Suspicious Web Domains Cost Online Ad Business $400m per Year

Full of hot air

If your therapist thinks you have trust issues, you might just work in online advertising.

That’s because it’s getting harder and harder to know what’s real and what isn’t on the Web. And if you don’t believe in ghosts, maybe you should.

On March 19, Adweek.com published a story titled “Meet the Most Suspect Publishers on the Web.” In the piece, we brought to light the issue of so-called “ghost sites,” seemingly innocuous content pages responsible for massive amounts of traffic on various ad exchanges but exhibiting little evidence of actual human audiences. Upon further examination, many of the sites we uncovered, including Alphabird’s Ladyshopspot.com and Precision Media’s Toothbrushing.net, contained little in the way of substantive content.

A large number of the sites in question are suspected of getting huge chunks of traffic from bots—that is, nonhuman traffic delivered by machines designed to mimic users and inflate audience and traffic numbers for publishers while stealing from advertisers.

In fact, as our investigation was coming to a head, a British company, Spider.io, dropped a bombshell: A botnet dubbed Chameleon had infected more than 200 Web domains, many of which corresponded with the sites Adweek had been examining. Spider believes Chameleon is costing the industry $6 million a month.

As it turns out, we may have just scratched the surface.

Since our initial story, numerous industry sources have stepped forward to help us unearth still more suspect publishers. Some have blamed traffic vendors or affiliate brokers for peddling bogus traffic, implying that certain questionable publishers could be innocent. That has only served to muddle the picture, and further erode the industry’s trust.

Since our story, the data-driven ad targeting firm Media6Degrees (m6d) has noticed 500-plus dicey new sites popping up on various exchanges—and collectively, 40.5 million bid requests. One site, says Alec Greenberg, vp, media operations at m6d, exhibits more than 50 percent user overlap with 463 other known exchange pubs. “I’m pretty sure that’s a new record for us,” he says.

Another buyer estimates that hundreds of millions of bogus impressions have been traded on ad exchanges in the weeks since our story. “Put another way, at least 15 to 20 percent of all real-time bid requests are probably fraudulent in some way,” he says.

Seni Thomas, CEO of Heights Media (previously known as Audience Amplify, a heavy exchange buyer that we reported on in our original story), says he and his team have since identified a new group of suspicious publishers—sites that have suddenly seen their exchange traffic soar by 10 million to 80 million impressions per day. It seems the botnet may have shifted.

The social ad data firm RadiumOne, which also spends a lot of time in the exchange world, estimates that ghost publishers, shady Web crooks and their bot-employing associates are stealing a staggering $400 million a year from the online ad business.

Experts say it’s impossible to catch all the bad guys, especially since many are said to originate from outside the U.S. (India, Israel, Eastern Europe). Containment is the more realistic goal.

Following are more suspicious publishers we have homed in on:

Mevio.com

This video site is backed by Kleiner Perkins Caufield Byers, the venture capital firm behind Twitter, Path, Zynga and others. Yet according to numerous sources, including Radium-One, Mevio is suspected of being flooded with bot traffic. It also shares huge portions of its traffic with other sites. Mevio officials were unavailable for comment.

Forward Health
Forward Health operates six sites, including Menshealthbase.com and Womenshealthbase.com—which, according to one active exchange buyer, are “two of the most suspicious sites we’ve ever seen.”

An analysis by social ad data company RadiumOne found that 94.4 percent of the traffic on Womenshealthbase is identical to Mensshealthbase. “Something is really going on here,” says Kyle Napierkowski, RadiumOne’s director of ad optimization.

But Forward Health managing partner Arthur Meyerovich says the company does not use bots, adding he is shocked to hear that it’s been tied to the brewing scandal. “We are not a tech company,” says Meyerovich. “This is absolutely surprising to me. We’ve expanded our investigative efforts, and we’re looking to third-party security companies. In fact, if you are a security company that deals with this, I would personally love to hear from you.

