Malvertising & Ad Quality Index Q1 2021

(formerly known as Demand Quality Report)

Download full report

Confiant's Malvertising and Ad Quality (MAQ) Index (formerly known as our Demand Quality Report) is a quarterly look into the quality of demand in digital advertising.

Using a sample of over 180 billion impressions monitored in real time in Q1 2021, Confiant is able to answer fundamental questions about the state of ad quality in the industry at large.

Digital advertising delivers significant value to publishers but introduces myriad risks related to security, privacy, and user experience. Malicious, disruptive, and annoying ads degrade user experience and drive adoption of ad blockers.

In September 2018, Confiant released the industry's first benchmark report.
This report, the twelfth in the series, covers Q1 2021.


  • Security Violations

    Security Violations

    Attempts to compromise the user through the use of malicious code, trickery, and other techniques. Top issues include:

    • Malicious Clickbait
    • Forced redirects
    • Criminal scams
    • Fake ad servers
    • Fake software updates
    • High-Risk Ad Platforms (HRAPs)*

    *Ad platforms that consistently serve abnormal levels of malicious ads and are the preferred vector for malicious actors.

  • Quality Violations

    Quality Violations

    Non-security issues related to ad behavior, technical characteristics, or content. Top issues include:

    • Heavy ads
    • Misleading claims
    • Video arbitrage (formerly In-Banner Video)
    • Undesired audio
    • Undesired video
    • Undesired expansion

Industry View

In Q1 2021 1 in every 150 impressions was dangerous or highly disruptive.

How the industry fared in Q1 2021

How did the industry fare in Q1 2021?

The Security violation rate for Q1 2021 was 0.11%, an increase of 0.02 percentage points over Q4 and the highest level we've seen since Q2 2020.

The Quality violation rate increased from 0.38% in Q4 to 0.55% in Q1, an increase of almost 45%. The Quality violation rate has climbed for three straight quarters driven by increased rates of Heavy Ads and Video Arbitrage.

Q1 2021 Violation Rates by Country

Q1 2021 Violation Rates by Country

While European markets have historically had higher rates of Security violations than the U.S., the picture was more mixed for Q1. The UK and Italy both saw violation rates well in excess of the U.S., while Germany, France, and Spain saw much lower activity than in past reports.

Quality violations remained more prevalent in the U.S. than elsewhere in Q1, a trend that’s held through several reports.

Q1 2021 Violation Rates by Header Bidding Framework

Q1 2021 Violation Rates by Header Bidding Framework

Download Full Report

SSP Rankings

The worst performing SSP delivered security issues at 213x the rate of the best.

How the industry fared in Q1 2021

Q1 2021 Security Violation Rates by SSP

A perennial strong performer, Google experienced an uncharacteristic setback this quarter. Their Security violation rate increased from 0.05% in Q4 to 0.18% in Q1 and exceeded the industry average for the first time. SSP-L had the highest Security violation rate, coming in at 213x the rate of the best performing SSP. SSP-L was also the worst performer in Q4.

SSPs J, G, and OpenX were the quarter's top performers, each with a Security violation rate coming in at 0.01% or below.

Average duration of attack by SSP in Q1 2021

Average duration of attack by SSP in Q1 2021

It’s also crucial to understand how long threats persist on an SSP once an attack is underway. We measure how long it takes from when a threat first appears on an SSP to when it’s last seen. On this measure, we see huge differences among the major SSPs.

In Q1, SSP-M’s average response time remained quite elevated at 84 days. Unlike last quarter, no SSP achieved average response times of 1 day or less, and many issues persisted for multiple weeks before being resolved.

Q1 2021 Violation Rates by SSP

Q1 2021 Violation Rates by SSP

Download Full Report

Major Threat Groups Q1 2021

  • Zirconium


    Zirconium is notable for their persistence, technical prowess, and ability to adapt in a changing environment.
    For years, Zirconium have used their understanding of Ad Tech in order to form dozens of convincing business entities to gain seats on major buying platforms.

  • Yosec


    Yosec is a threat actor that pushes fake Flash drive-by downloads and tech support scams via forced redirects.
    The bulk of their activity targets Mac devices, particularly the Safari browser.

  • DCCBoost


    DCCBoost campaigns consistently include interesting malvertising innovations from a technical standpoint.
    They use a combination of server-side targeting combined with a compartmentalized client-side payload in order to deliver the malicious ad in stages.

Download full report

Confiant’s Malvertising and Ad Quality (MAQ) Index provides an inside look into the frequency and severity of ad quality issues in digital advertising. Discover what were the top concerns for premium publishers, how SSPs performed in 2021, and what tactics were employed by malvertisers.

Learn about major threat groups active & their tactics

The full report details active threat actors, their techniques, & their impact on the digital ecosystem over the last quarter.

Learn how SSPs are performing

Confiant tracked impressions from over 100 SSPs. However, 75% of global impressions originated from just 12 providers commonly used by publishers. Explore which SSPs are performing the best and worst when it comes to ad quality quarter over quarter.