Skip to main content

HotHouses: Where Affiliate fraud gets even more Toxic

Steve Affiliate Fraud

Affiliate marketing has always had issues with what we loosely term affiliate fraud – unauthorised PPC, brand bidding, fake coupon codes etc. But what if I told you there’s something worse, deeper, and far more deliberate?

We talk a lot about affilate fraud prevention in affiliate marketing, but almost never about the business models built around abuse. The publishers who set out to do fraud. That’s where HotHouses come in.

A HotHouse is an operation that knowingly embraces the dark side of Internet marketing and dangerous traffic sources. They are more than happy to:

  • Buy low-quality or illegal traffic at scale
  • Cloak traffic to make it look clean
  • Force attribution using scripts, redirects, or fingerprinting
  • Collect payouts from networks that never check the source

These aren’t just bad actors. They have strategically chosen to embrace malware-routed traffic, proxy farms, and hijacked clicks, and then find ways to make it look clean. They actively lean into toxic, illegal, or hijacked traffic sources and very often get paid for it.

No major affiliate network permits cloaked or laundered traffic, but the fact that so many compliance teams exist (and still catch violators) tells us this is not an abstract problem.

Not ‘normal’ affiliate fraud

The industry, at least the small corner I live in, tends to refer to a few specific things as ‘affiliate fraud’. They are generally unauthorised brand bidding or other breaches of the programmes terms and conditions.

It tends to be spread by vendors who identify ‘affiliate fraud’ as the issue their tool can solve – tools like brandverity or adpolice. Really they only block a very specific avenue.

Is this flavour of everyday affiliate ‘fraud’ compliant? Rarely. Annoying? Always. But is it illegal? To be honest, not usually.

What we’re discussing here falls outside that definition. We’re talking about groups or individuals who don’t just ignore the rules of your program – they use illegal means to promote your programme and get away with it.

Why This Traffic Is So Dangerous

HotHouses don’t just deal in sneaky brand bidding or made-up vouchers. They route traffic through some of the most compromised and deceptive digital channels online:

  • Malware-infected devices
  • Hacked CMS systems injecting redirects
  • DNS hijacks rerouting users silently
  • Botnets and proxy farms
  • Private blog networks and junk link rings

By the time that click hits your site, it looks like clean direct or organic traffic. Analytics show nothing unusual. And your affiliate platform happily tracks a conversion.

In reality the visitor may have been exposed to malware, rerouted from a hacked server, or may just be one of thousands of fake impressions burned through a botnet.

The Economics Behind It

This model exists for one reason: it is profitable. You can buy millions of junk impressions for a few pounds or dollars. All it takes is one conversion to justify the expense. And because most affiliate programs still rely on last-click attribution, the partner who got that last touchpoint gets paid, no matter how they got there.

Last-click attribution is a gift to HotHouse operators. It rewards presence, not influence. It pays out to whoever can hijack the handoff, not necessarily who did the work. And that makes it the perfect mechanic to exploit. HotHouses are engineered to catch the last click, whether or not they originated the session. They’re not just playing the game – they change the rules.

And if they get caught that’s ok – they expect that to happen eventually, just as they expect no real punishment. New IDs, new domains, new subnetworks. Business as usual.

How They Hide

Common techniques include:

  • Referrer stripping
  • JavaScript cloaking based on IP, time, or device
  • Asynchronous redirects
  • Attribution scripts in compromised sites
  • Reverse fingerprinting to spoof publisher IDs

The goal is always the same: make it look clean long enough to get paid.

Speaking of getting paid, they often sign up for networks using fake identities, VPNs or proxy IPs, and even stolen or disposable payment details to bypass verification systems. This helps them cycle through accounts and evade bans when caught.

Where Is This Happening?

This isn’t limited to one place, but there are some common patterns. It tends to happen anywhere the incentives are wrong and the enforcement is weak.

India – Cloaked traffic, click farms, performance resellers
Russia – Attribution hacking, DNS hijacks, botnet flows
China – Mobile redirects, SDK abuse, incentivised installs
Nigeria – Fake leads, ID abuse, email-driven CPA fraud
Pakistan & Bangladesh – Form bots, pop-up traffic, cloaking-as-a-service
Vietnam & Indonesia – Mobile ad fraud, cloaked redirects
Romania & Ukraine – Cloaking infrastructure and proxy setups
UAE – Shell companies and white-label fronts for global fraud

That said, this is a structural problem, not a geographic one. The most problematic subnetwork for me is based in Germany and two of the most high-profile fraud cases, Shawn Hogan and Brian Dunning vs Amazon, came out of the U.S.

The most damaging fraud that affected me came from a grim ex-mining town in Yorkshire. Lets call him ‘Adrian’, because that’s probably his name. His attack went through the biggest affiliate network in Europe and cost us £100k+ in lost products.

Anyone can be a target – especially strong brand names, but it does tend to follow the money. High-risk, high-reward verticals like crypto, gambling, sweepstakes and adult content are common targets. They often rely on smartlink networks or blind subnetworks to receive their commission, combined with cloaking or IP-based redirects to obscure their origin.

You’ve Probably Seen It Yourself

Ever seen messages like this on LinkedIn or various forums? It might seem like noise. But this is often how HotHouse operators advertise.

