Back to Blog
RUENZHESARPTDEFRJAKOITTRIDVIFAHI

Proxy Security Audit for Arbitrage: How to Assess Infrastructure Before Launch

How to check proxy security before launching ad campaigns: testing for leaks, configuring anti-detect browsers, and protection against chain bans.

📅February 26, 2026
```html

One unnoticed IP address leak — and an entire bundle of 20 Facebook ad accounts gets banned within hours. Arbitrage specialists and SMM professionals lose tens of thousands of rubles due to proxy configuration errors that could have been detected in just 15 minutes of checking. In this guide, we will cover a step-by-step audit of proxy infrastructure: from basic leak tests to advanced fingerprint checks and chain connections between accounts.

This checklist is suitable for working with Facebook Ads, TikTok Ads, Instagram, as well as for multi-accounting in anti-detect browsers like Dolphin Anty, AdsPower, Multilogin, and GoLogin. Each stage of the check reduces the risk of account bans and protects advertising investments.

Why Proxy Audit is Critical for Arbitrage and SMM

Modern advertising platforms and social networks use a multi-layered system to protect against multi-accounting. Facebook Ads analyzes over 200 parameters of the browser and network environment to link accounts together. One error in proxy configuration — and the algorithm finds a connection between your profiles.

A real case from practice: An arbitrage specialist launched 15 Facebook accounts through proxies from one provider. All profiles were configured in Dolphin Anty with different fingerprints. After 3 days, all accounts were banned simultaneously. The reason: a WebRTC leak revealed the real user IP address, which was the same for all profiles. The losses amounted to 180,000 rubles on balance top-ups and warmed-up accounts.

Important: Checking proxies before launch is not paranoia, but a standard practice for professionals. According to statistics, 40% of advertising account bans occur due to technical errors in proxy and anti-detect browser settings, rather than the quality of creatives or strategy.

Security audits address three critical tasks:

  • Prevention of Data Leaks — checking that the proxy truly hides your real IP, DNS requests, and geolocation
  • Protection Against Chain Bans — identifying connections between accounts through shared technical parameters
  • Quality Control of Proxies — checking the speed, stability, and reputation of IP addresses before using them in advertising

Different tasks require different levels of security. If you are managing 5 Instagram accounts for personal projects, a basic leak check is sufficient. But if you are launching 50 Facebook Ads accounts with a budget of 500,000 rubles per month — a full audit with fingerprint, timezone, language settings checks, and automatic monitoring is necessary.

Types of Leaks: IP, DNS, WebRTC, Geolocation, and Timezone

Data leaks when using proxies occur when the browser or application bypasses the proxy connection and sends requests directly from your real IP. Advertising platforms actively search for such discrepancies to detect multi-accounting.

1. IP Address Leak

The most obvious type of leak occurs when a website sees your real IP instead of the proxy IP. This happens if:

  • The proxy is incorrectly configured in the browser or anti-detect system
  • The proxy server is temporarily unavailable, and the browser switches to a direct connection
  • An HTTP proxy without encryption is used for HTTPS sites

How to check: Open the site whoer.net or 2ip.ru through the proxy. If your home IP is displayed — the proxy is not working.

2. DNS Request Leak

Even if the IP address is hidden, the browser may send DNS requests through your provider's DNS servers instead of through the proxy. Facebook and Google analyze DNS requests to determine the user's real location.

Example of the problem: You are using a proxy from the USA for Facebook Ads, but DNS requests are going through the Russian provider Rostelecom. The platform sees a discrepancy: IP from New York, but DNS requests from Moscow. This is a red flag for anti-fraud systems.

How to check: On the site dnsleaktest.com, run the Extended Test. If the results show your provider's DNS servers (not the proxy provider's) — there is a leak.

3. Leak Through WebRTC

WebRTC is a technology for video calls in the browser that can reveal your real IP even when using a proxy. This is the most dangerous leak for arbitrage specialists because it operates at the browser level and bypasses any proxy settings.

How it works: JavaScript code on the site sends a STUN request, which returns your local and public IP address. Facebook actively uses this technique to detect multi-accounts.

How to check: Open browserleaks.com/webrtc through the proxy. If your real IP is displayed in the "Public IP Address" section — WebRTC is not blocked. Anti-detect browsers have an option "Block WebRTC" — make sure to enable it.

4. Mismatch of Geolocation and Timezone

The browser sends your timezone to websites via the JavaScript API. If the proxy is from London (GMT+0), but the browser settings timezone is set to Moscow (GMT+3) — this is an obvious mismatch.

Example of an error: An arbitrage specialist uses residential proxies from the USA but forgot to change the timezone in Dolphin Anty. Facebook sees an IP from California, but the browser's timezone shows Yekaterinburg. The account gets banned after 2 days.

