IP velocity fraud explained — and how to stop it

If you’ve ever seen a campaign with 500 clicks and zero conversions, or watched your ROI drop despite increasing traffic volume, you may have been hit by ip velocity fraud affiliate attacks. This is one of the most common and costly forms of click fraud in performance marketing. It happens when a single IP address (or a small pool of IPs) generates dozens or hundreds of clicks in a short time window — often seconds or minutes — mimicking genuine user behavior but delivering zero value.

In this article, I’ll break down exactly what IP velocity fraud looks like in your affiliate data, why it’s so damaging, and how to stop it with specific configurations you can implement today. I’ll also show you how Adtraxo handles this automatically, so you can stop wasting budget on fake clicks and focus on real conversions.

What is IP velocity fraud in affiliate marketing?

IP velocity fraud is a type of click fraud where a single IP address (or a small group of IPs) generates an abnormally high number of clicks within a short period. The "velocity" refers to the speed at which clicks arrive from that IP. For example:

• Normal user behavior: A real person might click your ad once, browse for 30–60 seconds, then either convert or leave. They won’t click again for hours or days.
• IP velocity fraud: A bot script or click farm sends 50 clicks from the same IP in 60 seconds. Each click looks legitimate to the ad network, but none result in a conversion.

This fraud is especially common in push traffic, popunder campaigns, and solo ads, where bots are programmed to hit your tracking link repeatedly. The fraudster’s goal is to inflate click counts and drain your budget before you notice.

How does IP velocity fraud drain your campaign budget?

Let’s look at a concrete example. Suppose you’re running a campaign on PropellerAds with a $0.01 CPC bid. You set a daily budget of $50. A bot hits your link 5,000 times in 10 minutes. At $0.01 per click, that’s $50 in clicks — gone in 10 minutes. The bot stops when your budget is exhausted. You get zero conversions, zero leads, zero sales.

Now multiply that across multiple traffic sources. If you’re running on EvaDav, RichAds, Taboola, MGID, or solo ads, the same bot can hit you on every channel. Without velocity detection, you’re paying for traffic that never had a chance to convert.

Over a month, a small campaign could lose $500–$2,000 to IP velocity fraud alone. For larger spenders, it’s easily tens of thousands.

How to detect IP velocity fraud in your affiliate data

You don’t need a data science degree to spot this. Here’s how to find it in your tracking logs:

1. Export your click data from your tracker. Look for columns like IP address, timestamp, user agent, and sub-ID values.
2. Sort by IP address and then by timestamp. Group identical IPs together.
3. Count clicks per IP per minute. If you see an IP with 10+ clicks in under 60 seconds, that’s a red flag.
4. Check for pattern repetition. Fraudulent IPs often show the same user agent, same referrer, or same sub-ID across all clicks.
5. Cross-reference with conversions. If an IP has 100 clicks and zero conversions, it’s almost certainly a bot.

In Adtraxo, you don’t need to manually export and sort. The platform’s fraud detection engine automatically flags IP velocity violations. You’ll see them in your campaign analytics under the "Fraud" tab, with a breakdown of how many clicks were blocked and from which IPs.

What is a safe IP velocity threshold?

There’s no universal number because it depends on your vertical, traffic source, and campaign type. But here are practical thresholds I use:

• Standard display/push/pop traffic: More than 5 clicks from the same IP in 60 minutes is suspicious. More than 10 in 60 minutes is almost certainly fraud.
• Native ads (Taboola, MGID): More than 3 clicks from the same IP in 24 hours is unusual. Real users rarely click the same native ad multiple times.
• Solo ads: More than 2 clicks from the same IP in 24 hours is a red flag. Solo ad traffic is email-based, so repeat clicks from the same IP are unnatural.
• High-ticket offers (finance, health): Even 1 click from a datacenter IP with high velocity is enough to block immediately.

Start with these thresholds and adjust based on your data. If you’re seeing false positives (real users getting blocked), relax the threshold. If fraud is still slipping through, tighten it.

How to stop IP velocity fraud automatically

Manual detection is useful for auditing, but you need automation to stop fraud in real time. Here’s how to configure your tracking platform to block IP velocity attacks:

1. Enable IP velocity rules. In Adtraxo, go to your campaign settings → Fraud Detection → IP Velocity. Set a threshold: for example, block any IP that generates more than 10 clicks in 60 minutes.
2. Set a time window. Choose between minutes, hours, or days. For most campaigns, 60 minutes is a good starting point.
3. Define the action. You can block the click entirely, redirect to a safe page, or mark it as fraudulent (but still count it for analysis). Blocking is recommended for aggressive fraud.
4. Combine with other rules. IP velocity works best when paired with datacenter IP detection and suspicious user agent filtering. A click from a datacenter IP with high velocity is almost certainly a bot.
5. Test and refine. Run for 24–48 hours, then review your fraud report. Adjust thresholds if you see false positives or missed fraud.

