What's the difference between awinaffid and awc?

awinaffid is the affiliate's static publisher ID — the same on every click, and the number Awin uses to find and terminate a publisher. awc is the Awin click ID, a per-click token (format: merchantid_timestamp_hash) that changes every single click. File the awinaffid; ignore the awc for identification.

How do I find the affiliate's ID from a redirect URL?

Trace the document redirects from the ad to your site (Chrome DevTools → Network → Preserve log, or a redirect-tracer tool). Identify the network from the tracking domain in the middle hop, then read that network's static-ID parameter — awinaffid for Awin, u for ShareASale, PID for CJ, the path segment for Impact, siteid for Webgains.

Why won't my affiliate network act on the evidence I sent?

The most common reason is that you sent a per-click token (an awc, cjevent, irclickid, or click hash) instead of the static publisher ID. Networks can't map a click hash to an account after the fact. Re-pull the chain and find the static ID.

Is a long, complicated number always the publisher ID?

No — it's usually the opposite. Real publisher IDs are short and numeric (e.g. 509365). Long mixed-case strings or anything containing a Unix timestamp (like …_1775579039_…) is a per-click hash, not an identity.

The affiliate link is cloaked and the chain dead-ends. Is the case dead?

No. With cloaking networks like Impact (sjv.io/prf.hn), the short-link itself (e.g. sjv.io/c/103411/…) is the filable handle — the network maps the link code to the publisher account on their side. A cloaked link is a different kind of evidence, not a missing one.

Every ad on my brand is affiliate fraud, right?

No. Some are competitors running Google Ads. If the "ID" you found is pipe-delimited (ppc|c|google|…) or a Google token (gclid, gbraid), it's a competitor, not an affiliate — a different problem with a different fix.

How to Read an Affiliate Redirect Chain

When an affiliate hijacks one of your brand searches, the entire case against them lives in a string of URLs almost nobody looks at: the redirect chain — the sequence of hops the browser makes between the ad click and your checkout page.

Learn to read it and you can name the exact publisher account your network will terminate. Misread it — grab the wrong number — and you'll hand your network a value that resets on every click, they'll close your complaint as "insufficient evidence," and the affiliate keeps billing you.

The difference between those two outcomes is usually a single parameter. This is how you tell them apart.

I run AdCrime. We operate a scanner network that searches brand keywords across regions, catches the unauthorized ads, and captures the full redirect chain behind each one. I have read a great many of these chains, and the pattern barely moves: they almost all resolve to one of about a dozen affiliate networks, and every network buries the one number you need in a slightly different place. Some of them disguise it on purpose. This piece is the whole map — the same logic our scanner runs, written so you can do it by hand with nothing but a browser and a clear head.

I'm a founder who has spent a long time staring at these under a microscope, not a lawyer. Everything below is operational forensics, not legal advice.

First, what a redirect chain actually is

When a user clicks an affiliate's ad on your brand term, they rarely land on your site directly. The browser is bounced through one or more intermediary URLs first. A clean, honest example looks like this:

1.  couponsexample.com/yourbrand           ← the affiliate's landing page (the ad's destination)
2.  awin1.com/cread.php?awinmid=42012&awinaffid=1944389&ued=https://yourbrand.com
                                            ← the network's tracking hop (drops the cookie)
3.  yourbrand.com/?awc=42012_1775687497_a1a7e275fd2f9a3d8d6c
                                            ← your own site, now tagged with their click

Three hops. Hop 2 is where the money is decided — it's the network recording "publisher 1944389 sent this click." Hop 3 is your site, now carrying a tracking token so that if the user buys, the commission routes to that publisher.

A couple of practical notes before we go deeper:

**You want the document redirects, not every asset. A real page fires dozens of requests for images, scripts and pixels. The chain that matters is only the top-level navigations — the URLs the address bar actually moves through. In Chrome DevTools, open the Network tab, tick Preserve log**, click the ad, and read the documents with status 301/302/307 (and the Location header on each). Browser extensions like Link Redirect Trace or a tool like wheregoes.com will dump the same chain if you paste the ad's destination URL.
The cookie hop and the URL params tell the same story twice. Sometimes the publisher ID is sitting in plain sight in a URL parameter (hop 2 above). Sometimes it's only in a Set-Cookie header or a network short-link. You learn to check all of it.

