Hello everyone, I'm Paul from Crypto Quirky. I entered the airdrop circle in 2021 and am currently sharing my airdrop-related experiences at Binance Square. I hope to help you. If possible, click follow, and I will help you avoid some detours.
Now that e-commerce is very developed, more and more people are starting to shop on e-commerce platforms. With 618 coming up soon, are you also starting to stock up on things you want to buy but haven't purchased for a long time? However, when you place an order, you will notice a problem: one account can only place one order. So everyone says, why not apply for multiple accounts? But then the store upgrades again. When you check with multiple accounts, you still can’t place multiple orders, only one. So today we will analyze why you can't use multiple accounts to take advantage of the 618 event.
Let's first discuss the core issue: you cannot place multiple orders in the same network environment. How does the store know this? It is actually due to the IP.
We treat the store as the project party we interact with in the blockchain. Now we want to use multiple accounts to take advantage of the benefits of 618, so you need to understand the basic concepts below.
1. What is an IP?
For example, in real life, when you buy something on JD, you need to fill in your address so that the delivery knows where to send it. Similarly, when computers and phones communicate over the internet, they must have an address, which is the IP. So now that you can't place multiple orders for 618, could it be that you are placing orders in the same network environment? And in the blockchain, every time you visit a website, open a DApp, or perform an on-chain interaction, the server will record your IP to identify who you are and where you come from. So now you understand what an IP is, right?
2. Why do they all say to check the IP?
As mentioned above, the IP address essentially represents the location from which a user accesses the network, equivalent to your ID card on the internet. When a blockchain interaction task, such as interacting with a contract, binding social accounts, bridging assets, etc., is completed by multiple accounts at similar times on the same IP address, the project party is likely to suspect that these addresses are under human control. Therefore, IP clustering detection becomes the first line of defense against witches, the underlying logic can be summarized as:
Too many wallets interacting under the same IP address;
Behavior paths are highly consistent (for example, they all executed the same bridging + swap sequence);
Wallet interaction times are highly overlapping;
IP addresses come from 'cloud service' providers such as AWS, Alibaba Cloud, Hetzner, etc.
Finally, project parties construct the above behaviors into behavior profiles to judge whether they are the same user. Combining the situation of IP allows for a more accurate judgment.
3. Why is IP the simplest criterion?
Because IP is the simplest and easiest to obtain. As long as you interact on the page, your request IP can be recorded through the browser or RPC interface. At the same time, we know that, for example, 192.168.0.1 and 192.168.0.2 are in the same IP segment. How do we determine this? The first three segments of these two addresses (192.168.0) are the same; only the last segment (known as the host number) is different, so they belong to the same subnet or IP segment, but can be judged to be together.
4. How is it generally done with multiple IPs?
As mentioned above, situations where multiple people share the same IP address segment are very likely to lead to false positives because many times in student dormitories, office networks, etc., multiple people share an IP, which could result in being mistakenly flagged. Even many wallet tools use public node services, which can cause thousands of addresses to appear on the same IP.
At this point, you will hear many people telling you to buy IPs to use with a fingerprint browser. Indeed, device fingerprints, user-agent, cookies, timestamps, etc. of fingerprints can all be faked.
5. How do project parties utilize IP data?
Project parties will not easily 'ban an address just because the IP is the same', but will build a multi-dimensional risk control model, with IP being just one element. Below is a common processing flow:
Collecting IP behavioral data: collecting users' request source IP through API request records, WebSocket connections, etc.;
Marking special IP segments from cloud service nodes, VPS, CDN.
Setting IP aggregation thresholds: If there are >X interaction addresses under one IP, and the behavior patterns are highly consistent, they will be placed on the review list; if the IP hits the 'blacklist IP pool' (such as well-known VPN segments), risk control scores will be increased.
Cross-analyzing with other features: including whether there is a flow of funds between addresses, whether the same social accounts are bound, whether similar tasks are participated in multiple times, etc.
Implementing penalty strategies: reducing distribution weight, cutting airdrop shares, directly removing heavily suspicious users from the list or blacklisting them.
6. IP is not omnipotent, but still important
In today's highly specialized era of the 'wool-pulling army', IP is no longer the sole standard for judging the authenticity of an address, but it remains one of the most fundamental and effective behavioral indicators in all risk control systems. Project parties cannot rely solely on IP, but they cannot ignore it either. The anti-witch war is still evolving.
7. Message
Currently, many newcomers start buying IPs right away, but Paul doesn't recommend this too much, because only by understanding can you better deploy your account and know what kind of IP is better. I hope you first learn 0.1 and then slowly progress from 0.1 to 1.
Alright, I'm Paul. If you think what I said today has helped you a bit, clicking follow is the biggest motivation for Paul.
