Skip to main content

FraudSensor Domain Mismatch IVT Classifications

In accordance with MRC guidelines, domain mismatches are considered a potential indicator of SIVT under the category of Domain and App misrepresentation: App ID spoofing, domain laundering and falsified domain / site location. However, there is a significant segment of domain mismatches that can be tied to valid traffic. HUMAN defines indicators to classify mismatches as either invalid or valid traffic. These are based on post-bid detection.

Valid traffic indicators

The mismatching domains host websites that are similar in content, branding, structure, and audience. These mismatches are not flagged as IVT, but can still be reviewed using the Domain Mismatch flag in the HUMAN Dashboard.

Subdomain mismatches

No Material Difference

No discernable difference between the websites hosted at the intended and detected domains in terms of content, audience, structure, or localization.

Mobile Site

Mismatches caused by a mobile version of a website are also considered as valid traffic.

For example: m.example.com vs example.com or amp.example.com vs example.com are considered benign mismatches.

Root domain mismatches

No Material Difference

Both domains point to the same website (for example, with a redirect), with the same content, branding, structure, and audience, and there is evidence that the domain spoofing is likely non malicious.

For example: the intended domain is news-site.com and the detected domain is news-site.co.uk, and news-site.com redirects to news.site.co.uk.

Google iframe

Traffic is loaded within a google website but the user is still being presented with an iframe of the intended domain.

For example: the intended domain is new-site[.]com, but the detected domain is news[.]google[.]com. However, we can detect that new-site[.]com is loaded in an iframe over top of Google news.

IVT flagging indicators

Domain mismatches are flagged as IVT when the domains are considered materially different based on one of the indicators described below. These mismatches are tied to the category SIVT > False Representation > Domain Spoofing.

Mismatches can be reviewed using the Domain Mismatch flag, and they are also identified under the Domain Spoofing IVT subcategory in the HUMAN Dashboard.

Different Site/Root Domain

  • The intended domain and the detected domain are different sites. For example: news-site[.]com vs. gaming-site[.]com.
  • Includes situations where the domains appear similar but the top-level domain (eTLD) differs. This is because domains with different eTLDs can be owned by different entities and may be unrelated to each other, regardless of any similarity. For example:
    • news-site[.]com vs. news-site[.]net
    • news-site[.]com vs. news-site[.]hk
  • Root domain mismatches are always considered as IVT unless both domains point to the same website (for example, within redirect) with the same content, branding, structure, and audience, as well as having no evidence of malicious spoofing. For example: the intended domain is news-site.com and the detected domain is news-site.co.uk, and news-site.com redirects to news.site.co.uk.

Different User Experience

  • Material difference in user experience between the intended domain and detected domain.
  • Different ad experience between the two domains
    • Density or count of ads on page
    • Full page ads
    • Ads with auto-play or auto-scrolling
    • Different website template or structure (excluding mobile version)
    • For example:
      • Intended domain is a health news site health-news-site[.]com, detected domain is a subsection of that site that lists doctors doctors[.]health-news-site[.]com. This has a materially different page structure.
      • Intended domain is a dictionary website dictionary-site[.]com with word etymologies that has 2-3 ads on the sides vs. detected domain is a subsection of that site word-game[.]dictionary-site[.]com with a word game that has auto-playing video ads and 10+ ads per page.
  • This includes situations where the detected domain is a piracy, adult content, or gambling domain that is unrelated to the intended domain.

Different Audience/Topic

  • Intended or detected domain related to ads delivered to a smaller or niche audience compared to the intended audience, including different sections of a website targeting a specific audience. For example: intended domain is news-site[.]com and detected domain is sports.news-site.com.
  • Ads delivered to a bigger or broader audience compared to the intended audience. For example: intended domain is sports.news-site[.]com and detected domain is news-site.com.
  • The websites do not have user experience differences (otherwise they will be classified as Different User Experience)

Different Country/Location

  • Intended or detected domain relate to a geographic localization or country-specific site. For example: intended domain is news-site[.]com and the detected domain is uk[.]new-site[.]com.
    • In this case, the websites to do not necessarily have clear user experience differences (otherwise they will be classified as Different User Experience), but the different localizations are considered material differences.
note

These mismatches are not flagged as IVT when the intended domain is already region specific.

For example: intended domain is brazilian-soccer[.]com and the detected domain is brazilian-soccer[.]br.

Ad Verification

Detected domain is related to an Ad Verification provider or other known sandboxed environment.

Intended Domain Associated with Technical Infrastructure

Intended Domain is shown in pre-bid as a domain typically associated with ad loading or ad tech infrastructure, unlikely to be the actual domain deliberately being transacted. Detected domain is something else.

For example: intended domain is googlesyndication[.]com and detected domain is something else.