Spy Services for Affiliate Marketing: Full Guide to Attack and Defense

Hello everyone, Yellow is at the machine! It’s been a while since I’ve had any useful information, am I correcting myself?

We all usesolder-services, and we all want two things:

1. See the entire bunch that we found insoldered: to break throughcloand check the damn
2. Make sure that our creo is not found insoldered, and if they found it, they would not be able to penetrate ourcloand see the devil

Don’t you notice some contradiction here?? Well, God bless him, let’s see what can be done with these points one by one. All examples will be given using the popular in the CISsolder-service on Facebook: AdHeart. But I’ll also show you a little bit of the Facebook advertising library.

Attack

Regarding the search for links insolderedand by penetrationcloWe’ve written on the Internet more than once or twice, made presentations at conferences, etc., so let’s just briefly go through the points:

Search for links

General points

To begin with, of course, select one, two or three GEOs that interest you. Immediately put a one in the field to the right of the GEO selection — “Countries to:”, affiliates rarely pour several GEOs in one campaign at the same time.

The second point is choosing the type of Call to action buttons — affiliate marketers usually use only two: LEARN_MORE and SHOP_NOW.

If you want to watch only the latest creos, then select the date range, but I usually forget about this:

How to view only suitable creatives? Set the parameter “Launched, days:” to two to three days or more:

It’s unlikely that a web that streams creo for more than three days will make it negative, right? Another thing is that AdHeart is not always accurate in determining this indicator, so use it at your own peril and risk — you may accidentally cut off a fairly large layer of normal creos.

Of course, we remove ads with lead forms, who the hell needs them?

Well, you can remove Messenger and Audience Network from placements:

With the general settings ALL done, then we begin the actual search! The following options are possible here:

Search by words

The simplest and most unreliable way to search: write down in a notepad all the words that you assume affiliates might use in the text or title of the ad. We combine all the words through a vertical line, like:
weight loss|kilogram|diet
Next, we translate this string of ours with Google Translate into the language of your GEO, insert it into the text search and look at the results:

Well, speaking of text, you know very well that many people post without any text at all, so immediately after searching by words, set this switch to “Without text” and scroll through the feed.

Search by domain zones

The next method is to search by domain zones. Here you can find all those, for example, who downloaded from free domains Freenom-a (RIP):

This also includes a search for cheap domain zones that airline traders love to buy:.xyz|.icu|.top|.cyou|.club|.work|.site|.space|.fun|.ru.com|.website

Search by constructors

Everything is the same — we look in the same field using the link for those who like to pour via JS integration:

mystrikingly|bookmark|myshopify|webflow|tumblr|ucraft|mozello|webnode|mybigcommerce|ucoz|weebly|squarespace|yolasite|bandzoogle|snappages|jumpseller|bitrix24|canva|convertri|hipolink|tilda.ws|turbo.site|creatium|hipolink|sites.google|wixsite

Search by tags

Here we are firing at all those who transmit a pixel in a link and call it some understandable abbreviation, as well as those who raise costs throughFbToolorDolphin. To do this, write in the same field with the link:

fb_pixel|pixid|fbpixel|pixel|fbpx|px|pix|fbpix{{adset.id}}|{{ad.id}}

Next steps

Once you have found a suitable onecreative, don’t rush to run and try to punch throughclo, first, look at all the announcements that pour from the same FP:

Also use IP search: if the affiliate does not use CloudFlare or something similar, then you will see all his creatives at a glance:

Save collected IP addresses directly in AdHeart, so you can conveniently monitor trackers of other teams.

Having broken through cloakinga

You found it, so it’s suitablecreativeand now it would be nice to get a gasket, right? What do we need for this:

• First of all, this isproxydesired geo. Canuse paid ones, but you can usesome Proxy Grabber

• Next, you will need to somehow emulate a mobile device: for this you can use, for example,anti-detect-browserIndigo— it has the ability to create profiles for Android. IfIndigoIf you don’t have one, then get yourself the UserAgentSwitcher plugin and select a suitable user agent there. Please note that the internal browsers of Facebook and Instagram put their own labels at the end of the user agent line, which can be used to set up filtersclo! So we add them to the end of the line of the user agent being replaced.

• Sometimes arbitrageurs useclofiltercloby referrer: i.e. look at where the transition to their site came from. I strongly advise you not to do this, but it still happens. In any case, this filter is passed by adding the following construction to the beginning of the link from the junction:https://l.facebook.com/l.php?u=
  Wellfirst encode your link here, before adding this initial part to her.
• Sometimes a filter is used based on the presence of the fbclid parameter in the address, which Facebook automatically inserts into each link. Therefore, just in case, it’s worth adding something like:?fbclid=123412341234432143241

This way you will break through 70 percentclofrom those found. You’ll have to tinker with the rest, or even just give up. Why? I will explain in the corresponding section on protection.

Protection

Now let’s figure out how we can protect our creativity and evil spirits. Let’s start with the junctions.

