Exploring Advanced Redirect Setup with YellowCloaker: Dynamic Links and Access Restrictions #48
Comments
|
I suspect the use of YellowCloaker based on the observation that when accessing the standard login format on Yellow using his domain: https://mercado-livreofertass.com/admin?password=12345 He has customized the default message, which typically displays as "Incorrect password!" to "ops...". This subtle modification is one of the factors that led us to believe he is indeed using the YellowCloaker application, indicating a unique configuration that may be enhancing his setup.
|
|
Hello, nope, this site is not using YellowCloaker as far as I can tell.
…On Wed, Sep 25, 2024 at 9:10 AM Jota ***@***.***> wrote:
I suspect the use of YellowCloaker based on the observation that when
accessing the standard login format on Yellow using his domain:
https://mercado-livreofertass.com/admin?password=12345
he has customized the default message, which typically displays as
"Incorrect password!" to "ops...". This subtle modification is one of the
factors that led us to believe he is indeed using the YellowCloaker
framework, indicating a unique configuration that may be enhancing his
setup.
image.png (view on web)
<https://github.com/user-attachments/assets/83b329ff-9023-485f-a65c-0aaea8d6731f>
—
Reply to this email directly, view it on GitHub
<#48 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACGSGCMWYTOD4F3FJH56EL3ZYJATPAVCNFSM6AAAAABOZUNKGCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZTGAZTCMZWGY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
Hello @dvygolov I still have some doubts, though, especially because of the /admin?password= access. The customized response message ("ops...") made me think it could be related to YellowCloaker, but I might be mistaken. That said, do you have any idea how they could have set this up? It’s a very clever configuration, and we’re really interested in understanding how they’re pulling it off, especially with the redirect behavior. Any insights you have would be greatly appreciated! |
Hey Daniel,
I wanted to bring an interesting situation to your attention, as I think it might relate to YellowCloaker, but with a unique twist.
Recently, a group of friends and I analyzed offers in Facebook's Ad Library, adapting our social media profiles to receive ads from specific niches and study the current market creatives and funnels. During this analysis, we encountered a player who seems to be using YellowCloaker but with an unusual configuration that piqued our curiosity.
I believe that understanding this configuration could be crucial for our project, as it may reveal new approaches and techniques that this player has applied. This could help us identify adjustments that can be made to our existing configurations to further optimize our redirecting and cloaking strategy.
Here’s a breakdown of the setup:
There are three key links involved:
Here’s what we’ve observed:
- When accessing the first link, it redirects to the second, which executes a JavaScript redirect to the third link
<script>window.location.href = '06512837/product';</script>ㅤ
For example:
<script>window.location.href = '06515216/produto';</script> <script>window.location.href = '06584435/produto';</script> <script>window.location.href = '06584435/produto';</script>ㅤ
Every visit to the second link generates a new redirect code, pointing to the same product but with a different URL path. Direct access to these generated URLs doesn’t load the page.
Additional insight: It's worth noting that, in some cases, the third link may still work in the same browser due to stored cookies. However, if you try to access it in incognito mode or in a different browser where the cookies from the second link have not been captured, the final product offer (third link) will not open at all.
Questions:
Thanks in advance!
The text was updated successfully, but these errors were encountered: