← Back to blog Affiliate Fraud

Detecting attribution hijacking in Impact Radius

Clean Impact console

Identify when publishers bypass target credit parameters inside the Impact.com network platform.

Try SEATEXT AI for free

Impact Radius (now Impact.com) is one of the world's leading partnership management platforms. Large e-commerce brands rely on its tracking system to manage hundreds of publishers. However, the platform's standard last-click tracking leaves a massive gap: **attribution hijacking**.

Rogue publishers use browser scripts and coupon extension redirects to overwrite click hashes right before a user completes checkout, capturing commissions on organic and search traffic. Let's look at how to detect hijacking inside the Impact Radius console.

How attribution is manipulated in Impact

Impact relies on the `ClickID` token to attribute conversions:

  • When a customer clicks an affiliate link, Impact generates a unique `ClickID` and sets a browser cookie.
  • If a user has a malicious extension active, the extension detects the checkout cart and requests a new click in the background.
  • This background request logs a new `ClickID` cookie under the extension's publisher account.
  • Impact's tracking tag logs the final conversion using the newest `ClickID`, awarding the payout to the hijacker.

Because the tracking tag executes normally, the Impact dashboard registers it as a valid referral click.

Forensic auditing inside Impact Radius

To uncover attribution hijacking, growth managers should review these specific console parameters:

  1. Analyze Click-to-Conversion Time (CTCT): Export the **Action Lifecycle** report containing transaction logs. Filter for any conversions where the difference between click timestamp and action timestamp is under **10 seconds**. These represent late-second cookie injections.
  2. Check Referrer Domains: Verify the referral path for coupon partners. If the click referrer domain matches your own store domain (e.g., your payment gateway), the cookie was stuffed during checkout.
  3. Audit New vs. Returning Customers: If an affiliate refers conversions that consist almost entirely of existing accounts, they are likely intercepting committed organic buyers.

How BotRefund protects Impact campaigns

BotRefund runs active behavioral auditing inside your customer's browser context. It logs the exact millisecond click paths and matches them against user cursor and keystroke telemetry.

If BotRefund identifies an Impact `ClickID` set during checkout without genuine customer interaction, it flags the transaction. Growth teams can then export BotRefund's audit logs to decline the hijacked commissions inside the Impact Radius console before payouts close.

Frequently Asked Questions

What is Impact Radius attribution hijacking?

It is an ad fraud technique where publishers silently generate new Impact `ClickID` cookies during checkout to capture sales credit from other channels.

Can Impact.com identify cookie stuffers automatically?

Impact.com tracks clicks and conversions. While they have basic anomaly filters, they cannot monitor client-side browser extensions or detect timing overrides in real-time.

How do I dispute fraud in Impact Radius?

You can move the actions to "Inquiry" status inside your Impact console and submit millisecond timing and referrer mismatch logs to decline the payouts.

Regain your Impact attribution accuracy

Stop paying for hijacked referrals in your partner program. Install SEATEXT AI today to track client-side scripts, verify human intent, and clean your Impact Radius invoices.

Try SEATEXT AI for free