“We take pride in our properties and content, which is created in-house by our doctors and health authors,” he continues. “Our business model online is advertising on our sites, and our clients range from top pharmaceutical brands to general large brands looking to reach a premium audience.”

Is it possible that Forward Health is a victim here? While some in the business say that could be the case, others contend its sites have exhibited suspicious traffic for so long that it’s doubtful company executives are unaware.

Modernbaby.com
and Interiorcomplex.com

Each of these sites peddles enormous traffic on the exchanges. For example, on a recent day Modern Baby was offering 19 million impressions via one exchange (quite the baby boom) and Interior Complex 30 million (the roaring housing market must be back).

“Interior Complex has always been a bad offender,” reveals one demand-side platform (DSP) exec. “In our last report we showed it overlaps with 138 other sites, and Modern Baby overlaps with 89 other sites.”

According to James Nicholson, founder of the sites’ parent company, Brightline Media, this sort of thing is just part of Web publishing. “Like a lot of publishers, we’re always dealing with bots,” he says, adding, “We are still investigating this issue.”

Nicholson says Brightline employs 25 people, yet any articles on Modern Baby are by authors who use only first names, like “Marye.”

It’s not just the bylines that raise eyebrows—Modern Baby is also loaded with ads. Often the same ads appear down each side of the homepage. (Interestingly, Modern Baby has some sort of affiliate arrangement with Glam Media’s Tend.com.) Among the brands spotted in a recent visit: an auto-play video ad for Procter & Gamble’s Febreze, along with banners for Amazon, MacKeeper, Essie Cosmetics and Norwegian Cruise Line. What’s more, sister site Smartmomdeals.com featured four banners at the same time for the HR-management platform Namely, along with an auto-play unit delivered by Glam for the branded Web series Breakfast After Dark, for Unilever’s I Can’t Believe It’s Not Butter.

Says Nicholson: “We are always trying different ad configurations. We are very active content producers. We have 25 writers and editors producing fresh content on a daily basis. Most choose to have their first and last names displayed as bylines, but some prefer just their first name. It’s an individual choice for each author.”

According to RadiumOne, 40 percent of Modern Baby’s traffic is shared with sister site Interior Complex, which covers architecture and design.

Even more eye-opening, 66 percent of the site’s traffic is the same as Womenshealthbase. Might Brightline and Forward Health be sharing trade secrets, or are they victims of the same bot?

“It could be a ‘don’t ask, don’t tell’ policy these guys have,” says Napierkowski. “Some sites have legit traffic … and mix in bad sources. Or it could be that everyone kind of knows. Or it could be a junior traffic guy [playing games].”

2Blue Media Group
This firm maintains a collection of 47 Web properties, including MOMentumNation.com, UniversityofSpeed.net, Womenhealthplans.com and Shoplick.com. Among the red flags: 2Blue Media has long been named on blacklists of sites maintained by various buyers and DSPs. One of its authors, Ellisha Rader, also writes for Alphabird, one of the firms caught up in Adweek’s original investigation.

“2Blue Media has been all over our suspicious-activity reports for a long time. Almost all of their pubs show up,” says a source.

One 2Blue Media site in particular, Theamericangentleman.com, has a 71 percent overlap with destinations on a list compiled by Adweek with help from multiple sources, including RadiumOne, indicating bot traffic or gamesmanship.

“We are a soup-to-nuts lifestyle company,” says co-founder Andrew Moskowitz, who denies any bot traffic. “That’s what we do.”

DevicePlanet.net and PerfectRecipes.net
Who owns these brands? It’s tough to tell. And yet, they share 50 percent of each other’s audiences. (Interestingly, Perfect Recipes is littered with ads and elaborate disclaimers regarding cookies and privacy policies.) Each boasts huge traffic, though Device Planet recently disappeared from the Internet.

