jotabusiness
commented
1 month ago I suspect the use of YellowCloaker based on the observation that when accessing the standard login format on Yellow using his domain:
https://mercado-livreofertass.com/admin?password=12345
He has customized the default message, which typically displays as "Incorrect password!" to "ops...". This subtle modification is one of the factors that led us to believe he is indeed using the YellowCloaker application, indicating a unique configuration that may be enhancing his setup.
dvygolov
Hey Daniel,
I wanted to bring an interesting situation to your attention, as I think it might relate to YellowCloaker, but with a unique twist.
Recently, a group of friends and I analyzed offers in Facebook's Ad Library, adapting our social media profiles to receive ads from specific niches and study the current market creatives and funnels. During this analysis, we encountered a player who seems to be using YellowCloaker but with an unusual configuration that piqued our curiosity.
I believe that understanding this configuration could be crucial for our project, as it may reveal new approaches and techniques that this player has applied. This could help us identify adjustments that can be made to our existing configurations to further optimize our redirecting and cloaking strategy.
Here’s a breakdown of the setup:
There are three key links involved:
Here’s what we’ve observed:
ㅤ
For example:
ㅤ Every visit to the second link generates a new redirect code, pointing to the same product but with a different URL path. Direct access to these generated URLs doesn’t load the page.
Additional insight: It's worth noting that, in some cases, the third link may still work in the same browser due to stored cookies. However, if you try to access it in incognito mode or in a different browser where the cookies from the second link have not been captured, the final product offer (third link) will not open at all.
Questions:
Thanks in advance!