NEW New feature: Verify and block fake emailsLearn more
NEW New feature: Verify & block fake emails
Learn more
fraud blocker click fraud prevention logo
Sign in
Start Free Trial
  • Home
  • Articles
  • We Analyzed 200 Million Ad Clicks for Fraud. Here’s What We Found

We Analyzed 200 Million Ad Clicks for Fraud. Here’s What We Found

  • May 7, 2026
200 million click fraud analysis
  • Click fraud has evolved into a sophisticated, industrial-scale operation that now accounts for roughly 22% of all digital ad spend, costing advertisers billions annually and polluting the AI training models used for bidding.
  • Fraudsters are successfully bypassing geographical filters through “location hopping,” using residential proxy networks to make a single device appear in dozens of different countries within hours.
  • Technical “fingerprint spoofing” is rampant, where automated scripts and headless browsers intentionally misreport their operating systems to mimic legitimate human desktop users.
  • The discovery of “click recycling”, where a single unique Google Click ID is reused across hundreds of devices, proves that bot operators are programmatically harvesting and reapplying legitimate identifiers to manufacture fake conversions and drain ad budgets.

At Fraud Blocker, we monitor an enormous amount of data that gives us an advantage to tracking click fraud. Our platform analyzes over 60 million unique IP addresses every month across more than 4,500 domain names.

For this study, we conducted an in-depth analysis of 200 million individual ad clicks, utilizing our BigQuery warehouse and our Google Ads API to take a close look at the data across our entire network.

fraud blocker 200 million ad clicks

Our analysis was designed to share specific, technical signatures of click fraud that advertisers are likely paying for. By looking at the raw log-level data, we’ve identified patterns that confirm click fraud is no longer a fringe nuisance but a sophisticated, industrial-scale challenge that directly impacts advertising ROI.

Background - What is click fraud and what is its impact?

Click fraud is the practice of repeatedly clicking on pay-per-click (PPC) advertisements to generate fraudulent revenue for a host website or to drain a competitor’s budget. It is no longer just a “bot problem” or a few teenagers in a basement, it is a multi-layered, global industry (read more about click fraud)

Why Click Fraud Occurs

There are a few primary motivations behind the billions of fraudulent clicks occurring daily:

  1. Competitor Malice: In highly competitive niches (like law, insurance, or home services), rival businesses use bots to click your ads. The goal is to deplete your daily budget by 9:00 AM, ensuring their ads show up for the rest of the day while yours are paused.
  2. Publishers Inflating Their Ad Revenues: Owners of “Made-for-Advertising” (MFA) websites use bots to click the ads displayed on their own sites. Since they get a cut of every click, they use automation to manufacture “interest” and inflate their earnings from Google’s Display Network.
  3. Malware Installs: Malware installed on apps or devices, typically without knowledge by the owners, can serve ads in the background that generate non-legitimate revenue for criminals.
  4. Attribution Fraud: Advanced fraudsters use bots to click ads and then “browse” the site to mimic high-intent users. This tricks the advertiser into thinking their campaign is working, causing them to pour more money into the very channels the fraudsters control.
  5. Bot-Generated Fraud: Not all fraud is a direct attack on a specific brand; often, it is the byproduct of the internet’s “background noise.” Massive botnets constantly crawl the web for data scraping, SEO analysis, or site indexing. When these bots interact with your ads, either accidentally or as part of a script to appear more human, they trigger invalid clicks. While less personal than competitor malice, this automated traffic accounts for a massive portion of drained ad spend, as these “users” have zero intent of ever becoming customers.

The Economic Impact of Click Fraud

In 2026, the cost of ad fraud is projected to exceed $100 billion. For the average advertiser, roughly 22% of all digital ad spend is lost to invalid traffic.

If you’re spending $10,000 a month, you are essentially writing a $2,200 check every month to a fraudster who will never buy your product.

Even worse, this illegitimate data feeds back into your AI-optimized bidding (like Google’s Performance Max or Meta’s Advantage+), training the algorithm to find more bots because it thinks they are high-quality visitors. This creates a “death spiral” where your cost-per-acquisition (CPA) stays high while your actual revenue plateaus.

