Malvertising & Ad Quality Index H1 2022

(formerly known as Demand Quality Report)

Download full report

Confiant's Malvertising and Ad Quality (MAQ) Index (formerly known as our Demand Quality Report) is a quarterly look into the quality of demand in digital advertising.

Using a sample of over 150 billion impressions monitored in real time each quarter, Confiant is able to answer fundamental questions about the state of creative quality.

Digital advertising delivers significant value to publishers but introduces myriad risks related to security, privacy, and user experience. Malicious, disruptive, and annoying ads degrade user experience and drive adoption of ad blockers.

In 2018, Confiant released the industry’s first benchmark report. This report, the 16th in the series, covers the first half of 2022.


  • Security Violations

    Security Violations

    Attempts to compromise the user through the use of malicious code, trickery, and other techniques. Top issues include:

    • Malicious Clickbait
    • Forced redirects
    • Criminal scams
    • Fake ad servers
    • Fake software updates
    • High-Risk Ad Platforms (HRAPs)*

    *Ad platforms that consistently serve abnormal levels of malicious ads and are the preferred vector for malicious actors.

  • Quality Violations

    Quality Violations

    Non-security issues related to ad behavior, technical characteristics, or content. Top issues include:

    • Heavy ads
    • Misleading claims
    • Video arbitrage (formerly In-Banner Video)
    • Undesired audio
    • Undesired video
    • Undesired expansion

Industry View

The security violation rate in H1 hit its highest level since early 2020.

How the industry fared in H1 2022

How did the industry fare in H1 2022?

The rate of Security violations increased over 50% from Q4 to Q1 and remained high through the end of Q2. With more than one in every 500 impressions exhibiting a security issue, the security violation rate is at its highest level since early 2020.

The Quality violation rate fell in Q1 but shot up in Q2, driven by increased detections of Heavy Ads.

H1 2022 Violation Rates by Country

H1 2022 Violation Rates by Country

Canada had the highest rate of Security issues, followed by the U.S. and Great Britain. In a reversal of recent trends, Security rates fell in all European markets, including a 58% drop in Germany.

The Quality violation rate was highest in Japan, driven by Heavy Ads. Quality violation rate were also elevated in Canada, driven by Heavy Ads and Misleading Claims.

H1 2022 Violation Rates by Browser

H1 2022 Violation Rates by Browser

SSP Rankings

For most SSPs, Heavy Ads and Auto Video are consistently the most common Quality issues.

H1 2022 Security Violation Rates by SSP

H1 2022 Security Violation Rates by SSP

Google’s Security violation rate doubled over Q4, once again driven by fake download ads rather than malware. Newcomers SSP-O and SSP-P — being included for the first time in this report — both ranked worse than the industry violation rate.

SSP-G took the top spot, with a Security violation rate of only 0.01%, an improvement even over their 1st place performance in Q4.

H1 2022 Daily Maximum Security Rate by SSP

H1 2022 Daily Maximum Security Rate by SSP

Quarterly averages can mask significant variation in day-to-day performance, so it’s important to measure the upper bound of the Security violation rate for each SSP to get a sense of overall risk.

SSPs K and O exhibited particularly high variance in their Security Rates, with their worst days topping 1%.

H1 2022 Quality Violation Details by SSP

H1 2022 Quality Violation Details by SSP

Major Threat Groups H1 2022

  • DCCBoost


    In Q4 2021, DCCBoost successfully transitioned to campaigns forcefully redirecting desktop users to a site that poses as McAfee and executes a fake antivirus scan. Previously, they had been targeting mobile devices for years.
    DCCBoost has been very active through the first quarter of 2022, then they significantly slowed down their activity. This is a typical trend for DCCBoost and we expect a strong return from them in the next few months.

  • LooseContact


    LooseContact is a new malicious actor focused exclusively on crypto-themed investment scams trafficked via LinkedIn (including LinkedIn DSP).
    LooseContact uses an innovative "cloaking sandwich" approach with multiple layers. The outer layer uses URL shortening services like Bitly to mask a malicious domain. In the inner layer, a malicious domain behaves like a regular click tracker, simply forwarding clicks to legitimate websites (like Nerdwallet).

  • FizzCore


    From April, a series of FizzCore-style attacks launched via Google DV360 in the UK and Germany.
    On April 4th, we detected a malicious typo domain attack on Google ad server, s02mdn[.]net. The one character difference in the URL was adjusted based on WebGL fingerprinting.

  • ScamClub


    Active for many years now, ScamClub malvertisements are defined mainly by forced redirects to fake gift or reward scams.
    ScamClub was abusing a browser vulnerability that Confiant reported earlier in the year (CVE-2021-1801).

  • Fake Updates and Malicious Downloads

    Fake Updates and Malicious Downloads

    Fake Updates and malicious download buttons are as old as the Internet. A whole ecosystem of dubious apps and services are still leveraging this old clickbait tactic. Targeting mainly the US and Europe, they most often feature a prominent, colorful call- to-action button on a white background.

Download full report

Confiant’s Malvertising and Ad Quality (MAQ) Index provides an inside look into the frequency and severity of ad quality issues in digital advertising. Discover what were the top concerns for premium publishers, how SSPs performed in 2022, and what tactics were employed by malvertisers.

Learn about major threat groups active & their tactics

The full report details active threat actors, their techniques, & their impact on the digital ecosystem over the last quarter.

Learn how SSPs are performing

Confiant tracked impressions from over 100 SSPs. However, the vast majority of global impressions originated from just 14 providers commonly used by publishers. Explore which SSPs are performing the best and worst when it comes to ad quality.