Thank you for your thorough reply @grb. I had indeed seen the * Ability to mark 2FA as done in the inactive 2FA report FR and voted for it since as you say, it could be a good alternative to disregard those report hits that for different reasons (such as the one I exposed in this FR) is not applicable.
On the other hand, I understand the logic behind relaxing the URL match condition on the report so a more “wide” match can be done against 2fa.directory
Since I cannot think of any alternative to handle this exceptions without requiring manual actions on the report hits then I think this FR could be closed.