What Is Ad Cloaking? How Scammers Bypass Meta's Ad Review and How to Spot It
Naked women promoting Ferrari. OnlyFans ads running on Facebook for days without getting flagged. Sounds impossible? It's not. It's called cloaking and it's happening right now on the platforms you advertise on every day.
Sections
What Is Ad Cloaking? How Scammers Bypass Meta's Ad Review (And How to Detect It)
That's not a hypothetical. We found it while building a feature for adlibrary.com. A client from Procter & Gamble wanted an explore page to browse ad creatives from other brands. So we built it, curated a bunch of brands, and started checking if everything looked right.
It didn't. Scrolling through ads listed under Figma's page, we suddenly saw NSFW content mixed in. Women in various states of undress, running as legitimate Facebook ads. Our first thought: how is this possible? The answer is cloaking.
This article breaks down what ad cloaking is, how it works on a technical level, why platforms like Meta struggle to catch it, and what it means for performance marketers doing competitive research.
What Is Ad Cloaking?
Cloaking means showing different content to different visitors based on who they are. The visitor gets identified by signals like their user agent string, referrer header, IP address, cookies, or local storage data.
In the ad world, it works like this: when Meta's review bot visits the URL attached to an ad, it sees a clean, policy-compliant landing page. When an actual human clicks the same ad, they get redirected to completely different content. Gambling, crypto schemes, adult content, counterfeit goods, subscription fraud. Stuff that would never pass ad review.
The routing decision happens server-side, usually in under 50 milliseconds. A reverse proxy or DNS-level script checks the incoming request, figures out if it's a bot or a real user, and serves the right page. Bot sees a harmless product page. User sees the real offer.
How Is Cloaking Different From Personalization?
Not every case of showing different content to different visitors is shady. Retargeting and personalization use some of the same underlying mechanics and that's totally fine.
If someone visited your site before, you might show them more conversion-focused copy on their next visit. Ad platforms themselves do this constantly. They use cookies, browsing history, and behavioral data to decide which ads to show you. Google something once and you'll see related ads for weeks. That's just targeting.
The line is intent. Personalization optimizes the experience within platform policies. Cloaking deliberately deceives the review system to promote content that violates those policies. One is standard practice, the other gets your ad account permanently banned.
How Ad Cloaking Actually Works (Step by Step)
Let's break down a typical cloaked ad setup.
Step 1: The Ad Creative
The scammer creates a normal-looking ad. In the Ferrari case we found, it was imagery that could plausibly be associated with luxury lifestyle content. Nothing that triggers automated content moderation on the creative itself.
Step 2: The Destination URL
The ad links to a URL that acts as a router. This is the cloaking layer. It's a server running a script that inspects every incoming request before serving any content.
Step 3: The Routing Logic
The script checks multiple signals to figure out who's visiting:
- User agent string: Meta's crawler identifies itself with a specific user agent
- Referrer header: where the click came from
- IP address: known bot IP ranges from Meta's infrastructure get flagged
- Behavioral patterns: request timing, TLS fingerprints, browser signatures
Step 4: The Safe Page
If the visitor is identified as a bot or reviewer, they see a compliant landing page. This page often mirrors the ad content perfectly. A luxury lifestyle blog, a generic product page, whatever passes every policy check.
Step 5: The Money Page
If the visitor is a real human clicking from the ad, they get redirected (often through multiple hops) to the actual destination. In our case, explicit adult content. In other cases, crypto scams, fake celebrity endorsements, or subscription traps.
Step 6: Multiple Redirect Hops
The redirect chain usually goes through several intermediate servers. Each hop adds obfuscation, making it harder to trace the final destination from the original URL. We built a script that follows every hop, testing different user agents and referrers at each step, to uncover where the URL actually leads.
Why Meta Can't Catch It (Yet)
Meta processes billions of ad impressions. Their review pipeline uses automated AI screening, human reviewers, and post-publication monitoring. But cloaking exploits a structural weakness: the review system can only evaluate what it's shown.
The Domain Trust Problem
This is what makes it really bad. When scammers run cloaked ads under high-trust domains (like Ferrari), Meta's system gives them a pass. The logic: if a domain has been used in hundreds of thousands of legitimate campaigns, new ads from that domain get fast-tracked. The ad goes live almost instantly, gets pushed by the algorithm, and runs for days before anyone flags it.
Think about it. Ferrari runs massive amounts of ad spend through Meta. So when an ad links to ferrari.com, the Facebook Ad Library bot basically says "we've seen this domain 100,000 times, it's fine, let it through." Instant live. Probably even gets extra push. And the scammer gets to ride that trust for days while promoting whatever they want.
Meta's Own Numbers Tell the Story
In February 2026, Meta filed lawsuits against scam advertisers in Brazil, China, and Vietnam who used cloaking to bypass ad review. They also sent cease-and-desist letters to eight marketing consultants who openly advertised cloaking services.
