Rotating too early wastes a healthy IP history. Too late burns the profile. The 3 real signals to rotate, the false signals, lifecycle by proxy type, and the complete sequence that minimizes Meta’s suspicion.
The 3 real signals
1. Rising latency with jitter, not isolated spikes
Latency alone is misleading — the proxy may be slow because the provider’s ISP is congested at that moment. What diagnoses is the combination: rising latency + increasing jitter + Meta-specific response time degrading.
When the proxy is fast for Google but slow for Meta, that’s specific — the route to Meta’s infrastructure is degraded for that IP. Could be routing, throttling, or detection, but it’s not “bad proxy in general.”
Practical measurement: record the baseline latency range when the proxy is fresh. When it exceeds 50% above baseline across 3 consecutive sessions, it’s a serious signal. Without a baseline, you’re guessing “it’s slow today.”
2. Persistent BM anomaly, not occasional
The difference between “Meta is being annoying today” and “this IP is flagged” is persistence. Asked for extra verification once? Normal. Asked across 3 logins in a week, on different accounts on the same IP? The IP is the problem.
The most underrated symptom: slower automatic ad reviews — ads that used to clear in 30 minutes now take 4-8h. That’s a silent Meta flag and almost nobody notices.
Another signal: new accounts linked to the same IP receive preventive restrictions. When that happens, the IP is on an internal list even if it doesn’t show up on public checkers.
3. Cross-checked external score
IPQS alone is misleading — I’ve seen IPs scored 25 on IPQS and 80 on Scamalytics. Rule: three checkers, two must fail.
- IPQS: sensitive to recent fraud and abuse
- Scamalytics: detects reuse (shared proxy)
- MaxMind via ipinfo.io: classifies type (residential vs hosting vs mobile). If the proxy is “residential” but classifies as hosting, discard immediately
- AbuseIPDB: when debugging a specific case — shows reported abuse history
False signals — don’t rotate
| Symptom | Why it’s NOT the IP |
|---|---|
| ROAS drop after creative swap | Control the variable: revert the creative, keep the IP, see if ROAS recovers |
| 1487 error or mass rejection | It’s creative, headline, or account history |
| Delivery drop on Monday morning | It’s auction competition. Wait 24-48h |
| Personal Facebook alert | Personal FB is stricter than BM. Verify campaigns are still running normally |
| Single captcha | Once? Normal. 3 consecutive sessions? Then yes |
| Isolated 500/503 that disappeared | Once isn’t a pattern |
Lifecycle by proxy type
| Type | Cycle | Notes |
|---|---|---|
| Datacenter | Zero | Already burned for Meta. Still works for Google in some verticals. |
| ISP (static residential) | 30-60 days | Best cost-benefit for serious operations. Stability — IP doesn’t change, lets you build history. |
| Residential rotating | Per session | Each session uses a different IP. Good for scraping, bad for managing accounts — Meta detects rotation as anomaly. |
| Residential dedicated (sticky) | 30-45 days heavy, 60-90 moderate | What most people use. |
| Mobile (4G/5G) | 60-90 days | Best reputation on Meta — mobile IPs are naturally shared, so Meta can’t penalize as harshly. Costs more. Slower degradation. |
Rule of thumb: preventive rotation every 30 days under heavy use, regardless of symptoms. Cheaper to rotate before the problem than to debug a restricted account.
The nuance nobody talks about: the lifecycle isn’t just the IP — it’s the combination IP + browser fingerprint + cookies + behavior. Rotating only the IP while keeping the rest can be worse than not rotating. If you swap the proxy but keep the same browser profile, Meta detects the inconsistency (same fingerprint, new IP) and that’s more suspicious than continuing with the old IP.
How to test if the new IP is clean
Complete sequence in 4 layers:
Layer 1 — Automated checks
ipqualityscore.com→ fraud score < 30, no VPN/proxy/Tor flagscamalytics.com→ “low risk”, risk score < 25ipinfo.io→ confirms type (residential/mobile), coherent location, expected ISP ASNabuseipdb.com→ confidence of abuse < 10%, no recent reportsdnsleaktest.com→ confirms no DNS leak to your real ISPbrowserleaks.com/webrtc→ confirms WebRTC isn’t exposing real IPbrowserleaks.com/canvas→ canvas fingerprint is unique and consistent
Layer 2 — Organic warmup (minimum 30 minutes)
Login to a secondary Google account, search for neutral things (weather, news, recipes), watch 2-3 videos on YouTube. Human behavior — pauses between clicks, variable scroll.
Layer 3 — Linked but inactive test
Login to a personal FB (a warmup account, never the main one). Browse feed, like 2-3 posts, leave without commenting. If all good, repeat the next day.
Layer 4 — Progressive linking
- Day 3: login to secondary BM without touching campaigns. Just view reports
- Day 4: minor edit (rename a paused campaign)
- Day 5: can start real operations
This protocol takes 5 days. Sounds excessive. But the alternative — linking the main account directly — is what burns the IP and account together. The math: 5 days of warmup vs 30 days debugging a restricted account.
Complete rotation sequence
Each step has a reason:
- Pause campaigns (don’t deactivate). Pausing preserves learning history. Deactivating resets it.
- Clean logout from all platforms, one at a time, 2-3 minutes between each. Logging out everything at once generates a burst of terminating requests that can look suspicious.
- Close the entire browser — not just tabs. Browsers keep active connections even with tabs closed.
- Clear cookies, cache, and localStorage. Or — better — use a fresh anti-detect profile (GoLogin, AdsPower, Multilogin). Old cookies with a new IP is exactly the signal Meta detects as account takeover.
- Generate a new browser fingerprint. New canvas fingerprint, new WebGL, new font. Keep only what makes sense (timezone coherent with IP, language coherent).
- Connect the new proxy. Wait 30 minutes. Not superstition — give Meta time to process the origin change. If you log in at the exact rotation moment, they correlate logout-and-login-with-new-fingerprint as a single suspicious event.
- Warm up (Layer 2 above). Minimum 3 days before touching real campaigns.
- Progressive reactivation. Don’t reactivate everything at once. Start with 1-2 campaigns, monitor 2-3h, if all normal reactivate the rest in batches.
WARNING — When Meta acts, it’s usually irreversible. Each IP rotation on an active account generates suspicion at Meta. Your job is to give every other signal of normality — coherent fingerprint, human behavior, warmup time — so suspicion doesn’t become action.