Now the part that actually matters.

The only distinction that matters: static publisher ID vs per-click token

Affiliate URLs are full of numbers. Most of them are useless to you. There are exactly two categories, and your entire job is telling them apart.

Static publisher IDs identify the account — the affiliate's permanent number inside the network. It is the same on every click, every day, for that publisher. An affiliate manager can paste it into the network's dashboard and find the human being to terminate. This is the smoking gun.

Per-click tokens identify a single click event. They are generated fresh every time anyone clicks, anywhere. They look impressive — long, hash-like, specific — which is exactly why people grab them by mistake. They are worthless for identification, because by the time you file your complaint that token will never be seen again.

Here's the cheat sheet. Memorize the left column; ignore the right column when you're trying to name a publisher.

Network	✅ Static publisher ID (file THIS)	❌ Per-click token (ignore for ID)
Awin	`awinaffid` (or `id` in the older URL format)	`awc`, `clickref`
ShareASale (now Awin)	`u`	`afftrack`, `sscid`
CJ / Commission Junction	`PID`	`cjevent`
Impact	partner ID in the short-link path, or `irpid`	`irclickid`
Webgains	`siteid`	`wgu`
TradeDoubler	`p` (or `epi`)	`tduid`
Rakuten Advertising	`id` / Site ID	(click ID, varies)
Partnerize	`pubref` (`camref` = campaign)	`clickref`
PartnerStack	`ps_partner_key` (or `gspk`)	`ps_xid` / `gsxid`
PaidOnResults	(rarely in the URL — see below)	`porc`

The single most common mistake I see brands make: they pull the Awin awc value — something like 42012_1775687497_a1a7e275fd2f9a3d8d6c — because it's the most visible thing on the landing URL, and they send that to Awin. Awin can't do anything with it. The number they need is the awinaffid, which is often two hops upstream in the cread.php link. Same fraud, completely different outcome, because of which number you read.

The number that gets a publisher terminated is almost never the longest, most impressive-looking string in the chain. It's the short, boring one.

How to tell which network you're even looking at

Before you can find the publisher ID, you have to know whose rules you're reading. The fastest tell is the tracking domain in the middle hop. These are stable and very hard to fake:

Tracking domain in the chain	Network
`awin1.com`, `awin.com`, `tidd.ly`	Awin
`shareasale.com`	ShareASale (Awin-owned)
`tkqlhce.com`, `jdoqocy.com`, `dpbolvw.net`, `anrdoezrs.net`, `kqzyfj.com`	CJ Affiliate
`sjv.io`, `pxf.io`, `prf.hn`, `evyy.net`, `ojrq.net`, `impact.com`	Impact (note: `prf.hn` can also be Partnerize)
`click.linksynergy.com`	Rakuten Advertising
`prf.hn`, `partnerize.com`	Partnerize
`tradedoubler.com`	TradeDoubler

Those CJ domains (tkqlhce.com, jdoqocy.com…) look like keyboard-mashing because they are deliberately obscure, but they're a dead giveaway — no legitimate site routes through them except CJ tracking. When you see one, you know you're reading a CJ chain and the publisher ID will be the PID.

Network by network: where the publisher ID hides

This is the reference section. Each network encodes the account number differently; here's the exact location and a real-shaped example for each.

Awin (and ShareASale, which Awin now owns)

Awin uses two URL formats, and you need to recognize both:

awin1.com/awclick.php?mid=42012&id=509365&clickref=...
awin1.com/cread.php?awinmid=42012&awinaffid=1944389&ued=https://yourbrand.com

In the first, id=509365 is the publisher. In the second, awinaffid=1944389 is the publisher. In both, the mid/awinmid is your own merchant ID — useful for confirming it's your program, useless for identifying the affiliate. File the awinaffid (or id).