Bluefin Media
On its LinkedIn page, this Perrysburg, Ohio-based company claims it is “ranked in the Top 25 companies on the Internet” and that its GossipCenter Network “is one of the Top 3 entertainment news networks on the Internet,” with more than 25 million unique visitors in the U.S. It says its “loyal visitors generate over 2 billion page views per month consuming premium content … people spend 5 million hours/month watching video on our sites.” Meanwhile, sites like Gossipcenter.com and Celebrity-Gossip.net appear on multiple blacklists and share 40 percent of their traffic with the likes of Womenshealthbase.com and InteriorComplex.com.

And there are many more suspect sites out there. (See sidebar for a few examples.)

One might wonder whether this is simply par for the course in an online ad business that becomes more automated by the day. “Bots are part and parcel of the programmatic landscape,” RadiumOne’s Napierkowski points out. “The pirates move on. It’s really hard to catch these people.”

But who is at fault? Some blame media buyers for being negligent. Others point to middlemen involved in the online ad equation, the DSPs and supply-side platforms (SSPs) that look the other way. For example, many of the sites listed in this story are readily available via The Rubicon Project’s inventory pool.

"We need to understand that this is an industry-wide problem, not an automated advertising problem," said Rubicon CEO Frank Addante. "It affects everything, including direct sales, search and analytics. We invest many millions of dollars and have an engineering team dedicated to developing security and protection technologies to continually protect buyers and sellers. This is part of the reason we need to exist…This is not a problem that can be solved in the manual world."

Still, others maintain all this is the fault of exchanges that cannot police themselves. In our initial report, Google’s exchange was cited by many as the cleanest and safest. Yet last week, Adweek was made privy to the inventory supply available via Google’s buying platform Invite Media, and many of the most suspicious publishers were present there too, indicating that Google isn’t as vigilant as one might expect.

"We strive to maintain the highest quality standards on our Ad Exchange and in AdSense with systems honed by years of work on this front," said a Google spokesperson. "We're working to bring this same level of rigor to the newer parts of our business as well."

But nailing suspect publishers will only get you so far, according to Andrew Pancer, COO at m6d. “Avoiding botnet traffic requires more than just blacklisting suspect sites,” Pancer says. “Additional tools need to be deployed to identify infected browsers and not serve ads to them even when they are visiting legitimate sites.”

Could legitimate sites truly be innocent victims? Are they all just buying traffic from a bad guy no one will name, a traffic vendor that employs the same bot?

According to an analysis by RadiumOne, there are 1,724 Web domains that share at least 10 percent of their audience with a group of worst-offender sites uncovered by Adweek, and 254 domains have an overlap of greater than 50 percent. Among the companies showing up include Fox Networks, Glam Media, Burst Media, 2Blue Media, Gorilla Nation, AudienceTV and MyPod Studios. The botnet or nets would appear to run deep.

But while some see victims, others claim publishers must be aware of the kind of traffic they’re driving.

“They know what they are buying,” says Brian Fitzgerald, co-founder of Evolve Media. “When you buy clicks for a third of a penny per click, you know it’s not real.”

Adds Heights Media’s Thomas, “If it looks too good to be true, it probably is.”

The industry appears to have arrived at the consensus that the time to act is now. Adweek has learned that the Interactive Advertising Bureau has organized a task force to address ghost sites and fraudulent traffic. The group, called TOGI (Traffic of Good Intent), is being headed by Federated Media CEO John Battelle and m6d president Penry Price. Many believe, in fact, that a third-party seal of approval for publishers is the only chance for real change. The alternative is that the medium will continue to be dogged by the perception that it’s just not safe for brands.

“Right now you have many clients trying to get more budgets for the Web,” says Doug Chavez, vp of marketing at RadiumOne. “Brand managers don’t understand this—they rely on us and others to do the right thing. These guys go and fight for the dollars, saying, ‘Digital works.’ If we don’t fix this, this is going to come home to roost.”

Until then, it may be best to follow Fox Mulder’s lead: trust no one. Unless you want to believe in ghosts.