How to check: On the site whoer.net, look at the "Time Zone" section. It should match the geolocation of the proxy IP address. Most anti-detect browsers automatically set the correct timezone, but it's better to check manually.

Type of Leak What is Revealed Risk for Arbitrage How to Check
IP Address Real IP of the provider Critical whoer.net, 2ip.ru
DNS Provider's DNS servers High dnsleaktest.com
WebRTC Local and public IP Critical browserleaks.com/webrtc
Timezone Device's timezone Medium whoer.net (Time Zone section)
Geolocation Coordinates via HTML5 API Medium browserleaks.com/geo

Basic Check: 5 Services for Testing Proxies

Before launching advertising campaigns or starting work with a new bundle of accounts, conduct a basic audit through specialized services. This will take 10-15 minutes but can save you tens of thousands of rubles on lost accounts.

1. Whoer.net — Comprehensive Anonymity Check

One of the most popular services for checking proxies among arbitrage specialists. It shows the IP address, provider, geolocation, timezone, browser language, and presence in blacklists.

Step-by-step check:

  1. Open a profile in an anti-detect browser (Dolphin Anty, AdsPower, or another)
  2. Go to whoer.net
  3. Wait for the analysis to complete (5-10 seconds)
  4. Check the anonymity score — it should be at least 80/100
  5. Ensure that the IP matches your proxy (not your home address)
  6. Check the correspondence of timezone and geolocation of the IP

What to pay attention to: If the score is below 70/100, reveal the details of the check. Usually, problems are related to the browser language (it should match the country of the proxy), timezone, or the presence of the IP in spam databases.

2. BrowserLeaks.com — Detailed Fingerprint Analysis

This service shows all parameters that websites can use for tracking: Canvas fingerprint, WebGL, audio context, fonts, plugins, and much more. It is critically important for checking anti-detect browsers.

Key sections to check:

  • WebRTC Leak Test — checking for IP leaks through WebRTC (should show only the proxy IP)
  • Canvas Fingerprint — unique browser fingerprint (should differ for each profile)
  • WebGL Report — information about the graphics card (anti-detect should spoof this data)
  • IP Address — basic check of IP and geolocation

Open 2-3 different profiles in the anti-detect browser and check the Canvas fingerprint on each. The fingerprints should be different — this confirms that the browser is correctly spoofing the parameters.

3. DNSLeakTest.com — DNS Leak Check

A specialized service for checking DNS requests. It is especially important when working with Facebook Ads and Google Ads, as these platforms actively analyze DNS to determine the real location.

How to check: Click "Extended Test" and wait for the results. All DNS servers should belong to the proxy provider or be in the same country as the proxy IP. If you see DNS servers from your home provider (Rostelecom, MTS, Beeline) — there is a leak.

4. IPLeak.net — Universal Tool

Combines checks for IP, DNS, WebRTC, and torrent leaks on one page. Convenient for quickly checking all parameters at once.

Advantage: Shows both IPv4 and IPv6 addresses simultaneously. Some proxies only work with IPv4, but the browser may send requests via IPv6 from your real address. IPLeak.net identifies such issues.

5. 2IP.ru — IP Reputation Check

A Russian service that shows not only the IP and provider but also the presence of the address in spam databases. Critical for email newsletters and account registrations.

What to check: In the "IP Check" section, look at the status in blacklists (RBL). If the IP is in spam databases, registering new Facebook or Google accounts will be problematic — the platforms automatically block suspicious addresses.

Basic Check Checklist (5 minutes per profile):

  • Whoer.net — anonymity score above 80/100
  • BrowserLeaks WebRTC — only proxy IP, no leaks
  • DNSLeakTest — all DNS from the proxy provider
  • Whoer.net — timezone matches the geolocation of the IP
  • 2IP.ru — IP not in blacklists

Anti-Detect Browser Settings: Security Checklist

Even high-quality mobile proxies will not protect against bans if the anti-detect browser is configured incorrectly. Dolphin Anty, AdsPower, Multilogin, and GoLogin offer dozens of parameters for configuring fingerprints — let's break down the critical ones for security.

Proxy Configuration in Profile

Step-by-step instructions for Dolphin Anty:

  1. Create a new profile → "Proxy" tab
  2. Select type: HTTP, SOCKS5, or SSH (SOCKS5 is better for advertising)
  3. Enter proxy details: IP:port:login:password
  4. Click "Check Proxy" — a checkmark and geolocation should appear
  5. Enable the option "Change timezone by IP" — the browser will automatically set the correct timezone

Critical error: Many arbitrage specialists forget to click "Check Proxy" and save the profile with a non-working proxy. When opened, the browser operates with your real IP. Always check the proxy status before saving the profile.

