For merchants running global ad campaigns, targeting is everything. You expect to pay affiliate commissions for traffic originating in target geographies (like the US or Western Europe). However, fraud networks regularly use **proxies and VPNs** to routing traffic, faking high-tier geographic locations to capture maximum payouts.
By routing automated bot traffic through residential proxy pools, publishers mask server locations as consumer IP addresses. Let's look at how to identify and filter out proxy-masked affiliate traffic.
How affiliates hide behind proxies
While datacenter IP addresses (like AWS or DigitalOcean) are easily blocked by standard firewalls, proxy networks exploit consumer infrastructure:
- Residential Proxy Pools: Routing bot traffic through compromised home routers, smart TVs, or consumer devices. To your server, the IP address looks like a standard home broadband connection.
- Mobile Proxy Dongles: Spreading clicks across cellular IP ranges (like 4G/5G mobile towers), which rotate constantly and share IP blocks among hundreds of legitimate users.
- Commercial VPN Nodes: Masking bot hosts behind encrypted commercial VPN connections to fake targeted city-level geolocations.
Because these IP addresses look legitimate, simple IP-reputation checks fail to block them.
Technical indicators of proxy traffic
Proxy-masked sessions leave physical browser cues that do not match the IP location:
- DNS-to-IP Mismatch: The user's IP geolocation indicates they are in New York, but their browser's DNS server routing points to an ISP in Eastern Europe.
- System Timezone Differences: The IP shows a Pacific Time timezone, but the browser JavaScript runtime (`Intl.DateTimeFormat().resolvedOptions().timeZone`) registers a timezone offset matching UTC+3.
- WebRTC Leakage: Standard WebRTC APIs can bypass proxy configurations, exposing the true local and public IP addresses behind the proxy connection.
How BotRefund audits proxy traffic
BotRefund runs deep, real-time client-side checks on every visitor. It cross-references network geolocations against JavaScript timezone contexts, local speech synthesis language sets, and system keyboard layouts.
By identifying mismatch signals (like Pacific Time IPs paired with European system languages), BotRefund flags masked proxy sessions instantly, keeping your affiliate dashboard clean of geo-spoofed conversions.
Frequently Asked Questions
Why do affiliates use residential proxies?
They use them to route automated bot traffic through legitimate consumer IP addresses, bypassing firewall security rules that block data centers.
How does WebRTC leak real IP addresses?
WebRTC APIs require direct peer-to-peer browser connections, which can trigger network discovery processes that bypass simple browser proxy settings to retrieve the real local IP.
Can I reject payouts for proxy traffic?
Yes. Almost all affiliate agreements explicitly ban geo-spoofing and IP mask evasion, allowing merchants to decline commission payouts when presented with mismatch proof.