IP Blocklisting

Suspicious touchpoints can be detected by determining whether the touchpoints occurred from suspicious IPs.

The following IP information can be used to detect suspicious touchpoints.

  • Server IP, Country IP

Rule Setup

1. Navigate to [Settings]>[Fraud Validation Rules].

2. Select the [IP Blocklisting] tab and click Add a rule.

3. Select Server IP or Country IP as [Property]. You can set up one rule for Server IP and one rule for Country IP.

  • Server IP: IP address provided by data storage services such as AWS and GCP. In general, legitimate events are not traced back to a server IP, which means that events that are traced back to a server IP are highly likely to be fraudulent. When you select Server IP, all events that are traced back to the server IPs that are included in the “Suspicious IP list in Airbridge DB” will be tagged as fraud.

  • Country IP: Geographical location of the IP address.

4. If you have selected Country IP, select in or not in as [Condition], and select the country as [Value]. You can select multiple countries.

5. Select [Prevention Level] and click Save.

Attention

It is advised to start from "Prevention Level 1" and switch to higher levels after consulting with your media partner, as the prevention level setting may have a direct impact on the ad performance.

6. Click Add a rule to add more rules. When you have added multiple rules, any touchpoint that matches at least 1 of the configured rules will be considered suspicious.

Prevention Level

Suspicious touchpoints detected by the injection prevention rules are processed according to the set prevention levels.

#{"width":"100px"}

Prevention Level

#{"width":"200px"}

Description

Level 1: Tag as fraud

- Suspicious touchpoints will be tagged as fraud in the Airbridge reports and raw data export files.

Level 2: Don't send postbacks

- Suspicious touchpoints will be tagged as fraud in the Airbridge reports and raw data export files.

- Suspicious touchpoints won't be sent as postbacks.

Level 3: Don't attribute

- Suspicious touchpoints will be tagged as fraud in the Airbridge reports and raw data export files.

- Suspicious touchpoints won't be sent as postbacks.

- Suspicious touchpoints won't be attributed or aggregated.

Reporting

Suspicious touchpoints detected by the set rules can be viewed in your Airbridge reports and raw data export files.

In the Actuals Report, select "Touchpoint Fraud Tag" as a GroupBy to visualize the suspicious touchpoints tagged as fraud.

In the [App Raw Data Export], select "Touchpoint Fraud Tag" and "Fraud Tags" in the [Select Property] step to export suspicious events as a CSV file.

Was this page helpful?

Have any questions or suggestions?