Suspicious touchpoints can be detected by determining whether the touchpoints occurred from suspicious IPs.
The following IP information can be used to detect suspicious touchpoints.
Server IP, Country IP
1. Navigate to [Settings]>[Fraud Validation Rules].
2. Select the [IP Blocklisting] tab and click Add a rule.
3. Select Server IP or Country IP as [Property]. You can set up one rule for Server IP and one rule for Country IP.
Server IP: IP address provided by data storage services such as AWS and GCP. In general, legitimate events are not traced back to a server IP, which means that events that are traced back to a server IP are highly likely to be fraudulent. When you select Server IP, all events that are traced back to the server IPs that are included in the “Suspicious IP list in Airbridge DB” will be tagged as fraud.
Country IP: Geographical location of the IP address.
4. If you have selected Country IP, select in or not in as [Condition], and select the country as [Value]. You can select multiple countries.
5. Select [Prevention Level] and click Save.
Attention
It is advised to start from "Prevention Level 1" and switch to higher levels after consulting with your media partner, as the prevention level setting may have a direct impact on the ad performance.
6. Click Add a rule to add more rules. When you have added multiple rules, any touchpoint that matches at least 1 of the configured rules will be considered suspicious.
Suspicious touchpoints detected by the injection prevention rules are processed according to the set prevention levels.
Prevention Level |
Description |
|---|---|
Level 1: Tag as fraud | - Suspicious touchpoints will be tagged as fraud in the Airbridge reports and raw data export files. |
Level 2: Don't send postbacks | - Suspicious touchpoints will be tagged as fraud in the Airbridge reports and raw data export files. - Suspicious touchpoints won't be sent as postbacks. |
Level 3: Don't attribute | - Suspicious touchpoints will be tagged as fraud in the Airbridge reports and raw data export files. - Suspicious touchpoints won't be sent as postbacks. - Suspicious touchpoints won't be attributed or aggregated. |
When the Prevention Level is set to 2 or higher, suspected fraud events are excluded from postbacks. However, you can send them with limitations by completing the Postback settings below.
Sends Target events only: Installs (App), Deeplink Opens (App), and Deeplink Pageviews (App).
Sends events as unattributed.
Sends the identified fraud type.
Postbacks are sent to channels that would have received attribution if not suspected as fraud. These are channels that met all other Airbridge attribution model rules, including touchpoint priority and last-touch attribution (LTA).
Postbacks are sent only to channels with the Postback settings below configured.
In the postback delivery rule, set [Attribution] to All Events
Edit the postback URL as follows. If using the POST method, contact your CSM or reach out through the Airbridge Help Center.
Add a postback parameter. Enter the parameter name specified by the channel and select {unattributedTouchpointFraudReason} as the parameter value.
Some channels require {unattributedTouchpointClickID} as the Click ID parameter value. Confirm with the channel.
Suspicious touchpoints detected by the set rules can be viewed in your Airbridge reports and raw data export files.
In the Actuals Report, select "Touchpoint Fraud Tag" as a GroupBy to visualize the suspicious touchpoints tagged as fraud.
In the [App Raw Data Export], select "Touchpoint Fraud Tag" and "Fraud Tags" in the [Select Property] step to export suspicious events as a CSV file.
Fraud_Touchpoint_BlacklistingByServersideIP
Fraud_Touchpoint_BlacklistingByOverseaIP
Was this helpful?