• All Articles

AdSecure Violations Report Q2 2024

By Anna Quiroga

July 25, 2024

Ad Secure Violations Report Q2 2024

In this edition of AdSecure’s Violations Report Q2 2024, we analyze Malvertiser activity extracted from the nearly 60K scans run throughout the quarter. Our goal is to bring you useful insights on what to be on the lookout for in order to block Malicious Advertiser attempts on your Website or Ad Network’s ad supply chains. As it seems, bad actors this quarters displayed a strong focus on IAB Standards Violations, which have made it to the Top 10 Violations ranking, and have experienced steep increases comparing Q2 with Q1 2024. Keep reading to find out what are standard IAB sizesthe IAB standard terms and conditions for internet advertising, and how to stop IAB Standards Ad Sizes violations!

"Almost 1 in 20 scans detected 4 or more violations in a malicious ad campaign."

In Q2 almost a quarter of all ads running on Ad Networks and Publisher clients contained at least one violation. Here’s the breakdown comparing both quarter Q1 and Q2:

Violations Report Q2 2024

Our scans for the Violations Report Q2 2024 have detected more Malvertiser activity this quarter than in Q1 2024: Last quarter we detected that 1 in 30 scans detected 4 or more violations! So, as always, it remains key to keep a watchful eye on Malvertiser on your ad supply chain or website.

Top 10 online threats of Q2 2024

Of all the top 10 online global detections increases, 4 were in the User Experience category, 2 in User Security, 3 were User Advisory detections and 1 was an IAB Standards violation:

Landing-page-error (User Experience) 18.90%
Ssl-non-compliant (User Security) 14.10%
Malicious-url-virustotal (User Security) 13%
Back-button-hijack (User Experience) 11.90%
Suspicious-tld (User Advisory) 11.10%
Threat-intelligence (User Advisory) 9.80%
Javascript-dialog-on-entry (User Experience) 8.90%
Unsafe-content-adult (User Advisory) 7.80% 
Iab-ad-dimensions (IAB Standards) 2.50%
Permission-notification (User Experience) 1.90%

As we can see, with Iab-ad-dimensions as one of the top 10 violations of Q2 2024, it is key to learn how to stop IAB Standards Ad Sizes violations!

Violations Report Q2 2024: Q1 to Q2 violation increases 

Heavy-ad +4333.33%: Heavy Ads violate Google's rules due to their weight. Any ad that meets one of the following criteria is classified as a heavy ad and can get blocked by Chrome:

  • Consumes more than 4MB of network bandwidth
  • Uses CPU for 15 seconds or more within a  30 second window
  • Uses CPU for 60 seconds or more in total

Iab-ad-weight +94.89%: What are standard IAB sizes? Ad weight is the total size of all the ad assets being delivered to the browser at a given phase. This detection will flag ads that are not compliant with the IAB standards in terms of ad weight (initial load and sub-load), a key detection to stop IAB Standards Ad Sizes violations. IAB recommends an ad size with an initial load of maximum 50KB and a sub-load of maximum 100KB. These are the IAB standard Mobile ad sizes and Desktop.

Insight: Heavy or big sized ads don’t cause only for a website to load slowly, causing a mild inconvenience for the end user. But instead, when too many resources are being used, like excessive CPU or data usage, it could cause their devices to shut down if they overheat, at times damaging the device, frying its circuits and requiring it to be serviced. This could also affect the device battery, draining it quicker or at times damaging it beyond repair, once again making it obvious why it is important to use professional ad quality detection software to stop IAB Standards Ad Sizes violations.

Auto-vibrate +1200.31%: This violation has experienced a noticeable increase comparing Q1 to Q2 2024. These ads automatically vibrate on the end user's device when they reach the malicious landing page. This provides a poor user experience and can cause them to feel unsafe. Which could cause them to leave the website where they found the ad immediately and never return.

Insight: This detection is based on the malicious use of the HTML5 vibrate API. This protocol is also used for some browsers which vibrate as an alert if a virus or problem has been detected. So, it could be difficult for the end user to see the difference between a real alert and this one, especially if the malicious one has been paired up with an auto-pop with a warning, posing a very real threat for their safety!

Auto-redirect-app-market +687.33%: Auto-redirect ads contain a malicious script which redirects the end user to another site or app store, in order to show them unsolicited ads and landing pages, or to steal their information. These unwanted ads could also contain non-compliant content, exposing younger end users to explicit non-appropriate content.

