MFA - (M)ade (F)or (A)dfraud - Sites Load Bonkers Numbers of Ads, Trackers
We looked into sites that appeared to be too good to be true; they were generating an extreme number of ad impressions at low CPM prices. But how was that possible?
When we manually visited the pages, they appeared to be normal and didn't have many ads on them. But we suspected that was not all that was going on.
We used PageXray by FouAnalytics to scan the page so we can see all the calls made to ad serving domains and ad tracking domains. These are not visible when you just "view source" on the page because the code is not installed in the HTML of the page. All of the extra stuff is called in when javascript executes. PageXray is a crawler made from a full browser, which allows the javascript to execute and collects the sequence of events -- i.e. "what called what." The following is what the PageXray of the page looks like. The tree graph shows all the calls made to ad servers and tracker domains and depicts the sequence of what called what, reading from left to right.
But the above is not even the half of it. The SAME PAGE, with some specially crafted query strings added to the url, springs into action that's a whole 'nother level of evil. Think of these as activation codes that cause the page to load a large amount of ads. This is by design, so they can hide the shady behavior from manual inspection. If the person inspecting the page does not have the right activation codes, none of the massive fraud is visible. When the page is loaded with the right activation codes it goes bonkers with ads -- now with 3,308 calls, more than double the above, for the same page. See the side by side comparison in the slide below. Left side is the plain url, that you would see when manually checking the page -- Adserver Requests: 544, Tracking Requests: 348, Other Requests: 90. The right side shows what happens when the right set of special codes are added to the url (yellow highlight) -- Adserver Requests: 3,490, Tracking Requests: 2,387, Other Requests: 685
Where do MFA sites get their content?
Here's an example of content on a MFA site that is 100% copied from a Reddit post. The reddit user may never see that their content was plagiarized, and even if they did, they won't take action and sue the site.
MFA sites also appear to plagiarize 100% of the images. In the example below, the entire page contains blocks of text below images. A review of the HTML code shows they are hotlinking images directly from Getty and showing only a portion of the image to avoid the watermark. They are also linking to the licensing page (external link), in case someone clicked on the image. If 100% of the images are not licensed and these MFA sites are making profit from advertising, this is mass copyright infringement. This is not new, it has been seen in vast quantities for the last decade.
.
Monster tree graph of ad calls and tracker requests
A single page on this MFA site is loading the following: Adserver Requests: 3,490; Tracking Requests: 2,387; Other Requests: 685 -- a total of 6,562 requests from a single page. See this PageXray by FouAnalytics. The following is the enormous tree graph of all these calls. Do you think these sites are honest, upstanding publishers? Or do you think these sites were made for loading ads to suck up as much ad budgets as possible. They rely on buyers and agencies to think they are legit or "fine." If they check the homepage of the site, it looks "fine" and none of the 6,562 ad and tracker calls are visible on the page. As we documented above, when the urls contain special trigger codes, the pages load in the ungodly numbers of ads and trackers.
领英推荐
Big advertisers are seen showing ads on these MFA sites. Norton, Paramount+, BitDefender, New York Life. Note the quantities of ads and the bid prices. These are not trivial, considering the super large quantities of ads that the largest advertisers buy. MFA sites exist to absorb all that budget by manufacturing more ad impressions out of thin air, by any means possible.
FouAnalytics not only counts how many ads there are on the page -- see page-ad-count -- but we also enumerate every single ad iframe on the page along with the ad size like 300x250. See the following example data on how many Google ads are loaded on a single page.
MFA sites generate large volumes, and the programmatic CPMs are not that low. The table below shows some examples of MFA sites, with the number of visits or pageviews, the maximum observed CPM and the typical CPM seen in programmatic channels. If your goal is to get as many impressions as possible (not caring if the ads are shown to humans) and to spend your budget "in full" then you definitely need these MFA sites in your programmatic media buys. If, however, your goals are to drive business outcomes, seriously consider whether these MFA sites are helping you, or sapping you.
How to check for MFA sites yourself
If you want to inspect pages beyond what you can see in the HTML itself, use PageXray by FouAnalytics. We have two version so far. The first is what it looks like when a user loads the page as if they were visiting from the U.S. The latter, marked -eu, is what it looks like when the visitor is from the EU (we expect the page should have fewer ads and trackers if they respected privacy and consent signals). Hint: most don't.
US version -- this is what it looks like when a visitor from the US loads the page -- https://pagexray.fouanalytics.com/
EU version -- this is what it looks like when a visitor from the EU loads the page -- https://pagexray-eu.fouanalytics.com/
Let me know if there's any investigation I can help with.
Also, see this great study by Deepsee.io into the same types of sites that load lots of ads in certain situations so they remain hidden from normal, manual inspection.
Building products for the open web.
1 年Infringing on copyright content is absolutely unacceptable and perhaps this is a good metric to objectively start to narrow down the definition of MFA. My problem with 'MFA' is and continues to be the vagueness of what we consider to be MFA. If as an industry we say things like "ad density" or "too many ad requests", etc then we should also define acceptable norms. Without standards smaller publishers who are above board risk being included in the MFA designation or unintentionally excluded from buyers / MFA vendors simply creating whitelists. This sets a dangerous precedent for smaller publishers. To highlight my point, a seemingly premium publisher can have 1000+ ad server requests according to your own tool. If this is acceptable to buyers on PCH, it should be acceptable to buyers on smallpublisher.com. Take a look at https://www.pch.com/quizzes/travel/who-are-these-famous-floridians Adserver Requests: 1158 Tracking Requests: 826 Objective, open-source, and clear metrics will help publishers of all sizes and allow buyers and MFA vendors to keep a commitment to equity and inclusion so that smaller sites with niche audiences can continue to rely on advertising as a monetisation source.
Ad-Fraud Investigator & Media Expert, member of Digital Forensic Research Lab cohort "Digital Sherlocks" - Adding some fun when asking unexpected questions you were not prepared to hear
1 年Btw: many of these MFA sites have an auto-refresh for their adslots. In some cases we have seen a 3 to 6sec refresh for all! adslots. Imagine if traffic is generated by bots mimicking a usere who spends 2min on such sites. Getting rich is sooo easy.
The Business Growth Locksmith | Connecting Home Movers To Service/Product Providers
1 年I’ve just submitted you to join ‘The Avengers & The X Men’ ??
FouAnalytics - "see Fou yourself" with better analytics
1 年The article is now narrated by Laura https://www.youtube.com/watch?v=9YzP4ssn9k0
Candidates and Causes at Basis Technologies
2 年Looking at you, Perion Network