Junction protection

For the most part, the advice given here will be the opposite of what was given in the attack section. I’ll give them a list; it’s not necessary (and almost impossible) to use them all. So:

• We target narrowly, such as: age 30-32. Due to the not particularly wide coverage, the likelihood of your creo getting caught by the spay bot is significantly reduced. But how to scale?
• We pour in undetected GEOs. Everything is clear here. Few people can find suitable offers for, say, Africa. Therefore, no one will really need your setup.
• Let’s pour without text. Who needs it when you have it on yours?creative? And it’s getting harder to find you (but not for those using the Facebook Ads Library as it does a great job of searching for text on images and videos!)
• We do not use free/cheap domains. Use .com, .org and .net! Either NameCheap or drops. You can’t send drops through the cloud, but to hell with it!
• Don’t go through constructors or find one that isn’t particularly well known. And anyway, why do you need this? Traffic is lost, so send it to a direct link.
• Pour via cloud. If one of your creos is burned, at least they won’t see what the whole team is pouring on the IP address.
• THE MOST IMPORTANT THING: DO NOT PUT TAGS INTO THE LINK!!!

The last point requires some clarification. What if you need to transfer tags and a pixel? Easy, use a special field for this when setting up your ad: “URL Parameters”.

Why is this so? The whole point is thatSPAITHE TEXT THAT IS IN THIS FIELD WILL NOT BE BURNED. Accordingly, they won’t be able to find you using words like fbpixel, {{adset.id}}, etc.

The great thing about this is that even if we click and go to FP:

And then we’ll go into the advertising library:

Let’s select all countries, all advertisements, go to the search field and press Enter and see the original of our advertisement, then even there, when we hover the mouse, we will not see the URL parameters!

Well, enough aboutsolders, let’s go defend our damns!

Penetration protectionclo

Again, in many ways this section will be the opposite of what is written in the attack, but not in everything, hehe) So:

• Obviously, we will use filters to filter out unnecessary GEOs
• It is also obvious that if you stream only to mobile devices, then you need to weed out the desktop
• We use a web filterproxy/VPN

This is the base, almost everyone has it. Now let’s first take a look at how popular teams cloach. They are protected, of course, primarily from bots, but still.

Nothing unusual, except that the guys from Facebook receive placement in the sub_id_1 tag and for some reason all the traffic that comes from the right column (Facebook_Right_Column placement) is considered bot traffic!

Another example from which we can take 3 things:

• Sometimes(but ONLY SOMETIMES) you can safely cut all IPv6 traffic
• You can check what language is in the user’s browser! Often those who want to break through yourclothey only putproxy, but they forget the language ☝️
• take a look at UserAgent — this is the very case when we check that the user came from Facebook/Insta/messenger, because he has a corresponding line in his user agent

But still, especially cunning punchers can quite easily replace all this. What to do? Remember those same URL Parameters that I talked about above? All the salt is in them. Since they are not visible anywhere, we will filter users BY PARAMETERS. How? I’ll tell you now.

Method 1

Let’s call it “by Keitaro’s sub-tag”. We almost always transfer a pixel from Facebook, right? And we pass it on toURL parameters. We store it (for exampletrackerKeitaro) in some sub-label, in the example it is sub_id_10. We named this sub_id_10 fbpxl.

It is enough to make a filter on the black stream based on this label and allow it to be black ONLY IF THIS LABEL IS NOT EMPTY.

If you do this in addition toWhiteand the third black, closing the flow, where you insert some crap from affiliate network, then the puncher will have the complete illusion that he punchedcloand sees real black metal!

Unfortunately, this method can be bypassed. I’ll show you how.

It’s enough to add ALL Keitaro’s subs to the link via & and enter any garbage as their value, like:

https://xxx.com?sub_id_1=1234&sub_id_2=4341&sub_id_3=wqrew and so on. There are a total of 16 sub-marks in Keitaro. The line will be long, butcloyou will break through.

Method 2

Let’s call this method «practically bulletproof«. It is enough to filter not by Keitaro’s sub-tag, but simply by parameter! So, select the “Options” filter and set:

All! Nobody knows what your pixel parameter is called, but if you want, use any other one. You are probably pulling expenses from Facebook and for this you are pulling either the ad set id or the ad id. Take the parameter that is responsible for this data and filter by it. Like: adsetid empty? Fuck it. Into the trailing flowto hell from affiliate network!

Conclusion

As you can see, in this fight between shield and sword, victory is with the shield! And the situation is unlikely to change until Facebook begins to outsource information about URL parameters, which is highly unlikely. Therefore, I can say that at the moment it is possible to defend against penetrationcloIt’s quite possible, use it if it’s really important to you, and it’s a plus!

P.S. The article uses materials from the channel «Approaches for every day«

UPD 08.06.2023: I’m a little surprised that this article gave many a false sense of security, which I simply must dispel here. If it’s not obvious to you thatany defense can be broken, then I will disappoint you — you can break it. It’s enough to create an account suitable for targeting your advertising, configure it so that it shows the advertising we need, and your setup is in full view.I explained this moment in more detail in the video..