In Adtraxo, you can set these rules per campaign or globally. The AI Campaign Optimizer also learns from your data and can automatically adjust velocity thresholds based on historical patterns.

Why IP velocity alone isn’t enough — combine with other signals

IP velocity is powerful, but fraudsters are smart. They can rotate through thousands of IPs using residential proxies or botnets. In that case, each IP might only generate 1–2 clicks, bypassing your velocity rule.

That’s why you need a layered approach. Combine IP velocity with:

• Uniqueness conflict detection: If the same IP uses multiple user agents or sub-IDs in a short period, that’s a fraud signal.
• Invalid referer checks: If the referer doesn’t match your traffic source, it’s likely a bot.
• Bot user agent filtering: Known bot UAs (like "python-requests" or "curl") are easy to block.
• Geographic anomalies: If your campaign targets the US but you see clicks from IPs in Nigeria, block them.

Adtraxo’s fraud detection engine includes all these signals. You can set up custom fraud rules that trigger on multiple conditions, like "block if IP velocity > 10 clicks/hour AND datacenter IP = true."

Real-world example: How I stopped IP velocity fraud on a push campaign

I was running a push notification campaign for a nutra offer on RichAds. My daily budget was $100. After three days, I had spent $300 with only 2 conversions — a terrible ROI. I checked my Adtraxo fraud report and saw that 78% of my clicks were flagged as IP velocity violations. One IP alone had generated 1,200 clicks in 2 hours.

I enabled the IP velocity rule with a threshold of 5 clicks per 60 minutes. Within 24 hours, my fraudulent click rate dropped to 4%. My cost per click went down, and my conversion rate improved. I also added a custom tracking domain to avoid ad network flags. The campaign became profitable within a week.

This is a common pattern. Once you block IP velocity fraud, your data becomes cleaner, your optimization decisions become more accurate, and your budget goes to real users.

How Adtraxo handles IP velocity fraud automatically

Adtraxo is built for performance marketers who need real-time fraud protection without manual overhead. Here’s what it does out of the box:

• IP velocity detection: Tracks clicks per IP per time window (configurable from 1 minute to 24 hours).
• Automatic blocking: You can set the action to "block" or "flag." Blocked clicks are not counted in your analytics, so your data stays clean.
• Per-campaign rules: Set different thresholds for different campaigns based on traffic source and vertical.
• Fraud report integration: See a full breakdown of IP velocity violations in your fraud report, including IP addresses, timestamps, and sub-IDs.
• AI Campaign Optimizer: Learns from your data and suggests optimal velocity thresholds. It can also automatically adjust rules based on campaign performance.

And because Adtraxo works with all major traffic sources — PropellerAds, EvaDav, RichAds, Taboola, MGID, and solo ads — you get consistent fraud detection across your entire funnel.

Common mistakes when setting up IP velocity rules

Here are the pitfalls I see most often, and how to avoid them:

• Setting thresholds too low: If you block after 2 clicks per hour, you may block real users who click your ad twice (e.g., checking a link on mobile and desktop). Start with 5–10 clicks per hour and adjust down.
• Not testing with a small budget first: Before going all-in, run a test campaign with fraud rules enabled. Review the data for 24 hours to ensure you’re not blocking legitimate traffic.
• Ignoring the fraud report: Setting rules and never reviewing them is like locking your door but never checking if someone picked the lock. Review your fraud report weekly.
• Using IP velocity as your only rule: As mentioned, fraudsters can rotate IPs. Combine with bot traffic detection and other signals.

Frequently asked questions

IP velocity fraud is one of the easiest types of click fraud to stop — once you know what to look for. By setting up automated rules in your tracking platform, you can block these attacks in real time and protect your budget. Start with the thresholds I’ve outlined, review your fraud report weekly, and combine velocity detection with other fraud signals for maximum protection.

If you’re not using a tracker with built-in fraud detection, you’re leaving money on the table. Try Adtraxo free (10 links, 5k clicks/month) or upgrade to Pro for unlimited everything plus full fraud detection. Your campaigns will thank you.