Dissecting a “Six-Figures-A-Month” video ad fraud operation

Boxtrap-250x250

Summary

A relatively simple fraud scheme within the video RTB ecosystem is costing advertisers such as Verizon, Netflix, Fedex, KFC and Smirnoff — among others — up to $500,000 USD per month. While they may believe that their ads are reaching premium inventory, they are in fact appearing on file sharing, piracy and pornographic websites through this arbitrage scheme.

The breakdown

Our team of researches recently found a humble-looking website that wouldn’t be worth mentioning had it not been selling over 300 000 impressions per day through RTB networks — and raking up to $40 USD per CPM. For context, those figures would put you in top-grade, premium inventory.

It’s odd because this thin website is a scraped-content filled WordPress blog with only a few pages rather than a reputable-looking news portal (screenshot in case it disappears):

Digging into its traffic statistics, the picture adds up even less. Simply put, it doesn’t seem like something capable of attracting such high numbers of premium visitors, and not even Alexa or SimilarWeb think it’s having the traffic it’s selling:

Animalwonder_chartWhat’s the deal here?

Simple. Besides the obvious red flags so far, this baby is making between $100,000 USD and $500,000 USD per month. Paid by advertisers who run campaigns through RTB networks — yes, that’s you. Of course, anyone with a bit of online marketing experience wouldn’t think twice about not running their ads here. But with large campaign budgets spent on programmatic buying around, this site will still receive a fair amount of ad placements.

So, where does the traffic come from?

Evidence shows that the owners of animalwonder.com are spending a fair amount of money themselves on advertising. The difference is they’re buying banner spaces on torrent and filesharing websites, for fractions of what they’re getting for it. Example packet log here. The banner in this case is hosted on 247RealMedia.

Using DigitalPoint’s cookie tracer tool, we get a better idea of what sorts of sites were displaying animalwonder.com banners.

It gets away with the charade by using multiple redirects to force the referrer, so the true source of the traffic remains hidden:

Animalwonder_referrer_killer

So basically, what we have here is a very lucrative form of impression fraud and traffic laundering. The ad scripts running on this site keep pinging the RTB networks until the impression served wins a bid, as you can see in this URLquery log and the following video:

We found another website, lavishcar.com, that is using the exact same scheme. It’s offering over 300,000 daily video impressions between 10-40 USD / CPM. Again, DigitalPoint’s cookie tracer  reveals that they’ve been running ads on the same websites as well. Screenshot for comparison:

lavishcar

We’ve contacted the RTB networks involved. In the meanwhile, we invite video advertisers who have programmatic campaigns running through RTB networks to make sure they’re blacklisting the animalwonder.com and lavishcar.com domains.

This sort of fraud can be filtered through advanced risk detection and proper due diligence procedures. This can be done by networks, as they have access to all of the data. As an advertiser, you can also take steps to protect yourself from these fraudulent practices. Namely, by including tracking codes — such as the ones we offer —  into your banners.

Again, in online advertising, if it’s too good to be true, it probably is.

Leave a Reply

Your email address will not be published. Required fields are marked *