ShareASale links look different but follow the same idea:

shareasale.com/r.cfm?b=2244254&u=500562&m=135799&afftrack=...

Here u=500562 is the publisher, m is the merchant, b is the banner, and afftrack is a per-click sub-tag. File the u.

CJ Affiliate

tkqlhce.com/click-100123456-12345678?... → yourbrand.com/?cjevent=abcd1234...

CJ's publisher number is the PID (sometimes embedded in the click path, sometimes as a query param). The cjevent token is per-click — ignore it for identification. CJ also uses AID for the advertiser (you).

Impact

Impact is the one that fights back. Its links are short and the partner ID is in the path, not a query string:

yourbrand.sjv.io/c/103411/1234567/9876
                   └─ partner/publisher ID

If you can read that path, 103411 is your publisher. But Impact's sjv.io and prf.hn short-links frequently cloak — they bot-wall automated fetches and sometimes humans too, so the chain dead-ends before it resolves. When that happens, the short-link itself is still your filable handle: hand sjv.io/c/103411/... to Impact's compliance team and they will map the link code to the publisher account internally. A cloaked link is not a dead end; it's a different kind of evidence. The per-click token here is irclickid.

Webgains, TradeDoubler, PaidOnResults, Rakuten, Partnerize, PartnerStack

Webgains — siteid is the publisher. (?source=webgains&siteid=12345)
TradeDoubler — p is the publisher (a is the advertiser); tduid is the per-click token.
PaidOnResults — important exception: PaidOnResults usually does not encode a static publisher ID in the destination URL at all. You'll only see porc, which is a click ID. Don't dress it up as a publisher ID — instead, hand the porc to PaidOnResults and they'll look up the publisher in their click log.
Rakuten — click.linksynergy.com/...?id=SITE_ID&offerid=...; the Site ID is the publisher. Rakuten has no self-serve compliance form — you go through your account manager.
Partnerize — pubref is the publisher reference; clickref is per-click; camref is the campaign.
PartnerStack (common for SaaS brands — Notion, Webflow-type programs) — ps_partner_key or gspk is the partner; ps_xid/gsxid is the transaction.

How to spot a click hash wearing a publisher ID's clothes

Here's where most DIY audits go wrong. Sometimes a value sits in a static-ID field but is actually a click hash — either because the affiliate's setup is messy or because they're hoping you'll grab the wrong thing. You need to be able to look at a raw value and know, on sight, whether it's a real account number or a per-click hash.

Real publisher IDs are short and boring. They look like:

525789      1944389      509365      500562      103411

Numeric, usually 4–8 digits. Occasionally a short prefixed token like aff_29174 or an uppercase code like WEBGAINS123. That's it. If it's short and dull, it's probably real.

Click hashes are long and busy. Three shapes give them away every time:

90211_1775687497_a1a7e275fd2f9a3d8d6c     ← digits _ unix-timestamp _ hash   (Awin awc / Impact style)
01f9df4db03bd24d187be674bd28af82          ← 32+ chars of pure hex             (cookie/transaction blob)
kxzGyugGnBAconcDmCpGhpxyxxthxAf           ← 24+ chars, mixed UPPER/lower       (PaidOnResults porc style)

The fastest mental test: is there a Unix timestamp buried in it? That 1775687497 in the middle of an awc value is the click's epoch time. Account numbers don't carry timestamps; click events do. If you see the pattern digits_digits_hash, you're holding a click event, not an identity. Put it down.

This is exactly the check our scanner runs before it will ever display a value as the "Affiliate ID" — if a value in a static field matches one of those click-hash shapes, we refuse it and fall back to the next candidate, because showing a customer a click hash labelled "publisher ID" would send them into their network dashboard to search for a number that doesn't exist.

