionable traﬃc to the site.
The way they create this "pre-ﬁltered" traﬃc is by testing and exploiting the ﬁlters they have access to.
See Dhar Chart Fig. 9.
of12 19 The Dhar Method
See my emails with one of their sales managers:
First I get accounts for various sources of traﬃc, each one corresponding to a speciﬁc fraudulent traﬃc
detection vendor, along with corresponding pay-per-click prices.
She even goes as far as helping me with where to monetize this pre-ﬁltered traﬃc.
of13 19 The Dhar Method
IntegralAdScience ﬁltered traﬃc, she says, can be monetized on any banner network from “the
Pixalate ﬁltered traﬃc, she says, can be monetized on any search feed.
MOAT and Forensiq ﬁltered traﬃc, she says, works well with video networks but not one in particular.
No suggestions on what to do with the DoubleVerify ﬁltered traﬃc.
Main Point: It “all really depends on which ﬁlter the advertiser on your side is using.”
You might be thinking, “So what? What does any of this prove?”
To conﬁrm the anecdotal evidence, I had a bot-detection company, Oxford BioChronometrics to scan
the eZanga traﬃc coming to the page (eCelebNews.com) and provide the results.
If you had only seen the ﬁrst few press mentions that I showed to you, it would be easy for you to pass
this company oﬀ as a legitimate advertising company.
of14 19 The Dhar Method
Now, here is where the problem gets messy. The United States government, through its Government
Services Administration (GSA) has contracted out all of its Pay-Per-Click advertising services to eZanga.
Although not directly proven with data from their campaigns, there is the imminent danger that tax
dollars will be spent on fraudulent web traﬃc.
There are a variety of services oﬀered via this contract, designated as Packages A-G. The minimum
order for clicks is $100 and the maximum order is $1,000,000. There is an overall 1% discount from “list
prices” and a 1.5% discount for orders between $25,000 and $49,999.99. Additionally, there is a 2.5%
discount for orders between $50,000 and $249,999.99, and then a 4% discount for orders more than
$250,000. The payment terms are Net30, meaning that payment for March services must be received by
Please see detailed breakout of packages on the following page:
of16 19 The Dhar Method
They are oﬀering to “redirect a user upon clicking to any website of choice” for $0.10 to $0.20 per
unique visitor from a text-based advertisement (see sample of eZanga ad-format below). This Cost-Per-
Click includes a dedicated account manager and the unique visitors can be targeted from anywhere in
the U.S, even from speciﬁc states and cities.
The ad-sample above is taken from one of my accounts on eZanga’s PPC platform, AdPad. I have 5
accounts there, one for each of the following “ﬁlters”:
IntegralAdScience, DoubleVerify, MOAT, Forensiq, and Pixalate.
I have tested 25 diﬀerent campaigns on eZanga’s platform for diﬀerent research initiatives and client
projects. The amount of clicks delivered was always in line with my budget speciﬁcations, regardless of
what the text of the advertisement said. This is a clear indication of robotic traﬃc because the
consistent click volume, even with gibberish ad-copy shows that no human on the other end is clicking
based on interest in the potential content of the landing page.
Also, there was never an “approval” process as referenced in the screenshot. Campaigns have gone live
immediately, whether I set it up at 2 PM or 2 AM.
One important distinction is between the pricing given to a customer like me and the pricing in the
public contract with the federal government. Out of my ﬁve traﬃc options, the higher end of the bid
landscape was $0.01. The GSA’s lower end of the CPC bids is $0.10 and the higher end being $0.20.
This is a 20X diﬀerence!
of17 19 The Dhar Method
If you’ve gotten this far in reading this report, I’m sure you are wondering how this is happening and
why nobody stopped them. Maybe you’re thinking:
“Why not alert the authorities?” or
“Tell the General Services Agency that they are contracted to buy fraudulent clicks!”
It’s not as easy as that. After alerting various legal bodies of both state and federal government levels,
their reactions were full of concern but they required “proof.” While I did send them the images of my
email interactions about the traﬃc as well as the technical ratings of the traﬃc purchased from eZanga,
they needed more information; something with an impact to take to their superiors.
This is why I’ve formatted this report as a story that can be understood and have the potential impact it
needs. There are hundreds of fraudulent advertising companies in the industry and when looking at
the degree of fraud within these companies, I ﬁnd it useful to use the venn-diagram below.
Diﬀerentiating these companies is important to understanding their role in contributing to fraud:
Is it active or complicit?
For eZanga, I would list them as a “blue-collar” ad-fraud company. They are involved with the active
distribution of fraudulent traﬃc, they are a smaller company relative to major adtech organizations,
they are not regular mentions in the trade-press or industry events, and the majority of their revenue
seems to be from activities involving non-human traﬃc.
of18 19 The Dhar Method
While the capabilities statement provided to the GSA by eZanga makes claims of the traﬃc being
“scrubbed clean” but I was given these claims as well on traﬃc that ended up being over 70% bots. The
main government point of contact is listed as their CEO.
They attempt to claim that “receiving PPC traﬃc from a company that not only purchases clicks, but
also sells them, aids in your brand’s safety.” There is no logic in trusting a broker who also has a
ﬁnancial interest in the sale of said good.
of19 19 The Dhar Method
I have excluded several points of data and screenshots that may be inﬂammatory, but I will make them
available by request. Please e-mail me if you have any follow up questions or want clariﬁcation on a few
I began my anti-fraud crusade in 2014 thinking that I could “criticize by category and praise by name.”
While this may have been idealistic, I still truly believe that would be the preferred way to operate.
Over time, I realized that there are certain organizations and individuals that need to be singled out for
particularly devious practices and this report covers one that I thought was becoming a concern
because of its contract with the U.S government and the possible spending of tax dollars on fraudulent
Ad-fraud has been repeatedly justiﬁed, by the people committing it, as a small harm done to huge
corporations. That rationale does not apply here.
I implore anyone reading this report to please be vigilant with your advertising practices. Not every
company shows their true operation or is transparent about the quality of their good/service, and this is
especially true in digital advertising today. If you have a hunch about a company that you think is
proﬁting from the sale of fraudulent advertising or web traﬃc, please feel free to reach out to me and I
would be happy to point you in the right direction or help you address the problem directly.
There are lots of disagreements on the rates of fraud in the online ad market. The one thing all can
agree on is that there is no base-truth. Fraud, in any arena, is something that lives in the shadows. It is
diﬃcult, if not impossible, to accurately count something that does its best to not be counted. What I
think we can agree on is that ad-fraud is not an external force that harms the advertising world, but
rather most of the problem lives in our own backyards. We can take this as an alarming idea, or we can
realize that it makes the problem actually easier to solve. The choice is ours.
- Shailin Dhar