The scale is wild. Meta removed 159 million ads in 2025 and took down 10.9 million accounts associated with scam operations. Internal estimates (leaked via Reuters) suggest around 10% of Meta's 2024 ad revenue came from ads for scams and banned products. That's billions. And internal documents showed Meta had "revenue guardrails" that limited enforcement teams from removing ads if the revenue loss exceeded 0.15% of totals.
So Meta is actively fighting cloaking with new AI tools. But there's also a structural tension: scam advertisers are paying customers.
The Cloaking Arms Race
Modern cloaking tools don't just check IP addresses anymore. The good ones analyze TLS fingerprints, browser behavior patterns, request timing, and even block known ad spy tool crawlers like AdSpy and BigSpy. Server-side cloaking at the DNS or reverse-proxy level means the detection logic never reaches the client, making it way harder for Meta's headless browsers to catch.
On the other side, Meta is deploying AI that compares what bots see vs what real users experience after clicking. They're cross-referencing data across accounts, IPs, and Pixels to trace entire cloaking operations. It's a proper tech arms race.
Cloaking in SEO: The Same Technique, Different Context
Cloaking isn't exclusive to ads. It's been a thing in SEO for decades, and understanding the SEO version helps illustrate how widespread this technique really is.
How Publishers Use It
Take a major news site. When you visit their homepage as a regular user, you see a paywall, a cookie consent banner, and blurred content. But when the Googlebot visits that same page, it sees the full article text. Clean, structured, optimized HTML with no barriers. The publisher wants Google to index and rank their content. They just don't want you reading it for free.
Same mechanism: check the user agent, serve different content. The intent here is arguably more benign (monetization, not deception), but the technique is identical.
Why This Matters for Advertisers
This means cloaking infrastructure is widely available, well-understood, and cheap to deploy. It's not some obscure black-hat trick. It's a fundamental web technique that gets applied across the spectrum, from grey-hat SEO to outright ad fraud.
An SEO veteran once told us: if you want to learn how digital marketing really works at the technical level, study the porn and gambling industries. They operate in the most restricted environments with the most aggressive enforcement, so they develop the most sophisticated techniques. Cloaking is exhibit A.
How to Detect Cloaked Ad URLs
When we found cloaked ads in our platform data, we needed a way to programmatically identify them. So we wrote a detection script.
What the Script Does
The script takes any URL and tests it against multiple scenarios. It visits the URL with different user agent strings (standard Chrome browser, Facebook crawler, Googlebot, and others), varies the referrer header, and follows every redirect hop in the chain, logging each intermediate URL.
If the final destination differs depending on who's "visiting," that's a strong signal of cloaking.
Here is the script, so you can try on your own:
#!/usr/bin/env bash
set -euo pipefail
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
DIM='\033[2m'
BOLD='\033[1m'
RESET='\033[0m'
REAL_UA="Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1"
CRAWLER_UA="facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
MAX_HOPS=15
usage() {
echo -e "${BOLD}Usage:${RESET} $0 <url>"
echo ""
echo "Traces a URL's redirect chain with a real browser UA vs Facebook's crawler UA"
echo "to detect ad cloaking. Reveals the final uncloaked destination."
echo ""
echo -e "${BOLD}Options:${RESET}"
echo " -h, --help Show this help"
echo " -v, --verbose Show response headers at each hop"
exit 0
}
VERBOSE=false
URL=""
while [[ $# -gt 0 ]]; do
case "$1" in
-h|--help) usage ;;
-v|--verbose) VERBOSE=true; shift ;;
-*) echo "Unknown option: $1"; exit 1 ;;
*) URL="$1"; shift ;;
esac
done
[[ -z "$URL" ]] && { echo -e "${RED}Error:${RESET} No URL provided."; usage; }
# Follow one hop: returns "STATUS_CODE LOCATION" or "STATUS_CODE FINAL" or handles meta-refresh
follow_hop() {
local url="$1"
local ua="$2"
local referer="$3"
local headers
