How to read a fraud report and act on it

You open your fraud report and see a wall of red flags. High click counts from IPs you don't recognize. User agents that look like they were generated by a script. A conversion rate that dropped from 3% to 0.1% overnight. If you don't know how to interpret this data, you're going to waste money on fake traffic — and worse, you'll make bad optimization decisions based on polluted data.

Affiliate fraud report analysis is the skill that separates profitable campaigns from money pits. When you can read a fraud report correctly, you know exactly which traffic sources to block, which creatives to pause, and which campaigns to kill. This guide walks you through a real fraud report — the metrics that matter, the signals that indicate fraud, and the actions you must take to protect your budget.

If you're new to fraud detection, start with The affiliate marketer's guide to click fraud detection and prevention for the fundamentals. Then come back here to learn how to interpret the data.

What does a fraud report actually tell you?

A fraud report is a log of every click that triggered a fraud detection rule in your tracking system. Each entry typically includes:

• Timestamp — when the click occurred
• IP address — the source of the click
• User agent — the browser and device string
• Fraud rule triggered — the specific detection method that flagged the click
• Campaign ID — which campaign the click belonged to
• Traffic source — where the click came from (e.g., PropellerAds, Taboola)
• Geo and device — location and device type

In Adtraxo, the fraud report is accessible from the campaign dashboard. You'll see a table with all flagged clicks, plus summary stats showing the percentage of traffic flagged, the total number of fraudulent clicks, and the estimated cost of that fraud. The report also breaks down fraud by rule type — IP velocity, datacenter IP, bot user agent, uniqueness conflict, and invalid referer.

The first thing to check is the fraud rate percentage. If you're seeing more than 5% fraud in a campaign from a paid traffic source, you have a problem. If it's over 10%, you're burning serious money.

How to identify the most damaging fraud signals

Not all fraud is equal. Some fake clicks are cheap and annoying. Others can drain your entire daily budget in minutes. Here's how to prioritize what you see in your fraud report.

1. IP velocity — the fastest way to lose budget

IP velocity fraud occurs when the same IP address generates multiple clicks in a short time window — typically seconds or minutes. A human user might click your ad once, maybe twice if they're comparing offers. Anything beyond that in under 60 seconds is almost certainly a bot or a click farm.

In Adtraxo's fraud report, IP velocity violations are flagged with the rule name "IP velocity." You'll see the IP address, the number of clicks, and the time window. If you see an IP that clicked 15 times in 3 minutes, block it immediately. Then check if those clicks came from a specific traffic source or zone. If so, blacklist that zone.

For a deeper dive, read IP velocity fraud explained — and how to stop it.

2. Datacenter IPs — proxy traffic that never converts

Datacenter IPs are IP addresses assigned to cloud servers (AWS, Google Cloud, DigitalOcean) and VPN providers. Legitimate users almost never browse affiliate offers from a datacenter IP. When you see clicks from these IPs, they're either bots or users hiding their real location — both of which rarely convert.

Your fraud report will list datacenter IP violations under "Datacenter IP." Adtraxo uses a regularly updated database of known datacenter ranges. If you see a high percentage of datacenter traffic from a specific source, that source is selling you proxy traffic. Pause the campaign and investigate.

Learn more in Datacenter IP detection: why it matters for affiliate tracking.

3. Bot user agents — scripted clicks with no human intent

Every browser and device sends a user agent string when it loads a page. Bots often use fake or outdated user agents. Common examples include "python-requests," "curl," "Googlebot" (when not from Google), or empty user agent fields.

In Adtraxo, flagged bot user agents appear under "Bot UA." Check the user agent string in the report. If it's something like "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" but the IP doesn't belong to Google, it's a spoofed bot. Block it.

Read Suspicious user agents: the hidden fraud signal in your click data for a full list of suspicious user agents.

4. Uniqueness conflicts — the same user appearing from different locations

Uniqueness conflict flags occur when the same device fingerprint or cookie ID appears with different IPs, user agents, or geos in a short time. This is a classic sign of a click farm where one operator controls multiple devices or uses VPN rotation.

In Adtraxo, this rule is called "Uniqueness conflict." If you see multiple entries for the same device ID across different IPs in under an hour, you're looking at a coordinated fraud operation. Blacklist the device ID and the traffic source zone.

5. Invalid referers — traffic that claims to come from a source it doesn't

The referer header tells you which website the user was on when they clicked your ad. Fraudsters sometimes spoof this header to make it look like traffic came from a legitimate site when it actually came from a bot or a parked domain.

Adtraxo's "Invalid referer" rule checks the referer against known good sources. If you see a referer that doesn't match your traffic source's expected domains, it's likely spoofed. Block the campaign or zone generating this traffic.

