Features

Protection at every layer

End-to-end click fraud defense from hot-path analysis to Google Ads sync.

Features

Protection at every layer

End-to-end click fraud defense from hot-path analysis to Google Ads sync.

Featured

Parameter Campaign Attack Shield

Blocks replay of stolen or valid gclid parameters from different IPs, devices, or fake utm_campaign values via atomic sealing. Campaign cross-check compares utm claims against Google Ads reality.

Real-Time Threat Engine

Every click analyzed in under 50 ms. WebDriver, headless UA, datacenter IP, and behavior signals are instantly dropped with 403 — fake traffic never hits the database.

Device & Cross-Browser Profiling

Canvas, WebGL, and hardware entropy match profiles across browsers. Catches same-device attacks rotating browsers or IPs.

Automatic IP & Device Exclusion

Fraud IPs sync to Google Ads negative criteria. LRU rotation keeps your account current at the 500 IP limit.

Ghost Click & gclid Reconciliation

Compares Google Ads click_view with local beacons. Clicks visible in Ads but missing on your site are auto-detected.

Google Ads Feedback Loop

Secure OAuth2 connection. IP exclusion, device CRM blacklist, and Customer Match positive lists are auto-queued.

Mobile-Only Defense

Detects desktop emulation for local service campaigns. Blocks fake mobile traffic via touch entropy and portrait signals.

Attack Monitor & Live Logs

Ghost gclid, hot-path 403, campaign mismatch metrics, and a 3-second live activity stream for full visibility.

Customer Match & Consent

GDPR-compliant consent layer. Approved conversion data is hashed and uploaded to Google Ads as positive audience seed.

Enterprise Tenant Isolation

Each customer gets isolated API keys, Redis namespaces, and encrypted OAuth token storage for full data separation.

Evidence-Based Refund Reports

Fraud evidence exported as JSON/CSV ready for Google's Invalid Click Investigation process.

Campaign Shield

4-layer defense against parameter attacks

gclid replay, campaign spoofing, and ghost clicks — caught on the hot path and by async workers.

01

Landing Beacon Requirement

The SDK sends a landing beacon on page load. Attribution-bearing interactions without a prior landing are instantly 403'd with MISSING_LANDING_BEACON.

02

Atomic gclid Sealing

Each gclid is sealed in Redis with its first IP and fingerprint. Replay from different IP or device → GCLID_IP_MISMATCH / GCLID_FINGERPRINT_MISMATCH.

03

Campaign Cross-Check

utm_campaign claims are compared to Google Ads' campaign.id for that gclid. Alias map supports label→ID mapping.

04

Async Reconciliation Worker

Google Ads click_view is scanned periodically. Ghost clicks, delayed mismatches, and missing landings hit the Attack Monitor.

hot-path · click-pipeline.service.ts

POST /api/v1/click

→ rate limit → block list → assessRisk()

evaluateGclidHotPath() [Layer 2b]

evaluateCampaignCrossCheck() [Layer 3]

→ security drop? → 403 (Click INSERT skipped)

→ else persistClick + Google Ads sync queue

Standard Access — yakında

Google Ads API Standard Access onayı sonrası aşağıdaki yetenekler tam kapasite aktif olacak. Hot-path koruma şu an çalışır durumda.

  • Google Ads API Standard Access — yüksek günlük kota
  • Customer Match upload (allowlist onayı ile)
  • Tam kapasite IP exclusion ve ghost click mutabakatı
  • Kampanya pause/resume (ghost burst — konfigüre edilebilir)

Google Ads bütçenizi bugün korumaya başlayın

Hot-path koruma hemen aktif — Standard API onayı sonrası tam GAds sync. Dakikalar içinde kurulum.