The trap: when it's a competitor, not an affiliate at all

One forensic discipline that separates a credible complaint from an embarrassing one: not every ad on your brand term is affiliate fraud. Sometimes it's a straight competitor running Google Ads, and their destination URL is full of Google's own tracking — which can look, to an untrained eye, like an affiliate parameter.

Google's ValueTrack template values are the tell. If the "ID" you found looks like any of these, it is not an affiliate and you should not file anything:

ppc|c|google|...        ← pipe-delimited ValueTrack template
gclid=...   gad_source=...   gbraid=...   wbraid=...
ppc   cpc   organic   paid   (not set)

A real affiliate handle is never pipe-delimited and never a Google click token. If you see gclid or a ppc|c|google| string, you're looking at a paid competitor (a different problem, addressed through Google's trademark complaint process, not a network compliance filing). Reading this correctly keeps you from accusing a legitimate advertiser of affiliate fraud — which is the kind of mistake that ends a vendor relationship.

A full chain, read end to end

Let's put it together on one realistic (redacted) capture:

1.  bestyourbrandcodes.com/deal           coupon landing page, ranks for "yourbrand coupon"
2.  awin1.com/cread.php?awinmid=42012&awinaffid=509365&clickref=spring-sale&ued=https://yourbrand.com
3.  yourbrand.com/?awc=42012_1775579039_01f9df4db03bd24d187be674bd28af82

Reading it:

Network? Hop 2 routes through awin1.com → Awin.
Is it my program? awinmid=42012 — yes, that's my merchant ID. Confirms this affiliate is in my program and bidding my brand.
Who is it? awinaffid=509365 — that's the static publisher ID. 509365 is who gets terminated.
What do I ignore? clickref=spring-sale (a per-click sub-tag) and the landing URL's awc=42012_1775579039_01f9df... (a click hash — note the 1775579039 timestamp). Both are noise for identification.
The evidence package is then: the SERP screenshot showing their ad above your listing, this redirect chain, and the line "Awin publisher 509365 is bidding on our brand term yourbrand and intercepting the click." That is a complaint Awin can action.

Multi-network reality check: a single coupon operator often runs the same site through several networks at once. We've seen one coupon domain resolve to an **Awin publisher (509365) and a ShareASale publisher (500562)** on different clicks. If you only check one network, you only terminate half of them. Read every hop, every time.

What to actually do with the number

Finding the publisher ID is the hard part; acting on it is procedural. Briefly, because each network differs:

Awin / ShareASale — file under Compliance in ui.awin.com; they typically review within 24–72 hours and reverse commissions on confirmed brand-bidding.
Impact — Report Policy Violation on the partner's profile in the merchant dashboard; ~48-hour response.
CJ — file via Affiliate Investigation, but go through your account manager; CJ is the slowest (5–10 business days).
Rakuten / Partnerize / PartnerStack — routed through your account manager or the partner profile; expect 3–7 business days.

There's one detail that turns all of this from "good hygiene" into "urgent": most networks contractually refuse to claw back commissions once a transaction has validated. Awin's own advertiser terms state you have no right to recover commissions on approved transactions, and transactions auto-validate at the end of the validation window unless you decline them. In plain terms — the publisher ID you just found has a shelf life.

Find the publisher ID and file inside the validation window, and the money comes back. Find it a month later, and you're just writing down the name of someone who already got paid.

That shelf life is the whole reason detection speed matters, and it's a piece in itself. (See: the enforcement-workflow walk-through and the validation-window deep-dive.)

None of this requires our software. A browser, this map, and the discipline to read every hop will get you the publisher ID yourself. If you'd rather not do that by hand on every brand term, from every country, every week — that's the part I built AdCrime to handle. Either way, the goal is the same: fewer fraudsters getting away with it.

Mario Vaher is the founder of AdCrime, which scans Google Ads across multiple regions for affiliates bidding on brands they aren't authorized to touch, captures the redirect chain and publisher ID behind each one, and packages it as evidence affiliate managers can file. If you want to see what's bidding on your brand right now, the first scan is free — or read the full Affiliate Brand-Bidding Fraud Playbook, which is ungated and always will be.