Here’s what we uncovered after reviewing 200M ad clicks

Insight 1: “Location Hopping” is rampant

Physical geography is often a dead giveaway in fraud detection.

In our 3-day analysis window, we tracked thousands of devices that appeared to be traveling the globe at impossible speeds.

Modern fraud has moved away from easily identifiable data center IPs (like AWS or DigitalOcean) and has transitioned into Residential Proxy Networks. By routing bot traffic through the IP addresses of real households, often compromised IoT devices or users of “free” VPNs, fraudsters make their traffic appear as legitimate domestic users.

The top offender in our analysis appeared in 87 unique countries in under 72 hours 😱. This is an undeniable signal of programmatic manipulation. These devices often appear in multiple distant regions, such as the United Kingdom and Brazil, within the same 60-minute window. There is no legitimate scenario where a single device ID authentically represents a traveler visiting 87 countries in a single weekend.

This proves that high-speed automated systems are rotating through global proxy pools to bypass geo-targeting filters and reach high-CPC (Cost-Per-Click) markets like the United States and Western Europe.

click fraud report - 200 ad clicks - example location hopping
Sample of this data from our BigQuery results:
click fraud report - 200 million ad clicks - bigquery example 1
Fraud Probability: 99.9%

There is virtually no legitimate scenario where a single device ID would authentically represent a user traveling between 60+ countries in 72 hours.

Insight 2: Obvious cases of “Fingerprint Spoofing”

We have identified several thousand visits where the User Agent string was intentionally manipulated to hide the actual operating system or the use of automated “Headless” browsers.

These mismatches are strong indicators of automated scripts (like Selenium or Puppeteer) attempting to masquerade as human-operated desktop computers.

Here are a few examples of what we detected:

  • OS Mismatches (Forced Identities): The most common spoofing technique observed is the “UA Windows vs Fingerprint Non-Windows” mismatch. In these cases, the browser sends a header claiming to be a Windows machine, but the hardware fingerprint (TCP/IP stack and browser API behavior) reveals the device is actually running Linux or Android. This is a classic signature of a bot farm using Linux servers to emulate Windows desktops.
  • Headless Chrome Detection: We found a significant volume of traffic explicitly identifying as “HeadlessChrome”. While some of these are transparent about being bots, they often appear on high-value landing pages where human interaction is expected.
  • Windows 7 Emulation: There is a distinct cluster of traffic claiming to be Windows 7 (NT 6.1). Since Windows 7 is largely obsolete, it is frequently used by older bot scripts or intentionally chosen by fraudsters because it’s simpler fingerprinting profile is easier to forge than modern Windows 10/11 systems.

Here’s an example of Fingerprint Spoofing:

click fraud report - 200 ad clicks - example of fingerprint spoofing

Sample of this data from our BigQuery results:

click fraud report - 200 million ad clicks - bigquery example 3
Fraud Probability: 90 – 98%

Technical mismatches between a browser’s self-declaration and its physical fingerprint almost never occur in legitimate user scenarios. These are deliberate attempts to bypass security filters.

Insight 3: Bots are clicking a LOT of websites

The most striking evidence of fraud is the presence of several devices exhibiting visit rates that are physically impossible for human users.

Our analysis identified several device IDs with visit rates that represent a massive automated bot network. The most striking example was a single Device ID (aed4a5…) that recorded nearly 5 million visits over a 3-day period.

For comparison, for a human to generate 5 million visits in 72 hours, they would have to refresh a landing page approximately 1,150 times every minute without pause. This behavior is characteristic of “High-Frequency Polling,” where a script is programmed to hit an ad-spend-generating link as quickly as the server will respond.

What makes this particular offender credible as a “sophisticated” actor is its use of IP rotation. During those three days, the device also cycled through 497 unique IP addresses. This is a bot leveraging a distributed network to evade simple “rate limiting” rules that only look for too many clicks from a single IP.