“💯 HQ traffic: crypto, nutra, sweepstakes. 100k/day. DM 4 Skype.”
“Top performing traffic, private source. Gmail only.”
“High CR traffic – gambling, trading, finance. Let’s talk.”

The HQ in this case doesn’t mean it is premium or ‘high quality’ traffic. It means it is quality engineered to pass the checks that identify cloaked, redirected, or bot-injected traffic. It is laundered to look clean long enough to make it your problem.

In truth, this traffic won’t always blow up in your face or cause a crisis every day (though it always has the potential to). Sometimes it just hums along in the background, quietly inflating your numbers.

But the quality is almost always terrible. It is untargeted, recycled, and totally detached from user intent. It will not convert properly or build any real engagement, and it absolutely does not help your brand in the long run.

If it starts performing well, the risk increases. If it is being ‘noisier’ then it may attract the sort of negative attention that you don’t want. Best to remove them before that happens.

Not All Subnetworks Are Innocent

Blind subnetworks are a big part of the problem. They are the enabler that bridges the gap between the activity and getting paid.

Blind subnetworks thrive on opacity. The merchant can’t see the actual traffic source. It’s the perfect firewall for HotHouses.

And when someone catches them? The subnetwork usually says, “That publisher has been removed”. Sure. I believe you.

Why the Industry Doesn’t Talk About It

Everyone in affiliate marketing seems to have their own idea of what the ‘affiliate industry’ is.

Agencies might think it’s influencer and content marketing. Networks think the industry revolves around their platform. Vendors think it’s just a customer base for their software. But affiliate marketing is a huge, messy beast and most people only see their own corner of it. The ugly parts are easier to invite or pretend they don’t happen in your slice of the pie.

With little pressure from advertisers, platforms, or regulators to clean things up, most players have decided it’s safer to look the other way. I can say from personal experience that a lot of senior network staff really don’t want to engage, and pressing the issue only serves to burn bridges.

Dealing With It

Sadly it’s unlikely that we will solve this for the entire industry any time soon, but you can protect your own program. I’m afraid this is akin to putting a big lock on your bike so a different bike gets stolen, but you can protect yourself by paying attention to the fundamentals:

  • Audit your top affiliates regularly.
  • Be sceptical of performance if you don’t intimately understand everything the affiliate does.
  • Ask to see traffic source details. Don’t just trust the label.
  • Scrutinise that list – often the examples you get sent simply couldn’t generate the results you are seeing. Question it.
  • Block blind subnetworks unless you can vet their publishers. Consider that a regular responsibility, not just a one-off.
  • Use your own attribution models. Don’t rely on last-click alone.
  • Remember that these publishers can innovate – stay on top of the latest attack methods.

SO.

Most of what we usually call ‘Affiliate Fraud’ or ad-hijacking doesn’t break the law. They often breach your program’s rules or operate in a grey area, but Interpol aren’t going to come knocking for that.

HotHouses actively design around the rules. In their eyes they aren’t cheating the system – they are optimising it for themselves. Depending what method they use you really can call a lot of HotHouses ‘organised criminals’.

HotHouses aren’t just shady affiliates. They are actual criminals. As long as last-click wins and their traffic isn’t scrutinised, they will keep getting paid. A few past scandals have exposed how much money can be lost, but the vast majority flies beneath the radar.

The industry has not yet published hard numbers on the scale of cloaked traffic or traffic laundering. That’s not because the problem isn’t real – it’s because it’s hard to catch and harder to admit.

Affiliate networks like CJ, Awin, Rakuten, and Impact have all issued strong rules against cloaked traffic and undisclosed sub-affiliate activity. Still, advertisers quietly report paying for what they later discovered was injected or manipulated traffic.

What Needs to Change

  • Affiliate-level visibility – Stop hiding behind subnetworks
  • Strict onboarding – Especially for blind traffic aggregators
  • No-pay zones – If the source isn’t disclosed, don’t pay
  • Risk-based audits – Dig into the anomalies
  • Education – Help brands recognise what toxic traffic really looks like
  • Compliance teams really need to up their game

References & Further Reading

  1. CJ Affiliate (Public Policies & Terms) – Publisher requirements prohibit cloaking, cookie stuffing, and redirect masking. Affiliates must declare all promotional methods.
    CJ Publisher Terms
  2. Awin Transparency Policy – Awin’s interface flags known subnetworks. Advertisers can opt out of blind aggregators like Skimlinks, Sovrn, and YieldKit.
    Awin Advertiser Resources
  3. Impact.com’s Approach to Fraud – Enforces strict tracking transparency and supports bot traffic detection tools like Forensiq.
    Impact.com Partner Terms
  4. eBay vs. Shawn Hogan & Brian Dunning – High-profile cookie-stuffing and affiliate hijacking cases. Over $28M in fraudulent commissions reported.
    U.S. DOJ Press Release | Wired: The $28 Million Scam
  5. Affiliate Industry Commentary on Subnetworks – Geno Prussakov and others warn that blind aggregators can create backdoor access for banned affiliates.
    Genos Affiliate Management Blog
  6. Click Injection in Mobile CPA – Discussion of mobile click hijacking and app install fraud using cloaked links.
    AppsFlyer Fraud Report