Hello all, Yellow at the machine! It's been a long time since I've had any good information, right?
We all use Spy-services, and we all want two things:
- To see the whole bundle we found in the sleepers: punch in clo and check the procla
- Make sure that our creo is not found in the sleepersand if they did, they couldn't penetrate ours. clo and see the procla
Вы не замечаете тут некоторого противоречия?? Ну да и бог бы с ним, давайте посмотрим, что можно сделать с этими пунктами по очереди. Все примеры будут приведены с использованием популярного в СНГ Spy-Facebook service: AdHeart. But I'll also show you a little bit of the Facebook ad library.
Attack
Regarding the search for bundles in sleepers and the penetration clo It has been written in the Internet more than once and more than twice, reports have been made at conferences, etc., so let's just briefly go through the points:
Searching for bundles
General points
To begin with, obviously, choose one or two or three GEOs that interest you. Put a 1 in the box to the right of the GEO selection - "Countries before:", arbitrageurs rarely pour multiple GEOs into the same campaign at the same time.
The second point is to choose the type of Call to action buttons - arbitrageurs usually use only two: LEARN_MORE and SHOP_NOW.
If you want to see only fresh creos, you choose a date interval, but I usually screw that up:
How to watch only good creatives? Set the "Been running for two or three days or more:
It is unlikely that the web, which pours the creo for more than three days, pours it in the minus, right? Another thing is that AdHeart is not always accurate in determining this indicator, so use at your own risk - you can accidentally cut quite a large layer of normal creos.
Of course, remove ads with a lead form, who the hell needs them?
And you can remove Messenger and Audience Network from the playlist:
С общими настройками ВСЁ, далее начинаем, собственно, поиск! Здесь возможны следующие варианты:
Search by words
The easiest and most unreliable way to search: write down in a notebook all the words that you assume arbitrageurs may use in the text or the title of the ad. Words are all combined with a vertical line, such as:loss of weight loss|kilograms|diet
Then we translate our string with Google Translate in the language of your GEO, put it into a text search and see the results:
Well, speaking of text, you know very well that many people pour in without text at all, so immediately after you've searched for words, put this switch to "No text" and flip through the feed.
Search by domain zones
Следующий способ — поиск по доменным зонам. Тут можно найти всех тех, например, кто лил с бесплатных доменов Freenom-a (RIP):
Также сюда относится поиск по дешёвым доменнам зонам, которые обожают закупать арибтражники: .xyz|.icu|.top|.cyou|.club|.work|.site|.space|.fun|.ru.com|.website
Search by Designers
All the same - looking in the same field on the link amateurs pouring through JS-integration:
mystrikingly|bookmark|myshopify|webflow|tumblr|ucraft|mozello|webnode|mybigcommerce|ucoz|weebly|squarespace|yolasite|bandzoogle|snappages|jumpseller|bitrix24|canva|convertri|hipolink|tilda.ws|turbo.site|creatium|hipolink|sites.google|wixsite
Search by Tag
Here we are scorching all those who pass a pixel in the link and call it some understandable abbreviation, as well as those who pull up costs through FbTool or Dolphin. To do this, write in the same field with the link:
fb_pixel|pixid|fbpixel|pixel|fbpx|px|pix|fbpix{{adset.id}}|{{ad.id}}
Further action
After you have found a suitable creativedon't be in a hurry to run out and try to punch it. clo, for starters, look at all the ads that are pouring in from the same fp:
Also use IP search: if the arbitrator doesn't use CloudFlare or something similar, you'll see all his creatives as clear as the palm of your hand:
Save collected IP addresses directly in AdHeart, so you can conveniently monitor trackers of other teams.
Cloaking Breakthrough
So you've found one that's good for you. creative and now it would be nice to get a gasket, right? So what do we need for that?
- First and foremost, these are. proxy the right geo. You can use the tollsor you can use Some kind of Proxy Grabber
- Next, you will need to emulate the mobile device in some way: you can use this for example, antidetect-browser Indigo - it has the ability to create profiles for Android. If, on the other hand Indigo If you don't have one, then use the UserAgentSwitcher plugin and find a suitable user agent there. Keep in mind that the internal browsers of fb and insta put their own tags at the end of the user agent string, which can be used to customize the filters clo! So we add them to the end of the substituted useragent string.
- Sometimes arbitrageurs use in clo strainer clo by referer: i.e. they look at where the link to their site came from. I do not recommend you to do this, but it nevertheless occurs. In any case, this filter is passed by adding the following construction to the beginning of the link from the spay:
https://l.facebook.com/l.php?u=
So. encode your link here firstbefore adding this initial part to her. - Sometimes the filter is used by the presence of the parameter fbclid in the address, which fb automatically sets to each link. That's why it's worth adding a type just in case:
?fbclid=123412341234432143241
That way you'll hit 70 percent clo of the ones we found. The rest of them will be a pain, if not a total waste. Why? I will explain in the corresponding section on defense.
Protection
Now let's figure out how we can keep our creatives and procles safe. Let's start with the spays.
Solder protection
For the most part, the advice given here will be the opposite of that given in the section on offense. I will give them as a list, it is not necessary (and practically impossible) to use them all. So:
- We do narrow targeting, such as: age 30-32. Due to a not particularly wide reach, the likelihood of your creo "catching the eye" of the spy bot is greatly reduced. But how do you scale?