headers=$(curl -s -D - -o /tmp/_uncloak_body.html -w '\n__HTTP_CODE__%{http_code}\n' \
-H "User-Agent: $ua" \
-H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \
-H "Accept-Language: en-US,en;q=0.9" \
${referer:+-H "Referer: $referer"} \
-H "Sec-Fetch-Dest: document" \
-H "Sec-Fetch-Mode: navigate" \
-H "Sec-Fetch-Site: cross-site" \
--max-time 10 \
"$url" 2>/dev/null || true)
local code
code=$(echo "$headers" | grep '__HTTP_CODE__' | sed 's/__HTTP_CODE__//')
# Check for Location header (3xx redirect)
local location
location=$(echo "$headers" | grep -i '^location:' | head -1 | sed 's/^[Ll]ocation:[[:space:]]*//' | tr -d '\r\n')
# Check for meta-refresh in headers
local refresh
refresh=$(echo "$headers" | grep -i '^refresh:' | head -1 | sed 's/^[Rr]efresh:[^U]*URL=//I' | tr -d '\r\n')
# Check for meta-refresh in body
if [[ -z "$location" && -z "$refresh" && -f /tmp/_uncloak_body.html ]]; then
refresh=$(grep -oi 'http-equiv=["\x27]refresh["\x27][^>]*url=["\x27]\?\([^"\x27 >]*\)' /tmp/_uncloak_body.html 2>/dev/null | head -1 | sed "s/.*[Uu][Rr][Ll]=['\"\x27]\?//" | sed "s/['\"> ].*//" || true)
fi
# Check for JS redirect in body
local js_redirect=""
if [[ -z "$location" && -z "$refresh" && -f /tmp/_uncloak_body.html ]]; then
js_redirect=$(grep -o 'window\.location\.\(href\|replace\)[[:space:]]*=[[:space:]]*["\x27][^"\x27]*["\x27]' /tmp/_uncloak_body.html 2>/dev/null | head -1 | sed "s/.*=[[:space:]]*['\"\x27]//" | sed "s/['\"\x27].*//" || true)
fi
local next_url=""
local redirect_type=""
if [[ -n "$location" ]]; then
next_url="$location"
redirect_type="${code} redirect"
elif [[ -n "$refresh" ]]; then
next_url="$refresh"
redirect_type="meta-refresh"
elif [[ -n "$js_redirect" ]]; then
next_url="$js_redirect"
redirect_type="js-redirect"
fi
if $VERBOSE; then
echo "$headers" | grep -v '__HTTP_CODE__' >&2
fi
echo "${code}|${redirect_type}|${next_url}"
}
trace_chain() {
local url="$1"
local ua="$2"
local label="$3"
local hop=0
local referer=""
while [[ $hop -lt $MAX_HOPS ]]; do
((hop++))
local result
result=$(follow_hop "$url" "$ua" "$referer")
local code redirect_type next_url
code=$(echo "$result" | cut -d'|' -f1)
redirect_type=$(echo "$result" | cut -d'|' -f2)
next_url=$(echo "$result" | cut -d'|' -f3)
local domain
domain=$(echo "$url" | sed -E 's|https?://||' | cut -d'/' -f1)
if [[ -n "$next_url" ]]; then
# Display hop info to stderr so it's visible but doesn't pollute captured output
echo -e " ${DIM}hop $hop:${RESET} ${CYAN}$domain${RESET} ${DIM}→${RESET} ${YELLOW}$redirect_type${RESET}" >&2
referer="$url"
# Handle relative URLs
if [[ "$next_url" == /* ]]; then
local base
base=$(echo "$url" | grep -o 'https\?://[^/]*')
next_url="${base}${next_url}"
fi
url="$next_url"
else
echo -e " ${DIM}hop $hop:${RESET} ${CYAN}$domain${RESET} ${DIM}→${RESET} ${GREEN}${code} FINAL${RESET}" >&2
break
fi
done
# Only the final URL goes to stdout
echo "$url"
}
echo ""
echo -e "${BOLD}=== Ad Cloak Detector ===${RESET}"
echo -e "${DIM}URL: $URL${RESET}"
echo ""
# Trace with real user UA
echo -e "${BOLD}[1] Real user (mobile Safari):${RESET}"
REAL_FINAL=$(trace_chain "$URL" "$REAL_UA" "real-user")
echo ""
# Trace with Facebook crawler UA
echo -e "${BOLD}[2] Facebook crawler (facebookexternalhit):${RESET}"
CRAWLER_FINAL=$(trace_chain "$URL" "$CRAWLER_UA" "fb-crawler")
echo ""
# Compare
echo -e "${BOLD}=== Results ===${RESET}"
echo ""
echo -e " Real user lands on: ${CYAN}$REAL_FINAL${RESET}"
echo -e " FB crawler lands on: ${CYAN}$CRAWLER_FINAL${RESET}"
echo ""
REAL_DOMAIN=$(echo "$REAL_FINAL" | sed -E 's|https?://||' | cut -d'/' -f1)
CRAWLER_DOMAIN=$(echo "$CRAWLER_FINAL" | sed -E 's|https?://||' | cut -d'/' -f1)
if [[ "$REAL_DOMAIN" != "$CRAWLER_DOMAIN" ]]; then
echo -e " ${RED}${BOLD}⚠ CLOAKING DETECTED${RESET}"
echo -e " ${RED}Real users see: $REAL_DOMAIN${RESET}"
echo -e " ${RED}Facebook review sees: $CRAWLER_DOMAIN${RESET}"
else
echo -e " ${GREEN}No cloaking detected — both land on the same domain.${RESET}"
fi
echo ""
echo -e "${BOLD}Final uncloaked URL:${RESET}"
echo "$REAL_FINAL"
Real Example
In the Ferrari/NSFW case, the script flagged it immediately. The Facebook bot user agent landed on a clean page. A normal browser user agent with a Facebook referrer got redirected through multiple hops to explicit content.