Blocking WebRTC

In the profile settings, find the "WebRTC" section and select the mode:

  • Disabled — completely disables WebRTC (safe, but may break video calls)
  • Altered — replaces the IP with the proxy address (recommended for Facebook and TikTok)
  • Real — shows the real IP (NEVER use for multi-accounting!)

For arbitrage and SMM, choose only Disabled or Altered. After configuration, be sure to check on browserleaks.com/webrtc — only the proxy IP should be displayed.

Geolocation and Language Settings

Facebook and Google analyze the correspondence between the IP address, browser language, and interface language. If the proxy is from the USA and the browser language is Russian, this raises suspicions.

Correct configuration:

  • IP from the USA → browser language English (United States) → timezone America/New_York
  • IP from the UK → English (United Kingdom) → timezone Europe/London
  • IP from Germany → Deutsch (Deutschland) → timezone Europe/Berlin

In Dolphin Anty and AdsPower, there is an option "Auto-fill by IP" — the browser will automatically set the correct language settings and timezone based on the proxy's geolocation. Use this feature to avoid errors.

Canvas and WebGL Fingerprint

Canvas fingerprint is a unique browser fingerprint created based on how the browser renders graphics. Even two identical browsers on the same computer will have different Canvas fingerprints.

Configuration in the anti-detect browser:

  • Canvas: select "Noise" mode — the browser will add slight distortions to the fingerprint
  • WebGL: "Noise" mode — spoofing information about the graphics card
  • Fonts: use a font set that matches the operating system of the fingerprint

Check: open browserleaks.com/canvas in two different profiles. The fingerprints should differ. If they are the same — the anti-detect is incorrectly configured or the Canvas spoofing is not working.

Parameter Recommended Setting Why It's Important
WebRTC Disabled or Altered Prevents real IP leakage
Timezone Auto-fill by IP Correspondence to proxy geolocation
Canvas Noise Unique fingerprint for each profile
WebGL Noise Spoofing information about the graphics card
Browser Language Matches the country of the IP Avoid discrepancies in fingerprint
Geolocation Block or spoof by IP Prevention of coordinate leakage

Fingerprint and Profile Uniqueness Check

Fingerprint (digital fingerprint) is a set of browser and device characteristics that websites use to identify users. Even if you use different proxies, an identical fingerprint will reveal a connection between accounts.

What is Included in the Fingerprint

Modern anti-fraud systems of Facebook, TikTok, and Google analyze over 200 parameters:

  • User-Agent: browser version, operating system, processor architecture
  • Screen Resolution: width and height of the display, color depth
  • Installed Fonts: list of available fonts in the system
  • Canvas Fingerprint: unique fingerprint based on graphics rendering
  • WebGL: information about the graphics card and drivers
  • Audio Context: characteristics of the audio system
  • Plugins and Extensions: list of installed browser add-ons

If two profiles have identical fingerprints but different IP addresses, the platform understands that one person is using proxies to bypass bans. The result — chain ban of all linked accounts.

How to Check Fingerprint Uniqueness

Method 1: Comparing Canvas Fingerprint

  1. Open the first profile in the anti-detect browser
  2. Go to browserleaks.com/canvas
  3. Copy the "Canvas Hash" value (for example: a3f5c8d2e1b4...)
  4. Open the second profile and repeat the check
  5. Compare the hashes — they should be different

If the Canvas Hash is the same for several profiles — the anti-detect browser is not working or is incorrectly configured. Check the Canvas settings (it should be in Noise or Random mode).

Method 2: Using Pixelscan.net

Pixelscan is a professional tool for fingerprint analysis developed by the Multilogin anti-detect browser team. It provides a detailed report on all parameters and assesses the quality of spoofing.

What to check on Pixelscan:

  • Consistency Score: score of parameter consistency (should be above 90%)
  • WebRTC: there should be no leaks of local or public IP
  • Canvas: unique fingerprint for each profile
  • Fonts: font set should match the operating system

Open Pixelscan in 3-5 different profiles and save the links to the reports. Compare the parameters — they should differ significantly. Pay special attention to Canvas, WebGL, and Audio fingerprints.

Typical Fingerprint Errors

Error 1: Identical Screen Resolution
Many arbitrage specialists use the same resolution (for example, 1920x1080) for all profiles. Facebook sees 20 accounts with identical screen resolutions — this is suspicious. Solution: in the anti-detect browser settings, enable "Random screen resolution" or set different values manually.

Error 2: Identical Font Set
If all profiles show the same list of installed fonts, this is a sign of one physical device. Anti-detect browsers should spoof the list of fonts depending on the operating system of the fingerprint (Windows shows Arial, Calibri; macOS — Helvetica, San Francisco).

