EN
UK
RU
AR
BN
ZH
DE
ES
FR
HI
ID
UR
PT
TR
If you've already read the full media buyer's stack guide, you know the trio: spy service, anti-detect browser, proxy. You know they need to be consistent. What that guide intentionally doesn't go into and what most teams quietly mess up is the day-by-day warm-up procedure for the IP layer.
This is that procedure. Specifically, for 4G mobile proxies on a stable carrier, which is the only IP setup that reliably survives modern Tier-1 anti-fraud at scale.
Why warm-up still matters in 2026
Meta, TikTok, and Google have all converged on the same approach: a new ad account isn't trusted until it proves it's not a farm. They use a layered evaluation:
IP reputation history does this address have a track record of legitimate traffic?
Behavioral cadence does the account's activity look like one human or ten bots?
Device + IP consistency does the IP geo match the device locale, language, and time zone?
Velocity how fast is the account doing things a real new advertiser would never do?
If you ramp from 0 to 500/day on day three, your account will be flagged. If you log in from a fresh IP every session, your account will be flagged. If your IP comes from a datacenter ASN, your account is flagged before you even log in.
Warm-up is the process of feeding the platform consistent, organic-looking signals over enough time that it concludes "this is a real human running a real business." Two weeks is the safe minimum.
Why 4G mobile specifically the CGNAT advantage (and the carrier you pick)
Let's be honest about the IP options:
Datacenter proxies are dead for ad accounts. ASN classification flags them within seconds.
Residential proxies are better, but most providers source IPs from P2P networks where the same residence is rented to dozens of customers simultaneously. If five other people are running multi-account farms on your residential IP today, your account inherits all that toxicity.
Mobile 4G proxies route through actual SIM cards on real cellular networks. They benefit from CGNAT (Carrier-Grade NAT), which means a single mobile IP is shared with thousands of legitimate users people scrolling Instagram, ordering Uber, watching TikTok at the same time. Anti-fraud systems can't aggressively block mobile IPs without burning real customers, so they don't.
There's one nuance every media buyer needs to understand: 4G mobile proxies don't have controllable "sticky sessions" the way datacenter proxies do. The IP assigned to a SIM is decided by the carrier itself, and it can change at any time without warning typically when the cellular session refreshes, the modem hands off between cells, or the carrier rotates its DHCP pool. No proxy provider can fully prevent this; it's how cellular networks work.
What separates a usable warm-up setup from a dangerous one is which carrier you're on. Carriers vary dramatically in how often they reassign IPs:
Orange (France) extremely stable. The same IP commonly persists for several days without involuntary change. Best in class for warm-up.
Bouygues / SFR (France) solid, usually multi-hour to multi-day persistence depending on cell load.
Free Mobile (France) more aggressive session refresh, IPs cycle more frequently. Fine for high-volume scraping, less safe for delicate warm-up.
Foreign tier-1 carriers (T-Mobile US, Vodafone, Telefónica) vary widely; test before you trust.
For warm-up, you don't need the proxy to be "sticky" by configuration. You need to pick a carrier whose natural IP persistence is long enough that a 14-day warm-up window completes on the same address or at most, on two consecutive ones with similar geo and ASN.
The 14-day warm-up playbook
The schedule below assumes one ad account per IP, one IP per anti-detect profile. No exceptions.
Days 1–2: Cold start
Log in once per day, never twice. 5–10 minutes max per session.
Browse the platform like a regular user: scroll the feed, like 2–3 posts, view 1–2 ads from your competitor research (this is where your spy service findings come in handy pick ads in your future advertising vertical).
Do not touch Ads Manager yet.
Same IP throughout. Same anti-detect profile. Same browser fingerprint.
Days 3–5: Profile build-out
Log in once daily, 10–15 minutes per session.
Add a profile picture, fill out the bio, follow 5–10 pages relevant to your future vertical.
Send 1–2 messages or comments to friends or test accounts to generate non-ad activity.
Connect a payment method on day 5 only. Use a card that matches the IP's geo-country.
Days 6–8: Page creation + first micro-test
Day 6: create a Facebook Page or TikTok Business account. Fill it out completely logo, banner, description, link to a real-looking landing page.
Day 7: open Ads Manager but do NOT create campaigns. Navigate, view the dashboard, click around for 5 minutes.
Day 8: launch a single, very low-budget campaign ($5–10/day). Soft, non-aggressive creative. Let it run.
Days 9–11: Slow scale
Increase daily budget by no more than 30% per day.
Add a second creative inside the same campaign.
Keep all tracking pixels firing correctly.
Days 12–14: Pre-production
By day 14, the account should be running at $50–100/day with stable delivery.
This is when you graduate to your real campaigns and gradually shift toward your money creatives.
If at any point during these 14 days you see a checkpoint, an unusual login alert, or a temporary restriction, pause for 48 hours before resuming. Don't push through warnings that's how accounts die at the most expensive moment.
Three warm-up mistakes that kill accounts even with a perfect stack
Mistake 1: Treating the IP as something you control mid-session
You logged in at 10 AM Tuesday with IP A. Without warning, the carrier reassigned a new IP at 10:25 AM. You submitted a payment method at 10:30 AM. The platform sees a single "user" who teleported across the cellular network in the middle of a financial transaction. Flag.
