For any site without a server
1
Get your API key
Register at outrisker.comAPI Keys โ click Create Key โ copy the key like
or_xxxxxxxxxxxx
The key is shown only once โ save it immediately
2
Add snippet to your site
Open your landing page HTML. Find
</body> at the end. Paste the code before it:
HTML / JavaScript
<!-- Outrisker Anti-Fraud Protection --> <script> (function() { var API_KEY = 'or_YOUR_KEY'; // โ insert your key var THRESHOLD = 70; // blocking threshold (0-100) // Get click_id from URL var uid = new URLSearchParams(location.search) .get('click_id') || new URLSearchParams(location.search) .get('sub1') || 'anon'; fetch('https://api.outrisker.com/api/check', { method: 'POST', headers: { 'X-API-Key': API_KEY, 'Content-Type': 'application/json' }, body: JSON.stringify({ ip: 'auto', user_id: uid }) }) .then(function(r) { return r.json(); }) .then(function(d) { if (d.risk_score >= THRESHOLD) { // Hide form: var form = document.querySelector('form'); if (form) form.style.display = 'none'; // Or redirect to stub: // location.href = '/blocked.html'; } }) .catch(function() { // If API unavailable โ skip }); })(); </script>
Replace
or_YOUR_KEY with your real key from the dashboard3
Set up click_id parameter
Set your tracker to pass the click ID in the landing URL:
Parameters by tracker
Keitaro
?click_id={click_id}Binom
?click_id={binom_click_id}Voluum
?click_id={clickid}No tracker
?sub1=any_id4
Verify it works
Open your site โ DevTools (F12) โ Network tab โ find request to
api.outrisker.com โ you will see risk_score in the responseAPI Response Example
risk_score82
flags
["hosting_ip", "ip_rotation"]geo.country
NLgeo.asn
Hetzner Online GmbH Score โฅ70 = form hidden. Score <70 = user sees page normally
Integration via Postback URL
1
Get API key in Outrisker
Go to outrisker.com โ API Keys โ Create Key โ copy the key
2
Add postback to Keitaro
In Keitaro: Campaign โ Edit โ Postbacks โ Add Postback
Type: HTTP request. URL:
Type: HTTP request. URL:
Postback URL
https://api.outrisker.com/api/check ?ip={ip} &user_id={click_id} &api_key=or_YOUR_KEY
Replace
or_YOUR_KEY with your key. Macros {ip} and {click_id} will be substituted automatically by Keitaro3
Set up blocking rule
Campaign โ Streams โ Add Stream โ Rules โ Add Rule:
Rule configuration
Parameter
GET parameter: risk_scoreCondition
Greater than or equalValue
70Action
Stub / 404 / another stream4
Or use PHP script (advanced)
Keitaro โ Tools โ Scripts โ New Script. Type: PHP:
PHP
<?php $ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR']; $api_key = 'or_YOUR_KEY'; $uid = $_GET['click_id'] ?? 'unknown'; $ch = curl_init('https://api.outrisker.com/api/check'); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_POSTFIELDS => json_encode([ 'ip' => $ip, 'user_id' => $uid ]), CURLOPT_HTTPHEADER => [ 'X-API-Key: ' . $api_key, 'Content-Type: application/json' ], CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 1, ]); $result = json_decode(curl_exec($ch), true); curl_close($ch); if (($result['risk_score'] ?? 0) >= 70) { http_response_code(403); exit; }
5
Check in dashboard
After first clicks go to Outrisker โ Requests โ you will see all checked IPs with scores and flags
Done! Every click is now checked automatically
Integration via PHP on landing page
1
Get API key in Outrisker
Go to outrisker.com โ API Keys โ Create Key โ copy the key
2
Add code to the top of landing index.php
Open your landing file (usually
index.php). Paste at the very top, before any HTML:
PHP โ index.php
<?php // Outrisker โ fraud protection $ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR']; $api_key = 'or_YOUR_KEY'; $uid = $_GET['binom_click_id'] ?? $_GET['click_id'] ?? 'unknown'; $response = @file_get_contents( 'https://api.outrisker.com/api/check', false, stream_context_create(['http' => [ 'method' => 'POST', 'header' => "X-API-Key: ".$api_key. "\r\nContent-Type: application/json", 'content' => json_encode([ 'ip' => $ip, 'user_id' => $uid ]), 'timeout' => 1, ]]) ); $risk = json_decode($response, true); if (($risk['risk_score'] ?? 0) >= 70) { // Redirect to stub header('Location: /stub.html'); exit; } ?>
Replace
or_YOUR_KEY and /stub.html with your stub path3
Set up click_id from Binom
In Binom, set the landing URL to pass the click ID:
Binom โ Landing URL
https://your-landing.com/?binom_click_id={binom_click_id}
Useful Binom macros
{binom_click_id}
Click ID โ pass as user_id{ip}
User IP{p1}...{p10}
Additional parameters4
Verify it works
Visit landing with a VPN test IP โ you should see the stub. In the dashboard a high-score request will appear
Script adds less than 1 second delay. If API is unavailable โ landing works as usual
