Looking at the Amazon stats I see 123 clicks. Nothing was purchased so I opened up the logs and noticed it was all from one IP address. It resolved to Russia.
While not a DDoS type of an attack, it did give me pause to consider the tool I use to monitor bot traffic. It appears that I may need to expand on the tools scope to blackball some miscreants.
220.127.116.11 is the IP address of the Russian hacker who has now toned it down. 18.104.22.168 is the IP address of a person in Hungary. Traffic has been higher than the Russian with no fake ad clicks. Hackers are wasting their time attempting too logon as the password ias 256-bit entropy so access is denied.
I have been considering leveraging iptables to block miscreants of the abuses continue.