Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /var/www/html/check_language.php on line 6

Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /var/www/html/check_language.php on line 6

Binom Documentation

Go to navigation

Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /var/www/html/check_language.php on line 6

Binom Protect

Binom Protect — is our complex anti-fraud detection solution, that runs locally in your tracker.

Binom Protect can be used simultaneously with other integrations to detect bots. The click would be counted as a bot in case any service deems it a bot.

Binom Protect key features:
- Detecting VPN/Proxy and traffic from data centers
- Flexible bot detection mechanics
- In-depth reports and Clicklog information
- Extended fingerprints and risk scoring
- Your data is not being passed anywhere, total privacy

Please, note that only Basic Binom Protection methods can be used at the moment together with:
- Click API (more info)
- LP Pixel (more info)

Tracker settings

You can enable Binom Protect in the Binom Protect section of your Campaign settings.

Binom Protect will mark the traffic as bot based on the selected tags. You need to create a Bot rule to send the clicks to a specific bot Path.

VPN/Proxy detection block

VPN/Proxy detection is a basic way to use Binom Protect.

VPN/Proxy detection adds three new objects:
- VPN/Proxy - Detects traffic associated with known VPN providers, proxy, and TOR exit nodes.
- Datacenter - Detects traffic associated with known hosters (such as Amazon, Azure, Hetzner, etc..) as well as different SaaS organizations (including CDNs like Cloudflare, DDoS protection services, IP rental services, etc..).
- Company - Detects traffic associated with government, educational establishments, banks and other business organizations.

This info can be used as a rules criterion and can be accessed in the reports.

Bot detection block

Bot detection is an advanced and more flexible Binom Protect tool.

Presets - several presets:

Presets are divided into Light, Medium, Paranoid. They are combined with Basic only and Basic+JS.

Light - Basic only - protection against the most primitive bots. The lowest chance of false-positive.

Light - Basic+JS - protection against primitive bots. The lowest chance of false-positive.

Please note, that enabling JS methods adds a local redirect to check the client's browser.

Medium - Basic only - protection against advanced bots. Low chance of false-positive. Recemmeded as a default.

TLS, TCP, VPN cannot be used together with domain that is proxied via CloudFlare or similar CDN services.

Medium - Basic+JS - protection against advanced bots. Medium chance of false-positive. Recommeded to use if Basic only are not enough or you are using proxied domains.

Please note, that JS methods add a local redirect to check the client's browser. We recommend turning off TLS, TCP, VPN methods.

Paranoid - max protection. Moderate level of false-positive

Basic methods - server methods of bot detection:

Basic methods - do not require an additional redirect and are working really fast (~1-3ms)

APP - Detection of traffic from Android and iOS. Useful to detect bots of unscrupulous mobile applications that can, for example, open invisible WebView windows on the device and create fake redirects. Enabling this will also filter out browsers that use WebView, such as Opera Mini, GX, Aloha Browser and others. Recommended to use with caution.

BOT - Basic check to detect simple bots and known automated crawler bots through analyzing HTTP requests. Filters out about 1-2% of the traffic. Recommended to be used by default.

CORP - Module that checks the IP address against a database of different kinds of organizations: educational, governmental, bank, financial, and other business establishments. Filters about 10-15% of the traffic on average. Recommended to use with caution because it can be real traffic.

CRAWL - Module that checks the IP address against a database of classified known crawlers (search robots). Recommended to use if you don't want your link or site to be indexed.

DC - Module that checks the IP address against a database of known IP ranges of hostings. A lot of malicious traffic comes from them: bots that scan the network or parse the traffic source, bypassing of restrictions, traffic from personal VPNs or proxy servers, automated attacking traffic. Filters around 5-10% of the traffic, geospecific. Recommended to use with caution.

FAKE - Advanced check for inconsistencies of HTTP-headers in Chromium-based browsers. Can protect from GSB (Google Safe Browsing) ban in some cases. Filters around 5% of the traffic. Recommended to be used by default.