Error 3: Mismatch Between User-Agent and Canvas
User-Agent says "Windows 10", but the Canvas fingerprint is characteristic of macOS. Such discrepancies are easily detected by algorithms. Use ready-made fingerprints from anti-detect browser databases — they are collected from real devices and guarantee consistency.

Professional Tip: Create a reference profile and check it on Pixelscan. If the Consistency Score is above 95%, save the fingerprint as a template and use it for new accounts with small variations (change Canvas noise, screen resolution, but keep the basic OS parameters).

Protection Against Chain Bans: Infrastructure Separation

A chain ban occurs when the blocking of one account leads to the automatic blocking of all linked profiles. Facebook, TikTok, and Google use graph algorithms to find connections between accounts through shared technical parameters.

How Platforms Find Connections Between Accounts

Anti-fraud systems build a graph of connections, where nodes are accounts, and edges are shared parameters:

  • Shared IP Address: if 10 accounts logged in from one proxy
  • Identical Canvas Fingerprint: a clear sign of one device
  • One Payment Card: linking a bank card to multiple ad accounts
  • Shared Phone Number: using one number for verification
  • Identical Cookies: if profiles are not isolated in the anti-detect browser

When one account gets banned, the algorithm checks the connection graph and blocks all profiles that have 2 or more shared parameters. This explains why sometimes accounts you haven't even used get banned — they are linked to a blocked profile through the proxy or fingerprint.

Infrastructure Separation Strategy

Rule 1: One Proxy — One Account (for critical projects)

If you are working with expensive warmed-up Facebook Ads accounts (costing 10,000+ rubles), use dedicated proxies for each profile. This completely eliminates connections through the IP address.

For less critical tasks (SMM, price monitoring), it is acceptable to use one proxy for 3-5 accounts, but with mandatory time separation: each account operates in its time slot to avoid simultaneous sessions.

Rule 2: Different Subnets for Different Bundles

Do not buy all proxies from one provider in one subnet. If you have 50 accounts, divide them into 5 groups of 10 accounts and use proxies from different providers or from different subnets. This reduces the risk of mass bans if one of the IPs gets blacklisted.

Rule 3: Unique Payment Methods

For ad accounts, use different bank cards or virtual cards. Facebook and Google actively link accounts through payment details. One card number for a maximum of 2-3 accounts.

Rule 4: Different Email Domains

Do not register all accounts with an email from one domain (for example, 50 accounts on @gmail.com from one IP). Use different email services: Gmail, Outlook, Yahoo, ProtonMail. This complicates the search for connections through email patterns.

Profile Isolation in Anti-Detect Browser

Dolphin Anty, AdsPower, and other anti-detect browsers create isolated profiles with separate cookies, localStorage, and cache. But there are nuances:

  • Never open two profiles simultaneously from one IP — this creates a connection
  • Clear cache and cookies when changing proxies on the profile
  • Do not copy profiles using the "Clone" function — this retains part of the fingerprint
  • Use different browser versions for different groups of accounts

Separation Scheme for 30 Facebook Ad Accounts:

  • Group A (10 accounts): residential proxies from the USA, provider 1, Visa cards
  • Group B (10 accounts): mobile proxies from the USA, provider 2, Mastercard cards
  • Group C (10 accounts): residential proxies from Europe, provider 3, virtual cards
  • Each group operates in its time slot (A: 9-13, B: 14-18, C: 19-23)
  • Different email domains for each group

Real-Time Monitoring: Automation of Checks

Manually checking 50 profiles takes several hours. Professional arbitrage specialists automate proxy security monitoring to instantly detect problems.

Automatic Proxy Check via API

Many proxy providers offer APIs for checking status and rotating IPs. You can set up a script that checks every 30 minutes:

  • Proxy availability (ping, response time)
  • Presence of IP in blacklists (via APIs of services like AbuseIPDB)
  • Geolocation compliance (IP should be from the declared country)
  • Connection speed (critical for parsing and automation)

Upon detecting a problem, the script sends a notification to Telegram or email, allowing you to promptly replace the proxy before accounts get banned.

Fingerprint Monitoring via Puppeteer

For technically advanced users: you can set up automatic fingerprint checks via the headless browser Puppeteer. The script opens a profile, goes to browserleaks.com/canvas, collects the Canvas Hash, and compares it with previous values.

If the Canvas Hash changes (for example, after updating the anti-detect browser) — this is a signal that the fingerprint has broken and the profile needs to be recreated. Such monitoring prevents situations where you only learn about a problem after the accounts are banned.

Logging Profile Activity

Keep a log of activity for each profile: when it was opened, from which IP, what actions were performed. This helps in investigating bans — you can accurately determine which profile...

```