This isn't always your fault it's a structural reality of mobile networks. The fix isn't to "force sticky sessions" (you can't, on real 4G), it's to pick a carrier and a provider where this rarely happens during a warm-up window, then validate it empirically.
Run this test before betting an account on the setup:
for i in {1..60}; do
curl --proxy http://user:[email protected]:8080 https://ipinfo.io/ip
sleep 60
doneRun it for 1 hour minimum, ideally 24h. The IP should stay the same for the entire window. Some occasional involuntary changes can happen even on the most stable carriers once or twice a day is acceptable. More than that and the carrier isn't suitable for warm-up.
A second guardrail: when an involuntary change does happen, the new IP should resolve to the same carrier ASN, same country, same general region. If a session refresh suddenly drops you from AS3215 Orange S.A. / Paris to AS31703 Orange Polska / Warsaw, your provider is doing something weird abort.
Mistake 2: IP geo-mismatch
Your anti-detect profile says New York time zone, English (US), 1920×1080. Your IP geolocates to São Paulo. Even if everything else is perfect, this single inconsistency is enough for Meta's anti-fraud to soft-flag the account on session two.
The fix: pick the proxy geo first, then build the anti-detect profile around it. Not the reverse.
Mistake 3: Sharing one SIM across multiple accounts
You're running five accounts and you routed them all through the same SIM because "it's a real mobile carrier IP, what could go wrong?" Everything goes wrong. The platform doesn't see five people on a CGNAT it sees one device with five different anti-detect fingerprints, all hitting the same IP at coordinated times, and that's a textbook farm pattern.
The fix: one account = one dedicated SIM, period. If you can't afford that, you can't afford to scale.
How to test if a proxy is "warm-up grade" before you trust it with money
Before committing a $5000 ad account to any proxy, run this 5-minute test:
1. ASN check. Connect through the proxy and verify the carrier:
curl --proxy http://user:[email protected]:8080 https://ipinfo.io/json
The org field must show a real mobile carrier (e.g., AS3215 Orange S.A.), not a hosting company or a generic ISP.
2. WebRTC leak check. Openhttps://browserleaks.com/webrtcthrough the proxy in your anti-detect browser. The displayed IP must match the proxy IP, not your real IP. If WebRTC leaks, your real geo bypasses the proxy and the platform sees both instant detection.
3. Blacklist check. Run the IP throughhttps://www.spamhaus.org/lookup/ and https://mxtoolbox.com/blacklists.aspx. If it's listed on any major blacklist, the IP has a fraud history. Don't use it.
4. IP persistence test. Run the 60-iteration loop above (1 hour minimum, 24h ideal). Confirm the IP is stable for the full window. Occasional involuntary reassignments can happen on any cellular network what matters is that it's rare (≤1-2 per day on a stable carrier like Orange) and that the new IP stays in the same carrier ASN and geo.
5. Latency test. Mobile proxies should sit at 50–150ms RTT to major US/EU endpoints. Above 300ms = either a slow modem or a relay routing through somewhere it shouldn't.
If the proxy passes all five, it's warm-up grade. If it fails any, your account warm-up is at risk.
When to swap IPs vs when to ride the carrier
Once an account is fully warmed (post day-14), you have two operating modes:
Stay on the same SIM and let the carrier do its thing. Safest mode for high-value, long-term accounts. You don't initiate rotations. If Orange (or whichever stable carrier you picked) hands you a new IP every few days as part of normal session refresh, that's fine same ASN, same geo, same SIM = the platform reads it as continuity, not as a session-hopping farm. The relationship between account and SIM is what matters, not immutability of a specific IP.
Force a rotation at controlled intervals. Makes sense when building a fleet of similar accounts and you want to spread them across different IPs in the carrier pool to avoid clustering. Rotation should be measured in days, never inside a session.
Never trigger a manual rotation during an active session unless you're explicitly resetting the account's session state and you know exactly what you're doing.
A note on scaling
If you're running 50+ ad accounts in parallel, you need 50+ dedicated mobile IPs. There's no shortcut. The cost of mobile proxies looks high until you compare it to the cost of one banned account at scale ($1500–5000 in lost ad spend, lost time, lost data).
Most quality 4G mobile proxy providers in 2026 charge €40–60 per dedicated SIM with unlimited bandwidth. For 50 accounts, that's €2000–3000/month meaningful, but a fraction of what a single bad warm-up costs you.
TL;DR
Warm-up takes 14 days. Don't shortcut it.
4G mobile IPs aren't sticky by configuration they're stable by carrier choice. Pick a carrier with long natural IP persistence (Orange in France is the gold standard).
One account = one dedicated SIM. Always.
Test the carrier with a 1-24h IP persistence loop before trusting it with money. Occasional involuntary reassignment is OK as long as the new IP stays in the same ASN and geo.
The expensive part isn't the proxy bill. It's the banned account from cutting corners on the proxy bill.
This guide was written by the team at HexaProxy, a French 4G mobile proxy provider running real SIM cards on Orange, SFR, Bouygues, and Free Mobile networks. For a deeper dive into how mobile IP rotation works at the carrier level, see How a 4G Mobile Proxy Works.
Comments 0