FB - Detects Facebook bots based on the HTTP headers and IP addresses. Recommended to be used by default if you are working with Facebook. Usage of this method is recommended to enhance the cloaking: https://docs.binom.org/utm-filtering-v2.php.

FIRST - Used to fight off moderators in case the campaign is to be moderated and you need to send the first N clicks to the white page.

RATE - Aimed to fight clicks that come from the same IP and User Agent during a short period. Filters around 5-10% of the traffic, but geospecific. Recommended to be used by default.

TLS - Browser mismatch detection based on TLS fingerprint. Not recommended to use with a proxied domain. Recommended to use by default.

TCP - OS mismatch detection based on TCP fingerprint. Not recommended to use with a proxied domain.

VPN - Detects VPN connections based on network patterns. Not recommended to use with a proxied domain.

VPN/ABUSE - Module checks the IP addresses against bases of IPs that were seen in malicious activity (spam, DDoS, fraud, hacking), belong to TOR networks, being proxy or VPNs from known providers (such as ExpressVPN, NordVPN, etc.). Filters around 3-10% of the traffic, but is very geospecific. Recommended to be used by default.

RDNS - Advanced checks based on reverse DNS analysis of the client IP, aimed at detecting: security scanners, crawlers, and threat intelligence collectors, anti-spam, anti-malware, and abuse monitoring services (GSB). It filters on average 1-2% of traffic (depending on region and hosting density) and is highly geo- and ASN-specific. False positives are low. Recommended for use by default.

First visit clicks count - Sets a number of first clicks in the campaign that would be counted as bot. This setting can be used to fight off moderators.

Rate limit clicks count - Sets the amount of clicks and a timeframe. Any clicks that were made from the same IP and with the same User Agent exceeding the set amount would be counted as bots. For example, if you set the amount to "2" and a timeframe to 2 seconds, then from 3 clicks that came from the same IP and that had the same User Agent during the last 2 seconds, the first two would not be considered bots, but the third one would be a bot.

Rate limit time window - Sets the amount of clicks and a timeframe. Any clicks that were made from the same IP and with the same User Agent exceeding the set amount would be counted as bots. For example, if you set the amount to "2" and a timeframe to 2 seconds, then from 3 clicks that came from the same IP and that had the same User Agent during the last 2 seconds, the first two would not be considered bots, but the third one would be a bot.

Research mode - The tracker will check all incoming traffic in this campaign against all Basic methods, even if those methods are not enabled in the Basic methods block. This data will be used in reports, but clicks will not be marked as bots based on these checks. If you want the tracker to mark clicks as bots, select specific methods in the Basic methods block.

Javascript methods - JavaScript-based methods of bot detection:

ADVANCED JS - Advanced detection based on the JS fingerprint of the device. Aimed to detect: spy services, GSB (google safe browsing), anti-detect profiles of browsers on smartphones, manipulations or substitution of browser or hardware specs, patterns of browser action automatization. Filters 3-5% of the traffic, geospecific. Recommended to be used by default.

ADVANCED+ JS - Advanced+ checks based on deep JS and network-layer fingerprinting of the client’s environment. It typically filters 5% of traffic (geo- and vertical-dependent; can be higher on abuse-heavy segments). Recommended by default for high-risk flows.

BASIC JS - Basic checks for inconsistencies of the fingerprints of the declared and real browsers. Can protect from GSB (Google Safe Browsing) ban in some cases. Filters 1-3% of the traffic on average. Recommended to be used by default.

FAKE MOB - Advanced checks based on the JS fingerpring of the device, aimed exclusively at Android and iOS devices. Protects from the following: fake Apple devices (100% chance), mobile profiles of anti-detect browsers, spy services, antivirus crawlers, can protect from the GSB (Google Safe Browsing) ban in some cases, detects manipulations or substitution of browser or hardware specs. Can filter around 25% of the traffic, geospecific. Recommended to use with caution.

