Skip to content

About

Note

This article refers to the legacy FraudScore interface. See more details here.

FraudScore RT is a product specifically developed for CPC/CPM campaigns. Key customers are DSPs, SSPs and ad networks. It’s a real-time fraud detection platform that filters fraudulent clicks and impressions almost instantly and prevents fraudulent clicks from turning into conversions. Each click is marked with the detected ad fraud type and can be further investigated to build a fraud case.

Integrations

There are three options for FraudScore RT integration:

  • FS.RT integration - call our API and get real-time responses;
  • Pixel integration - a pixel that is put into your ads and provides a real-time statistics;
  • JStag - put it on your site, LP or ads.

FraudScore RT in brief

  • Traffic: Prebid/CPC/CPM
  • Method: Realtime Analysis
  • Developed for: DSPs, SSPs, Ad Networks
  • Analysis method: FraudScore analyzes 10 different categories of parameters in real time.

Machine Learning technology in FraudScore RT

  • Step 1 - Real Time Analysis - ETA 10 milliseconds

The system analyzes a click or an impression instantly and sends it’s verdict to the RTB platform.

  • Step 2 - Bidding - Instant

According to preset algorithms, RTB decides whether to display an ad on publishers website to the specific lead or not.

Reasons

FraudScore RT doesn't assign a particular weight (index) to each fraud reason. FS.RT detects fraud and marks clicks and impressions either "fraud" or "not fraud" in real time. Fraud reasons that are used to detect fraudulent activities are combined into ten main categories:

datacenter

  • Traffic coming from servers in data centers or known cloud platform providers, rather than residential or corporate networks (very low likelihood of a real human user).

blacklist

  • IPs with excessive Fraud activities in the near past.
  • IPs that are associated with known Botnets and Adware.

proxy

  • All the “proxied” connections - Socks proxy, VPN, Tor etc
  • Traffic that is routed through an intermediary proxy device or network where the ad is rendered in a user's device where there is a real human user
  • Users are actively hiding their identity or making conversions from an unwanted GEO

device

  • Any user’s device (browser, phone, app, device-emulator or other systems) that has been modified to call html or make ad requests that is not under the control of a user and made without the user's consent.
  • Hijacked device where a user is present and additional HTML or ad calls are made independently of the content being requested by the user.
  • Ads and redirections are inserted into the user experience by the program running on the device.

ip

  • If there are abnormalities or suspicious facts connected with IP addresses. Also - IPs are constantly checked with "black IPs" databases:
  • Multiple conversions from the same IP
  • Multiple conversions from the same IP subnet

os

  • Operating system issues that are considered fraudulent: Abnormal device distribution within traffic (device models, browser versions, operating system, etc.).

crawler

  • When a crawler is detected in the traffic. ie. a search engine which is indexing and parsing web pages.

dynamic blacklist

  • Traffic sources with short-lived activity (i.e. traffic coming from mobile provider).

cap

  • Is a time limit for the number of clicks, with the ability to separate the limit by offers, affiliates and advertisers.

attribution

  • When attribution fraud is detected (i.e., clickspamming – when there is a lot of recurring clicks from the same users).

feb 27, 2026