Suspicious touchpoints can be detected by determining whether the touchpoints occurred from suspicious IPs.

The following IP information can be used to detect suspicious touchpoints.

• Server IP, Country IP

1. Navigate to [Settings]>[Fraud Validation Rules].

2. Select the [IP Blocklisting] tab and click Add a rule.

3. Select Server IP or Country IP as [Property]. You can set up one rule for Server IP and one rule for Country IP.

• Server IP: IP address provided by data storage services such as AWS and GCP. In general, legitimate events are not traced back to a server IP, which means that events that are traced back to a server IP are highly likely to be fraudulent. When you select Server IP, all events that are traced back to the server IPs that are included in the “Suspicious IP list in Airbridge DB” will be tagged as fraud.

• Country IP: Geographical location of the IP address.

4. If you have selected Country IP, select in or not in as [Condition], and select the country as [Value]. You can select multiple countries.

5. Select [Prevention Level] and click Save.

Attention

It is advised to start from "Prevention Level 1" and switch to higher levels after consulting with your media partner, as the prevention level setting may have a direct impact on the ad performance.

6. Click Add a rule to add more rules. When you have added multiple rules, any touchpoint that matches at least 1 of the configured rules will be considered suspicious.

Suspicious touchpoints detected by the injection prevention rules are processed according to the set prevention levels.

Suspicious touchpoints detected by the set rules can be viewed in your Airbridge reports and raw data export files.

In the Actuals Report, select "Touchpoint Fraud Tag" as a GroupBy to visualize the suspicious touchpoints tagged as fraud.

In the [App Raw Data Export], select "Touchpoint Fraud Tag" and "Fraud Tags" in the [Select Property] step to export suspicious events as a CSV file.