This repository contains SQL logic designed to detect potentially fraudulent user activities based on discrepancies between user location, IP address, and mobile carrier information. If the information such as location_name
, sub_ip
, user_ip_country
, sub_carrier_country
, user_carrier_country
, and prefix
are not matching, users might be flagged as suspicious.
The core logic is divided into two main parts:
user_submission_data
: A Common Table Expression (CTE) that collates data on user submissions including IP addresses, mobile carriers, and determined actions based on discrepancies.carrier_check_data
: A CTE that verifies the mobile carrier data against the location data.
The final query joins these two CTEs to extract the necessary fields for the detection of potential fraud.
- Update the date placeholders
{{ date.start }}
and{{ date.end }}
in the SQL script with the desired date range. - Ensure you have a connection to the relevant database.
- Execute the SQL script to obtain the results which will list potentially fraudulent users based on the mentioned criteria.
Ensure your database contains the following tables with respective fields:
submissions
: Stores data about user submissions.users
: Information about users including their IP and mobile carrier.locations
: Provides details about locations associated with submissions.projects
: Project-related data.
Feel free to raise issues or PRs if you think some part of the logic can be improved or if there are any discrepancies in the results.