How to interpret fraud statistics by campaign and traffic source

Your fraud report is most useful when you break it down by campaign and traffic source. Here's how to do that effectively.

First, look at the fraud rate per campaign. If one campaign has a 15% fraud rate while others are at 2%, that campaign is the problem. Pause it and investigate the traffic source and creatives used.

Second, look at fraud by traffic source. In Adtraxo, you can filter the fraud report by source (e.g., PropellerAds, EvaDav, RichAds). If one source consistently shows high fraud across multiple campaigns, consider removing that source from your rotation entirely. A traffic source that can't control fraud isn't worth your money.

Third, look at fraud by geo and device. Fraudsters often target specific countries or device types. For example, if you're seeing high IP velocity from Indonesia on Android devices, but your target audience is US-based iOS users, those clicks are worthless. Block the geo-device combination in your campaign settings.

Finally, calculate the cost of fraud. Multiply the number of fraudulent clicks by your cost per click. If you're paying $0.10 per click and you had 1,000 fraudulent clicks, that's $100 wasted. Use this number to justify pausing campaigns or demanding refunds from traffic sources.

How to act on your fraud report — step by step

Reading the report is only half the battle. You need to take action. Here's a step-by-step process.

1. Identify the worst offenders. Sort the fraud report by number of flagged clicks. The top 10 IPs or user agents are your priority.
2. Blacklist IPs and user agents. In Adtraxo, you can add IPs and user agents to a global blacklist from the fraud report interface. This prevents them from being tracked or counted in the future.
3. Pause the affected campaigns. If a campaign has a fraud rate above 10%, pause it immediately. You're bleeding money.
4. Contact the traffic source. Send your fraud report to your account manager. Many ad networks will refund fraudulent clicks if you provide evidence. Adtraxo's fraud report includes screenshots and timestamps that make this easy.
5. Adjust your fraud rules. If you're seeing a specific type of fraud repeatedly, tighten your rules. For example, if IP velocity is your biggest problem, reduce the threshold from 5 clicks per minute to 3 clicks per minute in Adtraxo's fraud rule settings.
6. Set up automated actions. Adtraxo's AI Campaign Optimizer can automatically pause campaigns when fraud rates exceed a threshold. Enable this to stop fraud in real time without manual intervention.
7. Monitor daily. Check your fraud report at least once per day for the first week after making changes. Fraudsters adapt quickly, and new patterns will emerge.

For a complete guide on setting up automated fraud rules, read How to set fraud rules to protect your ad spend automatically.

Common mistakes when reading fraud reports

Even experienced affiliates make these errors. Avoid them.

• Ignoring low-volume fraud. A single IP that clicks 5 times over a week might not seem like a problem, but if it's a bot testing your defenses, it could ramp up later. Block it now.
• Overreacting to false positives. Not every flagged click is fraud. For example, a user behind a corporate VPN might trigger a datacenter IP flag. Check the user agent and behavior before blocking. If the user agent is a real browser (Chrome, Safari, Firefox) and the click converted, it might be legitimate.
• Not segmenting by traffic source. A fraud rate of 5% across all traffic might hide a source with 20% fraud and another with 0%. Always segment.
• Failing to act on patterns. If you see the same IP range or user agent pattern every day, create a rule to block it automatically instead of manually blacklisting each time.

How Adtraxo's fraud detection helps you act faster

Adtraxo's fraud report is designed for action, not just analysis. Every flagged click includes a "Block" button that lets you add the IP, user agent, or device to your blacklist instantly. You can also export the report as CSV to share with traffic sources or to analyze in Excel.

The AI Campaign Optimizer goes a step further. It analyzes your fraud report in real time and adjusts your campaign settings — pausing underperforming creatives, blocking high-fraud zones, and reallocating budget to cleaner traffic. You don't have to sit at your computer watching the report. The system handles it.

For a comparison with other tools, see Adtraxo fraud detection vs Voluum fraud detection — compared.

How to measure the impact of your fraud actions

After you've taken action, you need to know if it worked. Track these metrics over time:

• Fraud rate trend — should decrease by at least 50% within a week
• Conversion rate — should improve as fake clicks are removed
• Cost per conversion — should drop as wasted spend is eliminated
• Average time on site — should increase as real users replace bots

In Adtraxo, you can compare fraud rates before and after your actions using the campaign analytics dashboard. Look at the "Fraud Rate" metric over time. If it's flat or increasing, your actions aren't working. Try a different approach, such as switching traffic sources or using custom tracking domains.

For more on custom domains, read Custom domain tracking: does it reduce ad network fraud flags?

Frequently asked questions

Stop guessing which clicks are real. Start reading your fraud report with confidence and taking action that protects your budget. Try Adtraxo free — 10 links and 5,000 clicks per month at no cost. Upgrade to Pro for unlimited tracking and fraud detection at $49/month.