FRAME - Check aimed at finding embedded elements such as iframes, embedes or objects. Recommended to be used by default.

TIME/VPN -Check for inconsistency of IP address and time on the user's pc or device. A strong indicator of VPN usage. Filters 1% of the traffic.

NOJS - Detects visitors whose browser did not execute the JavaScript fingerprint script. This typically indicates a bot that does not render pages or a client with JavaScript disabled. It is recommended for use by default.

Research mode - The tracker will check all incoming traffic in this campaign against all Javascript methods, even if those methods are not enabled in the Javascript methods block. This data will be used in reports, but clicks will not be marked as bots based on these checks. If you want the tracker to mark clicks as bots, select specific methods in the Javascript methods block.

Detection logic:

At least one - A click will be marked as a bot if it matches at least one of the Basic or JS methods you enabled above.

All - A click will be marked as a bot if it matches all of the Basic or JS methods you enabled above.

Clicks that had basic mechanisms of the browser disabled and that didn't comply to web-specifications are marked as bots in the stats and are reflected as clicks that went to deleted path\lander\offer.

Reports and Clicklog info

Campaign reports and the Clicklog tab will provide you with info about the functioning of Binom Protect.

Both Reports and Clicklog can show you different tags for the same click that lead to this click being acknowledged as a bot.

How to get Binom Protect license

One Binom Protect license will be applied to all the trackers on the same account.

In order to get Binom Protect license, navigate to your account over at binom.org.

Next, go to the Add/Renew Subscription section.

Choose the Binom Protect license type and the amount of days you want to get it for.

You can see the remaining Binom Protect license days on the Monitor tab in your tracker.

Examples of how to use Binom Protect

Below are scenarios for Binom Protect usage that were tested on real traffic and offers.

Classic flow on POPs traffic

If your goal is to aviod getting to Spy services and protect yourself from GSB ban, enabling Medium - Basic only preset with optional CORP and DC should be enough. In case of high specs consider enabling RDNS. It is important that your Rules are more complex than just the Is bot \ Is not bot rule.

Facebook

We recommend using the following settings in your campaigns to avoid robots, FB mods and spy services:

Set a white landing and offer in the Default Path, create a Black Path inside the Rule with the following setting:
1. Referrer - facebook
2. Language - EN (It can be another language or you can set Language IS NOT Empty\Unknown)
3. Is not Bot
4. Country - US (It can be another country in your case). The amount of rules can be more significant. If you are only getting iOS traffic, you might want to add:
5. Brand and Model - Apple
6. Operation system and version - iOS
7. Device type - Mobile, Desktop
8. Connection type IS NOT Dialup

You will see a big discrepancy of clicks in FB and the tracker after starting the campaign: tracker will show x2. No worries, those are just FB bots. The real discrepancy on the actual offer should not be more than 3-5%.

WebView Apps

Use the following set of settings to protect your iOS WebView apps:
1. Use Basic Only with these methods: CORP, CRAWL, DC, VPN\ABUSE, RDNS. RESEARCH MODE ON. Detection logic: At least one.

2. Do a redirect in Path to an index.php file, that will always return a 403 error. In your application you create a logic that WebView is not opened if you get a 403 error.

<?php http_response_code(403); exit; ?>

3. Crate a Rule that will:
4. Filter by country that should result in conversion.
5. Brand and Model: Apple
6. Operation system and version is: iOS
7. Is not bot
If you want a waterfall flow (show several different offers to that user that did not convert), then:
1. Unique in this campaign.
2. Duplicate the created Rule and add uniqueness: Not Unique in this campaign.

We recommend using similar settings to protect your Android WebView apps with one exception:

Cautiously use the CRAWL tag. If you have the following (or similar) user-agent okhttp/4.9.2 - all the clicks will be marked as bots.

Unlike Android, iOS is passing the following user-agent: AppName/7CFNetwork/3826.600.41 Darwin/24.6.0 by default. And Protect doesn't mark it as bot.