Are You Spying on Your Competitors' Ad Campaigns?

Our tools monitor millions of native, push, pop, and TikTok advertising campaigns.

Get Started

Background

Running non-compliant ad campaigns is nothing new. Many online advertisers try to skirt the rules established by ad-networks to run campaigns that are not permitted by that ad-network. We see many examples of such campaigns on a daily basis on our spy platform.

The most commonly employed technique involves disguising the ad copy with text and images that don't raise any flags. This is followed by creating a fake or an innocuous landing page that is shown to the compliance team while directing the traffic to the actual money making page to the majority of audience. This is referred to as cloaking within advertising community.

Let's look at a hypothetical example. Online gambling is illegal in the United States. Therefore, an advertiser is prohibited from showing gambling ads to US audience as it is illegal. There are many offshore online gambling platforms that are looking for US based clients. So either they themselves or their affiliates will try to run such ad campaigns using cloaking techniques.

One of the earliest cloaking technique involved showing a compliant landing page during the campaign approval process and the URL was then redirected to a non-compliant page after the campaign was approved. As you can imagine, such a technique is very easy to detect and black-hat advertisers started coming up with more sophisticated techniques. This can include identifying "suspicious" traffic using visitor IP address, looking at http headers for inconsistencies, running javscript checks to see if the traffic is originating from a mobile device or an emulator etc.

In this article, we are going to reveal one of the most complex and frankly jaw dropping cloaking technique that was first revealed by folks at bidfilter. It consists of multiple steps and checks that include some fascinating methods such as steganography, extreme obfuscation and clever javscript injection.

Before we detail the steps, let's take a look at the flow-chart below that makes it easier to understand the entire process:

Steps in Detail

  1. Script Injection
    1. Here the ad in question was serving through a DSP and hence the insertion code was manipulated to serve the script as a GIF image as shown below:
    2. The gif image itself was javascript code disguised as an image file
  2. Preliminary Checks
    1. This payload first made sure that the script was not being called locally to prevent detection. After the confirmation, it proceeds to the next steps
  3. Steganography (Yes...Steganography!)
    1. The next step loaded a small image file into img tag of the aforementioned code. Please note that this image is hidden by default. In addition it populated the input tag so it could access some css properties that stored the variables.
    2. After that, the image was drawn on a 2D canvas and each RGB value of each pixel was parsed and compared against the css variable to generate more javascript code.
    3. Pretty clever way to hide the code inside an image using steganography!
  4. Extreme Obfuscation
    1. As if the previous step was not enough, the javascript loaded via steganography was further obfuscated using hidden characters that one could not see using normal text editor. A screenshot of the code has been reproduced from the original paper below:
    2. These hidden characters when deobfuscated, revealed that the script is used to call yet another javascript page from an external URL after making sure that the device running the script was indeed a mobile device (using screen DPI checks, user agents and other headers)
  5. Final Checks
    1. The above javascript URL had a very short lifespan to prevent it from revealing itself
    2. If the end user managed to load the script in that short time window and passed additional checks, he/she would be able to see the actual cloaked lander. If not, a fake innocuous landing page was served to the user

Below are the links for the original whitepaper from bidfilter and high resolution pdf of the flow-chart, if you are interested.

Final Thoughts

As the author of the whitepaper noted, this by far is the most extreme example of the malicious ad serving that they have ever seen. I think it is safe to assume that this is not the last time we will see this. Ad-networks will have to step up their game if they are serious about fighting this kind of spam.

Top converting landing page sample images
Top Converting Landing Pages For Free

Receive top converting landing pages in your inbox every week from us.

Related Articles
Your Competitors Are Targeting Your Best Customers Right Now — Here's How to Find Out

Guide

Your Competitors Are Targeting Your Best Customers Right Now — Here's How to Find Out

This article argues that most customer retention strategies ignore a critical competitive reality: your rivals are actively targeting your highest-value customers while you focus inward on loyalty programs and personalization. It explores how advertisers can use competitive intelligence tools, ad monitoring, and media-buying analysis to identify when competitors are pursuing their customer segments, uncover the acquisition strategies being deployed against them, and build proactive retention and acquisition defenses before market share erosion becomes visible in traditional analytics.

David Kim

David Kim

7 minJun 30, 2026

Memorial Day, Q3 Planning, and the Advertisers Already 3 Campaigns Ahead of You

Featured

Memorial Day, Q3 Planning, and the Advertisers Already 3 Campaigns Ahead of You

This article argues that successful advertisers don't treat holidays like Memorial Day as downtime — they treat them as strategic opportunities. By reframing holiday periods as low-competition windows rather than pauses, it shows how performance marketers can exploit lower auction pressure, plan several campaigns ahead of competitors, and use seasonal intelligence to build a long-term competitive advantage. The article provides a playbook for turning cultural events, seasonal trends, and competitor inactivity into profitable advertising opportunities.

Elena Morales

Elena Morales

7 minJun 30, 2026

Reverse-Engineering 'Great Ads': How Performance Marketers Can Steal Frameworks from Award Categories Without the Agency Budget

Most Read

Reverse-Engineering 'Great Ads': How Performance Marketers Can Steal Frameworks from Award Categories Without the Agency Budget

This article challenges the idea that award-winning brand campaigns and performance advertising operate in separate worlds. By reverse-engineering the strategic frameworks behind Cannes Lions winners and other celebrated campaigns, it demonstrates how performance marketers can extract proven emotional triggers, positioning strategies, and creative architectures without requiring enterprise-level budgets. The article provides a practical playbook for using award-winning creative as a source of competitive intelligence and performance marketing inspiration.

Liam O’Connor

Liam O’Connor

7 minJun 29, 2026