Product guides

FraudSensor Domain Mismatch IVT Classifications

Suggest Edits

In accordance with MRC guidelines, domain mismatches are considered a potential indicator of SIVT under the category of Domain and App misrepresentation: App ID spoofing, domain laundering and falsified domain / site location. However, there is a significant segment of domain mismatches that can be tied to valid traffic. HUMAN defines indicators to classify mismatches as either invalid or valid traffic. These are based on post-bid detection.

Valid traffic indicators

The mismatching domains host websites that are similar in content, branding, structure, and audience. These mismatches are not flagged as IVT, but can still be reviewed using the Domain Mismatch flag in the HUMAN Dashboard.

Subdomain mismatches

No Material Difference

No discernable difference between the websites hosted at the intended and detected domains in terms of content, audience, structure, or localization.

Mobile Site

Mismatches caused by a mobile version of a website are also considered as valid traffic.

For example: m.example.com vs example.com or amp.example.com vs example.com are considered benign mismatches.

Root domain mismatches

No Material Difference

Both domains point to the same website (for example, with a redirect), with the same content, branding, structure, and audience, and there is evidence that the domain spoofing is likely non-malicious.

For example: the intended domain is news-site.com and the detected domain is news-site.co.uk, and news-site.com redirects to news.site.co.uk.

Google iframe

Traffic is loaded within a Google website but the user is still being presented with an iframe of the intended domain.

For example: the intended domain is new-site[.]com, but the detected domain is news[.]google[.]com. However, we can detect that new-site[.]com is loaded in an iframe over top of Google news.

IVT flagging indicators

Domain mismatches are flagged as IVT when the domains are considered materially different based on one of the indicators described below. These mismatches are tied to the category SIVT > False Representation > Domain Spoofing.

Mismatches can be reviewed using the Domain Mismatch flag, and they are also identified under the Domain Spoofing IVT subcategory in the HUMAN Dashboard.

Different Site/Root Domain

  • The intended domain and the detected domain are different sites. For example: news-site[.]com vs. gaming-site[.]com.
  • Includes situations where the domains appear similar but the top-level domain (eTLD) differs. This is because domains with different eTLDs can be owned by different entities and may be unrelated to each other, regardless of any similarity. For example:
    • news-site[.]com vs. news-site[.]net
    • news-site[.]com vs. news-site[.]hk
  • Root domain mismatches are always considered as IVT unless both domains point to the same website (for example, within redirect) with the same content, branding, structure, and audience, as well as having no evidence of malicious spoofing. For example: the intended domain is news-site.com and the detected domain is news-site.co.uk, and news-site.com redirects to news.site.co.uk.

Updated 12 days ago