Here’s a sample of data from the top 10 most active devices:

click fraud report - 200 ad clicks - example extreme web site visits
Fraud Probability: 99.9%

This combination of high-frequency polling and IP rotation is characteristic of scraping bots or large-scale click farms.

Insight 4: “Click Recycling” shows programmatic manipulation

Perhaps the most damaging discovery in our 200 million click set is the prevalence of Click Recycling.

In a healthy ecosystem, a “gclid” (Google Click Identifier) is a unique string that creates a 1-to-1 link between a specific ad click and a website visit.

However, we found evidence that bot operators are “harvesting” legitimate gclids, likely through session recording or intermediate “landing page” farms, and then reapplying them to thousands of automated visits.

This behavior suggests that bot operators are capturing legitimate gclids (perhaps through session recording or intermediate “landing page” farms) and then reapplying them to thousands of automated visits to make that traffic appear to be the result of a paid conversion.

Examples we found:

  • Identifier Reuse: The top offending gclid (beginning with CjwKCAjwhqf…) is associated with 188 unique devices and 203 unique IP addresses, resulting in 214 total visits. For a paid click ID, this is a mathematical impossibility for a single human user.
  • Cluster Density: Another significant identifier (EAIaIQob…) shows even higher network distribution, appearing across 152 devices but over 1,300 different IP addresses. This suggests a high-velocity rotation through proxy networks while maintaining the same “paid click” identity.
  • Ad Budget Drainage: These identifiers represent clicks that have already been paid for. By “recycling” them across thousands of visits, fraudulent actors can inflate conversion metrics or engage in “click washing,” making bot traffic look like high-quality leads.

We summarized the worst offenders in the scatter plot chart below. This shows that ad click IDs are being “recycled” across vast numbers of unique devices and network locations:

click fraud report - 200 ad clicks - example bots abusing google click id

Sample of this data from our BigQuery results:

click fraud report - 200 million ad clicks - bigquery example 2
Fraud Probability: 98%

A gclid is intended to be a unique identifier for a specific ad interaction. Any instance of one being shared across more than 2-3 unique devices or network locations is an almost certain indicator of programmatic manipulation.

Conclusion - Bots and click fraud are significantly impacting your ad performance

The patterns uncovered in this 200 million click analysis include the impossible location jumping between 80+ countries, device spoofing, global proxy rotations and technical masquerading. They all point to clear proof that click fraud is part of sophisticated “Fraud-as-a-Service” infrastructure.

Standard platform protections are often designed to catch the “low-hanging fruit” of basic bots. However, the sophisticated invalid traffic we have detailed here requires a dedicated, real-time layer of defense that looks beyond the IP address and into the hardware-level behavior of every visitor.

These insights are just a small sample of what we’ve uncovered and we’ll share much more soon.

Use Fraud Blocker to block bots and boost your marketing ROI

protect marketing campaigns with fraudblocker

At Fraud Blocker, our mission is to restore integrity to your advertising data by identifying and blocking these sophisticated bots before they drain your budget.

By analyzing over 100 technical signals for every click, we provide a defense layer that standard platforms simply aren’t built to maintain. On average, our clients see a significant reduction in invalid traffic, allowing them to save up to 20% on wasted ad spend.

When you eliminate the “garbage data” from your campaigns, your AI bidding models begin to learn from real human interactions, your CPA drops, and your true ROI becomes clear.

The data from 200 million clicks proves that fraud is happening every day, the question is whether you are willing to continue paying for it.

Methodology

† Fraud Blocker conducted a large-scale quantitative analysis of 200 million individual ad clicks aggregated from our proprietary monitoring platform of 60 million monthly unique IP addresses and approximately 4,500 domains. Utilizing our BigQuery data warehouse and Google Ads API, we used AI-powered data mining to help identify sophisticated patterns of manipulation that often bypass standard platform protections. 

[This post was authored by Fraud Blocker’s Founder and CEO, Mike Schrobo]

Facebook
X
LinkedIn

More from Fraud Blocker