Universal PHP Integration
1
Get your API key
Go to outrisker.com โ API Keys โ Create Key
2
Create helper function
Create
outrisker.php and include it where needed:
PHP โ outrisker.php
<?php function checkRisk($user_id = 'anon') { $api_key = 'or_YOUR_KEY'; $ip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR']; $ch = curl_init('https://api.outrisker.com/api/check'); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_POSTFIELDS => json_encode([ 'ip' => $ip, 'user_id' => $user_id ]), CURLOPT_HTTPHEADER => [ 'X-API-Key: ' . $api_key, 'Content-Type: application/json' ], CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 2, ]); $result = json_decode(curl_exec($ch), true); curl_close($ch); return $result; } function isHighRisk($user_id = 'anon', $threshold = 70) { $result = checkRisk($user_id); return ($result['risk_score'] ?? 0) >= $threshold; }
3
Use anywhere
PHP โ usage example
<?php require_once 'outrisker.php'; $uid = $_GET['click_id'] ?? 'anon'; // Option 1: simple check if (isHighRisk($uid)) { header('Location: /stub.html'); exit; } // Option 2: get full response $risk = checkRisk($uid); echo 'Score: ' . $risk['risk_score']; echo 'Country: ' . $risk['geo']['country']; echo 'Flags: ' . implode(', ', $risk['flags']);
Direct REST API Integration
1
Get your API key
Go to outrisker.com โ API Keys โ Create Key
2
IP Check Endpoint
Request parameters
URL
POST https://api.outrisker.com/api/checkHeader
X-API-Key: or_YOUR_KEYContent-Type
application/json
Request body (JSON)
{
"ip": "1.2.3.4", // User IP
"user_id": "click_abc123", // your ID (any string)
"user_agent": "Mozilla/5.0..." // optional
}
3
Examples in different languages
cURL
curl -X POST https://api.outrisker.com/api/check \ -H "X-API-Key: or_YOUR_KEY" \ -H "Content-Type: application/json" \ -d '{"ip":"1.2.3.4","user_id":"test_123"}'
Python
import requests response = requests.post( 'https://api.outrisker.com/api/check', headers={'X-API-Key': 'or_YOUR_KEY'}, json={ 'ip': '1.2.3.4', 'user_id': 'test_123' } ) data = response.json() print(data['risk_score']) # 0-100 print(data['flags']) # list of flags
Node.js
const res = await fetch( 'https://api.outrisker.com/api/check', { method: 'POST', headers: { 'X-API-Key': 'or_YOUR_KEY', 'Content-Type': 'application/json' }, body: JSON.stringify({ ip: '1.2.3.4', user_id: 'test_123' }) } ); const data = await res.json(); console.log(data.risk_score); // 0-100
4
Response interpretation
Risk flags and their meaning
hosting_ip
IP belongs to datacenter or hosting (+40)vpn_asn
ASN belongs to VPN provider (+30)blacklist_match
IP found in proxy/VPN database (+40)geo_mismatch
Sudden country change in short time (+30)ip_rotation
5+ different IPs in 10 minutes (+20)bot_useragent
User-Agent looks like a bot/script (+10)Recommended thresholds
0โ39
Low risk โ allow40โ69
Medium risk โ log and analyze70โ100
High risk โ blockServer-side protection for Node.js / Express
1
Get your API key
Register at outrisker.com โ go to API Keys โ click Create Key โ copy the key like
or_xxxxxx The key is shown only once โ save it immediately
2
Create middleware/outrisker.js
Create file
middleware/outrisker.js in your project root:
Node.js / Express
const API_KEY = 'or_YOUR_KEY'; const THRESHOLD = 70; module.exports = async function(req, res, next) { const ip = req.headers['x-forwarded-for']?.split(',')[0] || req.socket.remoteAddress; const userId = req.user?.email ? `${req.user.email}|${ip}` : ip; try { const r = await fetch('https://api.outrisker.com/api/check', { method: 'POST', headers: { 'X-API-Key': API_KEY, 'Content-Type': 'application/json' }, body: JSON.stringify({ ip, user_id: userId }), signal: AbortSignal.timeout(1000) }); const { risk_score } = await r.json(); if (risk_score >= THRESHOLD) { return res.status(403).json({ error: 'Access denied' }); } } catch (e) { // API unavailable โ pass through, site keeps working } next(); };
Replace
or_YOUR_KEY with your key from the API Keys section3
Connect in server.js
Add at the top of
server.js before any routes:
server.js
const outrisker = require('./middleware/outrisker'); app.use(outrisker); // before all routes
4
Restart the server
If using PM2:
Terminal
pm2 restart your-app
Done. Users with score โฅ 70 get 403 and never see the site. Real users pass through instantly.
Why middleware beats JS snippet
JS snippet
โ Can be bypassed by disabling JS
โ Client-side check
โ No server required
โ Client-side check
โ No server required
Node.js middleware
โ Cannot be bypassed
โ Check before any content
โ Logging by email+IP
โ Check before any content
โ Logging by email+IP