For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Media SecurityMalvertising DefenseAPI Reference
Media SecurityMalvertising DefenseAPI Reference
  • Media Security Overview
    • MediaGuard Overview
    • FraudSensor Overview
    • Closing the Loop - MediaGuard and FraudSensor
    • IVT Taxonomy
      • FS Domain Mismatch IVT Classifications
      • FS Domain Mismatch IVT Classifications FAQ
      • Click IVT Taxonomy
    • Click Defense Overview
    • Metrics (Media Security)
    • Brand Safety Web Crawler
  • HUMAN Dashboard
    • Understand the HUMAN Dashboard
  • Analysis and Reporting
    • Explore Dashboard (Legacy)
    • Create Custom Data Views
    • Schedule Reports and Alerts
    • Access Transaction Level TLX Reports
  • Integrations
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Valid traffic indicators
  • Subdomain mismatches
  • No Material Difference
  • Mobile Site
  • Root domain mismatches
  • No Material Difference
  • Google iframe
  • IVT flagging indicators
  • Different Site/Root Domain
  • Different User Experience
  • Different Audience/Topic
  • Different Country/Location
  • Ad Verification
  • Intended Domain Associated with Technical Infrastructure
Media Security OverviewIVT Taxonomy

FraudSensor Domain Mismatch IVT Classifications

Was this page helpful?
Previous

FraudSensor Domain Mismatch IVT Classifications FAQ

Next
Built with

In accordance with MRC guidelines, domain mismatchesare considered a potential indicator of SIVT under the category of Domain and App misrepresentation: App ID spoofing, domain laundering and falsified domain / site location. However, there’s a significant segment of domain mismatches that can be tied to valid traffic. HUMAN defines indicators to classify mismatches as either invalid or valid traffic. These are based on post-bid detection.

Valid traffic indicators

The mismatching domains host websites that are similar in content, branding, structure, and audience. These mismatches aren’t flagged as IVT, but can still be reviewed using the Domain Mismatch flag in the HUMAN Dashboard.

Subdomain mismatches

No Material Difference

No discernible difference between the websites hosted at the intended and detected domains in terms of content, audience, structure, or localization.

Mobile Site

Mismatches caused by a mobile version of a website are also considered valid traffic.

For example: m.example.com vs example.com or amp.example.com vs example.com are considered benign mismatches.

Root domain mismatches

No Material Difference

Both domains point to the same website (for example, with a redirect) with the same content, branding, structure, and audience, and there is evidence that the domain spoofing is likely non-malicious.

For example: Intended domain is news-site.com and detected domain is news-site.co.uk, and news-site.com redirects to news.site.co.uk.

Google iframe

Traffic is loaded within a Google website but the user is still being presented with an iframe of the intended domain.

For example: Intended domain is new-site[.]com but detected domain is news[.]google[.]com. However, we can detect that new-site[.]com is loaded in an iframe on top of Google news.

IVT flagging indicators

Domain mismatches are flagged as IVT when the domains are considered materially different based on one of the indicators described below. These mismatches are tied to the category SIVT > False Representation > Domain Spoofing.

Mismatches can be reviewed using the Domain Mismatch flag, and they’re also identified under the Domain Spoofing IVT subcategory in the HUMAN Dashboard.

Different Site/Root Domain

  • Intended domain and detected domain are different sites. For example: news-site[.]com vs. gaming-site[.]com.
  • Includes situations where the domains appear similar but the top-level domain (eTLD) differs. This is because domains with different eTLDs can be owned by different entities and may be unrelated to each other, regardless of any similarity. For example:
    • news-site[.]com vs. news-site[.]net
    • news-site[.]com vs. news-site[.]hk
  • Root domain mismatches are always considered IVT unless both domains point to the same website (for example, within redirect) with the same content, branding, structure, and audience, as well as having no evidence of malicious spoofing. For example: Intended domain is news-site.com and detected domain is news-site.co.uk, and news-site.com redirects to news.site.co.uk.

Different User Experience

  • Material difference in user experience between the intended domain and detected domain.
  • Different ad experience between the two domains:
    • Density or count of ads on page
    • Full page ads
    • Ads with auto-play or auto-scrolling
    • Different website template or structure (excluding mobile version)
    • For example:
      • Intended domain is a health news site health-news-site[.]com and detected domain is a subsection of that site that lists doctors doctors[.]health-news-site[.]com. This has a materially different page structure.
      • Intended domain is a dictionary website dictionary-site[.]com with word etymologies that has 2-3 ads on the sides and detected domain is a subsection of that site word-game[.]dictionary-site[.]com with a word game that has auto-playing video ads and 10+ ads per page.
  • This includes situations where the detected domain is a piracy, adult content, or gambling domain that is unrelated to the intended domain.

Different Audience/Topic

  • Intended or detected domain related to ads delivered to a smaller or niche audience compared to the intended audience, including different sections of a website targeting a specific audience. For example: Intended domain is news-site[.]com and detected domain is sports.news-site.com.
  • Ads delivered to a bigger or broader audience compared to the intended audience. For example: Intended domain is sports.news-site[.]com and detected domain is news-site.com.
  • The websites don’t have user experience differences (otherwise they’d be classified as Different User Experience)

Different Country/Location

  • Intended or detected domain relate to a geographic localization or country-specific site. For example: Intended domain is news-site[.]com and detected domain is uk[.]new-site[.]com.
    • In this case, the websites to don’t necessarily have clear user experience differences (otherwise they’d be classified as Different User Experience), but the different localizations are considered material differences.

These mismatches aren’t flagged as IVT when the intended domain is already region-specific. For example: Intended domain is brazilian-soccer[.]com and detected domain is brazilian-soccer[.]br.

Ad Verification

Detected domain is related to an Ad Verification provider or other known sandboxed environment.

Intended Domain Associated with Technical Infrastructure

Intended domain is shown in pre-bid as a domain typically associated with ad loading or ad tech infrastructure, unlikely to be the actual domain deliberately being transacted. Detected domain is something else.

For example: Intended domain is googlesyndication[.]com and detected domain is something else.