According to Pixalate’s research, the IPv4 address “168.228.66.97” with the ISP Alcantara e Oliveira Ltda Me was found to have “deviceIdStuffing” as the primary ad fraud type, while the IPv6 address “2600:382:ba28:8b05:a154:9a6e:e08d:f19e” with the ISP AT&T Internet was found to have “displayImpressionFraud” as the primary ad fraud type.
LONDON, May 28, 2026 -- Pixalate, an ad fraud and privacy compliance platform, today released the May 2026 AdFraud Indicators Of Compromise-Database (IOC-DB) - IPv4 and IPv6 Addresses Reports.
The reports surface IPv4 and IPv6 addresses associated with malicious infrastructure or high-risk activity originating at end-points. It is based on Pixalate’s AdFraud Indicators Of Compromise (IOC)-Database, the ad industry’s first open-source intelligence feed designed to aid fraud researchers, developers, and system administrators in the fight against Invalid Traffic (IVT).
|
Rank |
WatchList |
Risk |
Identifier |
Primary Ad Fraud Type Observed |
ISP |
|
1 |
IPv4 |
high |
168.228.66.97 |
deviceIdStuffing |
Alcantara e Oliveira Ltda Me |
|
2 |
IPv4 |
high |
172.233.43.131 |
IABcrawler |
Akamai Connected Cloud |
|
3 |
IPv4 |
high |
172.233.43.103 |
IABcrawler |
Akamai Connected Cloud |
|
4 |
IPv4 |
high |
172.233.46.26 |
IABcrawler |
Akamai Connected Cloud |
|
5 |
IPv4 |
high |
142.171.163.118 |
publisherFraud |
Multacom Corporation |
|
Rank |
WatchList |
Risk |
Identifier |
Primary Ad Fraud Type Observed |
ISP |
|
1 |
IPv6 |
High |
2600:382:ba28:8b05:a154:9a6e:e08d:f19e |
displayImpressionFraud |
AT&T Internet |
|
2 |
IPv6 |
High |
2603:7000:abf0:540:cdb9:b22a:e0d9:495f |
displayImpressionFraud |
Spectrum |
|
3 |
IPv6 |
High |
2603:7002:2440:a01c:917:c8f9:1260:97ad |
displayImpressionFraud |
Spectrum |
|
4 |
IPv6 |
High |
2603:300f:b02:ff00:9556:28d8:d52e:aa3c |
displayImpressionFraud |
Comcast Business |
|
5 |
IPv6 |
High |
2600:4040:9702:1b00:286b:ae8c:2b9a:2230 |
displayImpressionFraud |
Verizon Fios |
Download
The publicly available AdFraud IOC-Database is Pixalate's open-source, weekly-updated list of the top 50 highest-risk ad fraud Indicators of Compromise (IOCs). AdFraud IOC-DB is powered by Pixalate's MRC-accredited ad fraud detection engine, which analyzes 183 billion global data points daily. It filters massive datasets down to the 50 most critical threats, allowing sysadmins to easily integrate high-risk blocklists without overwhelming their infrastructure. The AdFraud IOC-DB reveals the top 50 IOCs observed across multiple supply-path touchpoints, including IP addresses (both IPv4 and IPv6), device IDs (mobile and CTV), datacenters, fraudulent Bundle IDs, MFA publishers, and delisted apps.
The AdFraud IOC-DB is available for free on Pixalate's website, where users can see the weekly top 50 IOCs across 11 risk categories.
About Pixalate
Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012 and recognized by UNICEF, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT). pixalate.com
Disclaimer
The content of this press release, and the May 2026 AdFraud Indicators Of Compromise-Database - IPv4 and IPv6 Addresses Reports (the ‘Reports’), reflect Pixalate's opinions with respect to factors that Pixalate believes may be useful to the digital media industry. Any data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate's opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate's opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate is sharing this data not to impugn the standing or reputation of any entity, person or app, but, instead, to report findings and trends pertaining to programmatic advertising activity across in the time period studied. Per the Media Rating Council (MRC), “‘Invalid Traffic’ is defined generally as traffic that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts. Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.” Where the traffic characteristics are suggestive of deliberate intent to mislead, such IVT is often referred to as “ad fraud.” Also per the MRC, “'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes.”