Landing Beacon Requirement
The SDK sends a landing beacon on page load. Attribution-bearing interactions without a prior landing are instantly 403'd with MISSING_LANDING_BEACON.
DubixGuard analyzes every click in milliseconds; blocks bots, syncs to Google Ads, and lets you track saved budget from a single dashboard.
No credit card required · Setup in minutes
central › gads-sync.worker · batch 50 · exponential backoff · job SUCCEEDED
gclid replay, campaign spoofing, and ghost clicks — caught on the hot path and by async workers.
The SDK sends a landing beacon on page load. Attribution-bearing interactions without a prior landing are instantly 403'd with MISSING_LANDING_BEACON.
Each gclid is sealed in Redis with its first IP and fingerprint. Replay from different IP or device → GCLID_IP_MISMATCH / GCLID_FINGERPRINT_MISMATCH.
utm_campaign claims are compared to Google Ads' campaign.id for that gclid. Alias map supports label→ID mapping.
Google Ads click_view is scanned periodically. Ghost clicks, delayed mismatches, and missing landings hit the Attack Monitor.
POST /api/v1/click
→ rate limit → block list → assessRisk()
→ evaluateGclidHotPath() [Layer 2b]
→ evaluateCampaignCrossCheck() [Layer 3]
→ security drop? → 403 (Click INSERT skipped)
→ else persistClick + Google Ads sync queue
End-to-end click fraud defense from hot-path analysis to Google Ads sync.
Blocks replay of stolen or valid gclid parameters from different IPs, devices, or fake utm_campaign values via atomic sealing. Campaign cross-check compares utm claims against Google Ads reality.
Every click analyzed in under 50 ms. WebDriver, headless UA, datacenter IP, and behavior signals are instantly dropped with 403 — fake traffic never hits the database.
Canvas, WebGL, and hardware entropy match profiles across browsers. Catches same-device attacks rotating browsers or IPs.
Fraud IPs sync to Google Ads negative criteria. LRU rotation keeps your account current at the 500 IP limit.
Compares Google Ads click_view with local beacons. Clicks visible in Ads but missing on your site are auto-detected.
Secure OAuth2 connection. IP exclusion, device CRM blacklist, and Customer Match positive lists are auto-queued.
Detects desktop emulation for local service campaigns. Blocks fake mobile traffic via touch entropy and portrait signals.
Ghost gclid, hot-path 403, campaign mismatch metrics, and a 3-second live activity stream for full visibility.
GDPR-compliant consent layer. Approved conversion data is hashed and uploaded to Google Ads as positive audience seed.
Each customer gets isolated API keys, Redis namespaces, and encrypted OAuth token storage for full data separation.
Fraud evidence exported as JSON/CSV ready for Google's Invalid Click Investigation process.
No complex setup. Go live in minutes.
Add a one-line DubixGuard script to your site. Setup takes a few minutes — no coding required.
Link your Google Ads account via secure OAuth2. Fraud IPs are automatically added to exclusion lists.
Track threats with the Attack Monitor and live logs. Parameter attacks are stopped instantly on the hot path.
Everything you need to know about DubixGuard — from setup to parameter attack defense.
DubixGuard is a cloud-based SaaS platform that protects your Google Ads campaigns from click fraud, bot traffic, and parameter-based attacks. A lightweight JavaScript snippet analyzes every visitor; suspicious traffic is blocked before it hits your ad budget and is automatically synced to your Google Ads account.
Stop parameter attacks and fake clicks with plans starting at $69/month. Turkish customers pay in TRY at the current exchange rate.