FraudSensor Domain Mismatch IVT Classifications
In accordance with MRC guidelines, domain mismatches are considered a potential indicator of SIVT under the category of Domain and App misrepresentation: App ID spoofing, domain laundering and falsified domain / site location. However, there is a significant segment of domain mismatches that can be tied to valid traffic. HUMAN defines indicators to classify mismatches as either invalid or valid traffic. These are based on post-bid detection.
Valid traffic indicators
The mismatching domains host websites that are similar in content, branding, structure, and audience. These mismatches are not flagged as IVT, but can still be reviewed using the Domain Mismatch flag in the HUMAN Dashboard.
Subdomain mismatches
No Material Difference
No discernable difference between the websites hosted at the intended and detected domains in terms of content, audience, structure, or localization.
Mobile Site
Mismatches caused by a mobile version of a website are also considered as valid traffic.
For example: m.example.com
vs example.com
or amp.example.com
vs example.com
are considered benign mismatches.
Root domain mismatches
No Material Difference
Both domains point to the same website (for example, with a redirect), with the same content, branding, structure, and audience, and there is evidence that the domain spoofing is likely non-malicious.
For example: the intended domain is news-site.com
and the detected domain is news-site.co.uk
, and news-site.com
redirects to news.site.co.uk
.
Google iframe
Traffic is loaded within a Google website but the user is still being presented with an iframe of the intended domain.
For example: the intended domain is new-site[.]com
, but the detected domain is news[.]google[.]com
. However, we can detect that new-site[.]com
is loaded in an iframe over top of Google news.
IVT flagging indicators
Domain mismatches are flagged as IVT when the domains are considered materially different based on one of the indicators described below. These mismatches are tied to the category SIVT > False Representation > Domain Spoofing.
Mismatches can be reviewed using the Domain Mismatch flag, and they are also identified under the Domain Spoofing IVT subcategory in the HUMAN Dashboard.
Different Site/Root Domain
- The intended domain and the detected domain are different sites. For example:
news-site[.]com
vs.gaming-site[.]com
. - Includes situations where the domains appear similar but the top-level domain (eTLD) differs. This is because domains with different eTLDs can be owned by different entities and may be unrelated to each other, regardless of any similarity. For example:
news-site[.]com
vs.news-site[.]net
news-site[.]com
vs.news-site[.]hk
- Root domain mismatches are always considered as IVT unless both domains point to the same website (for example, within redirect) with the same content, branding, structure, and audience, as well as having no evidence of malicious spoofing. For example: the intended domain is
news-site.com
and the detected domain isnews-site.co.uk
, andnews-site.com
redirects tonews.site.co.uk
.
Updated 17 days ago