This kind of detection is something we're actively exploring as a feature for adlibrary.com. Giving users the ability to check whether a competitor's ad destination is actually what it appears to be, or if cloaking is involved.
What Ad Cloaking Means for Performance Marketers
If you're running ads and doing competitive research, cloaking has real implications for your work.
Your Competitive Intelligence Might Be Incomplete
When you browse a competitor's ads in the Meta Ad Library or through tools like adlibrary.com, you see the "safe page" version of their destination URL. If they're cloaking, the actual landing page that users see could be completely different. This is why raw ad library data alone isn't enough for thorough competitive analysis. You need tools that can look deeper.
Brand Safety Is a Real Concern
The Ferrari example shows that scammers actively exploit trusted brand domains. If you're a brand running significant ad spend on Meta, your domain trust could be weaponized by bad actors running ads under your domain. Monitor your Facebook ads presence regularly. If you see ads you didn't create, report them immediately.
Cloaked Campaigns Inflate Competitive Benchmarks
Cloaked campaigns often show strong performance numbers because they're promoting offers that would otherwise be banned. High-conversion stuff in gambling, crypto, adult, or counterfeit goods. If you're benchmarking against these campaigns without knowing they're cloaked, your performance targets may be completely unrealistic.
Understanding Cloaking Makes You Better at Your Job
The technical knowledge of how routing, user agents, and referrers work gives you a deeper understanding of the ad tech stack. It helps you build better attribution, smarter retargeting, and more robust landing page strategies. All within the rules.
The Bigger Picture
Meta removed 159 million ads in 2025. They're filing lawsuits, sending cease-and-desist letters, and pushing to have 90% of ad revenue come from verified advertisers by end of 2026. They're investing in AI-powered cloaking detection. But as long as the financial incentive exists (and billions in revenue from high-risk ads is a pretty big incentive), the arms race between cloakers and platforms will continue.
For legitimate advertisers and researchers, the takeaway is straightforward: transparency tools matter. Knowing what's real and what's cloaked in the ad ecosystem helps you make better decisions, avoid benchmarking against fraudulent campaigns, and protect your own brand.
That's what we're building at adlibrary.com. A comprehensive ad research platform that gives performance marketers real visibility into the ad landscape across Meta, TikTok, Google, YouTube, LinkedIn, Snapchat, Pinterest, and more. One search, every platform, no blind spots.
FAQ
Is ad cloaking illegal?
Cloaking violates Meta's (and most other platforms') advertising policies. It's not illegal in a criminal sense in most jurisdictions, but it can lead to permanent ad account bans, legal action from Meta (they've started filing lawsuits in 2026), and civil liability if the cloaked content involves fraud or trademark infringement.
How common is ad cloaking on Facebook?
More common than most people think. Meta removed 159 million ads in 2025, and internal estimates suggest around 10% of their 2024 ad revenue came from high-risk advertisers, many of whom use cloaking. The adult, gambling, crypto, and counterfeit goods verticals are the biggest offenders.
Can ad spy tools detect cloaked ads?
Most ad spy tools see the same "safe page" that Meta's bot sees, because they crawl URLs with standard or bot-like user agents. Detecting cloaking requires testing URLs with multiple user agents and comparing the results, which is something we're exploring as a feature at adlibrary.com.
How can I protect my brand from cloaking abuse?
Monitor your brand's ad presence regularly using the Meta Ad Library and tools like adlibrary.com. Set up alerts for your brand name. If you find unauthorized ads running under your domain or brand, report them to Meta immediately and consider legal action against the advertisers.
What's the difference between cloaking and A/B testing?
A/B testing shows different variations of your own content to different user segments to optimize performance. It's transparent and within platform policies. Cloaking shows one version to platform review bots and a completely different (policy-violating) version to real users. The intent to deceive the review system is what makes it cloaking.
Further Reading
Related Articles
Full adlibrary API Documentation and Implementation Guide
Complete API documentation for AdLibrary. Extract Meta Ads, Google Ads, TikTok Ads and more via REST API. Code examples, endpoints, authentication, and rate limits.
Meta Ads Campaign Structure 2026: The Andromeda Update and Account Consolidation
Learn how the Andromeda update impacts Meta Ads. Discover the shift to consolidated campaigns, broad targeting, and high-volume creative testing.
Modern Meta Ads Strategy: The 2026 Playbook for Creative and Consolidation
A guide to Meta advertising in 2026. Learn the three-stage account structure, organic-to-paid workflows, and strategies for increasing AOV.