- We use un-assembled GEOs. Everything is clear here. Few people can find good offers for, say, Africa. That's why no one will really need your link.
- We cast without text. Who needs it when you have it on your Creativity? А найти вас становится сложнее (но не для использующих библиотеку рекламы Facebook, поскольку она отлично ищет по тексту на изображениях и видео!)
- Не льём бесплатные/дешёвые домены. Используйте .com, .org и .net! Либо NameCheap, либо дропы. Дропы не прокинешь через клауд, да ну и хрен бы с ним!
- Don't pour through constructors or find one that is not particularly well known. In fact, why do you need it? Traffic is lost, pour it on the direct link.
- Do it through the cloud. If one of your creos gets burned, at least they won't see that the whole team is leaking by IP-address.
- MOST IMPORTANTLY: DON'T PUT THE TAGS IN THE LINK!!!
The last point requires clarification. What to do if you need to pass tags and pixel? Easy, use a special field for this when setting up your ad: "URL Parameters".
Why is this so? It's all because SPAI DO NOT STAIN THE TEXT THAT IS IN THIS FIELD. Accordingly, they can't find you using words like fbpixel, {{adset.id}}, etc.
The great thing here is that even if we click and move to fp:
And there we get into the library of advertising:
Select all countries, all ads, go to the search box and press Enter and see the original of our ads, then even there when you hover your mouse we will not see the URL parameters!
And enough about sleuthslet's go defend our punctures!
Puncture protection clo
Again, in many ways this section will be the opposite of what is written in the offense, but not all, hehe) So:
- Obviously, we will use filters to weed out unnecessary GEOs
- Also, obviously, if you're only pouring on mobile devices, you need to screen out the desktop
- Using the web filterproxy/VPN
This is the base, almost everyone has it. And now let's start by looking at how popular teams cloach. Of course, they protect themselves primarily from bots, but nevertheless.
Nothing unusual, except that the fb guys get a playset in the sub_id_1 tag and for some reason they consider all traffic that comes from the right column (Facebook_Right_Column playset) as bot traffic!
Another example from which we can deduce 3 things:
- occasionally (но ТОЛЬКО ИНОГДА) можно смело резать весь IPv6 траф
- it is possible to check what language is in the user's browser! Often those who want to penetrate your clo only put proxyand the language забывают☝️
- Look at the UserAgent - this is when we check that the user came from fb/insta/messenger, because he has a corresponding line in the usergent
But still, it's quite easy for a particularly shrewd piercer to tamper with all of this. What should we do? Remember those URL Parameters I mentioned above? That's the tricky part. Since they are not exposed anywhere, let's filter users exactly by PARAMETERS. How should we do it? Let me tell you how.
Method 1
Let's nominally call it "by sub-tag Keitaro". We almost always transfer a pixel from fb, right? And we transfer it to URL parameters. We store it (as an example tracker Keitaro) in some sub-label, in the example it is sub_id_10. We call this sub_id_10 as fbpxl.
It is enough to filter on the blackstream by this tag and let it go to black ONLY if this tag is not empty.
If you do this in addition to White and blacka third, closing the flow, where you insert some PP procla, then the puncher will have the full illusion that he has punched through clo and sees real black!
Unfortunately, this method can be bypassed. I show you how.
Just add ALL satins to the link Keitaro with an & and put any crap in it as a value, like:
https://xxx.com?sub_id_1=1234&sub_id_2=4341&sub_id_3=wqrew and so on. In total in Keitaro 16 sub-labels. The string will be long, but clo you'll get through.
Method 2
Назовём этот способ «практически пуленепробиваемый«. Достаточно фильтровать не по суб-метке Keitarobut just by the parameter! So, select the filter "Parameters" and put:
Всё! Никто не знает, как у вас называется параметр пикселя, но если хотите, используйте любой другой. Вы же, наверняка, подтягиваете расходы из фб и для этого тянете либо id адсета, либо id объявы. Берёте параметр, который отвечает у вас за эти данные и фильтруете по нему. Типа: adsetid пустой? Нахер. В замыкающий поток на проклу от ПП!
Conclusion
As you can see, in this battle of shield and sword, the shield wins! And the situation is unlikely to change until Facebook starts giving away information about URL parameters, which is highly unlikely. Therefore, I can say that at the moment to protect against penetration clo вполне реально, пользуйтесь, если вам это действительно важно, и лейте в плюс!
P.S. This article uses materials from the "Approaches for every day«
UPD 08.06.2023: Я немного удивлён, что многим данная статья дала ложное чувство защищённости, которое я просто обязан здесь развеять. Если вам не очевидно, что любую защиту можно сломать, то я вас разочарую — сломать можно. Достаточно сделать подходящий под таргетинг вашей рекламы аккаунт, настроить его, чтобы он показывал нужную нам рекламу, и ваша связка, как на ладони. This point is explained in more detail in the video.
Hi!
Can you please tell me how to use this theme with the url parameters in the ad setup?
Read the Facebook fact sheet
Power!
I want to know , if you can tell me another host to install yellow cloacker. Beget ru is in blacklist domain in 4 ip zones. can you provide me with another hosting company wich allow to install yellow cloacker , thnx
almost any that have PHP 7.2 or higher and that can issue https certificates