Iab-ad-request-count +328.81%: Although this detection is not directly linked to how to stop IAB Standards Ad Sizes violations, it is closely related to the topic. Ads consist of multiple resources and the number of requests made to show them has a significant impact on the ad’s load performance as well as on the page where it will display. The IAB recommends a maximum of 10 ad requests to promote the optimized performance of online ads; this violation does not comply with that requirement. 

Insight: Although with a higher request count the ad will be shown more times, this won’t necessarily translate into higher impressions. In fact, this could result in exactly the opposite, since the end user will end up leaving the website if they are constantly being pestered by the same ad. This could result in lower eCPM values and in general impaired revenues and metrics.

Scareware +444.14%: This detection claims that the end user’s device has been infected, using the name of a well-known Antivirus software to gain trust. Then it swindles them into paying for fake antivirus software, stealing their banking information, money and ironically at times infecting the device with a very real virus.

Threat-intelligence +196.30%: Threat Intelligence performs a behavioral analysis on specific URLs to estimate the probability and the severity of violations, so that potential risks can be eliminated before going LIVE. The risk score classes potential risks from higher to lower using a scale from 5 to 0. The higher the risk, the more likely it is that the URL will present violations. The lower the risk, the safer it can be considered.

Insight: Malvertisers tend to hide several different types of violations in one single link, making it easier for them to sneak security threats in, even when 1 or 2 of their total violations are detected. For instance, one same URL in an Ad can contain a Phishing Threat and/or Scareware to which the end user accesses through an Auto-Redirect, and gets locked into by a Browser Locker.

Phishing-url-webrisk +129.96%: Phishing attacks swindle end users into revealing personal and sensitive information with the Malvertiser. The content of a Phishing site mimics the look and feel of a trusted entity, like a browser, operating system, bank, or government site. This AdSecure detection is based on Phishing URL violations from Google WebRisk and it can be very dangerous to the end user.

Cryptocurrency-miner +116.67%: Cryptojacking uses a device’s CPU power to stealthily mine for crypto currencies. Some websites are transparent about the fact that they use the visitor’s computing power to mine as an exchange: the user gets free content, and the Publisher uses their device’s resources to mine. This is not the case with this violation, where the end user is completely unaware of it, and also the illegitimate mining activities continue on even after he leaves the website.

IAB Standards Violations: What are standard IAB sizes and how to stop IAB Standards Ad Sizes violations

What are the IAB standard terms and conditions for internet advertising? This Violations Report Q2 2024, IAB violations have experienced huge increases across the board, meaning that Advertisers continue needing to be educated in how to optimize their ad resources to promote a high quality advertising experience to end users. Another reason why AdSecure is the best malvertising detection solution is its IAB Standards detection feature, which scans your ads to verify that they abide by the IAB industry standards, thus helping you to stop IAB Standards Ad Sizes violations.

Iab-ad-compression 18.50%: What are standard IAB sizes? To optimize the file size for delivery of an ad to a browser, the assets within the ad should be delivered in compressed formats such as gzip. This detection will flag ads that are not compliant with the IAB standards within this category, which means they are not delivered in a compressed format.

Iab-ad-request-count 1.80%: Ads consist of multiple resources. The number of requests made to fetch these resources has a significant impact on the load performance of the ad as well as on the page where the ad is displayed. This detection will flag ads that are not compliant with the IAB standards in terms of ad request count. IAB recommends a maximum of 10 requests.

Iab-ad-weight 7.60%: As explained above, this detection flags ads that are not compliant with the IAB standards in terms of ad weight and according to what are standard IAB sizes.

Iab-ad-dimensions 72.10%: A paramount detection when it comes to knowing how to stop IAB Standards Ad Sizes violations; the IAB recommends certain ad dimensions that contribute to the majority of revenue and are sufficient to advertise across multiple screen sizes. This detection will flag ads that are not compliant with the IAB standards in terms of ad dimension.

Conclusion: How to stop IAB Standards Ad Sizes violations

This quarter and as we have seen in this edition of the Violations Report Q2 2024, the IAB based violations have had especial protagonism, with Iab-ad-dimensions being 2.50% of the top 10 online threats globally, Iab-ad-request-count having increased a +328.81% and Iab-ad-weight a +94.89% compared to quarter 1 2024. Also, the Heavy-ad  violation has increased a +4333.33%! This makes 4 violations to do with ad dimensions, weight and performance.

This all means that this quarter it is extra necessary for Ad Networks to continue keeping a vigilant eye on these and all kinds of ad quality violations and learning what are standard IAB sizes and how to stop IAB Standards Ad Sizes violations. As well as to continue with the labor of educating Advertisers on how to format their ads in order to remain compliant with Industry Standards and ensuring the best possible ad quality and an optimized and pleasant browsing experience for the end users. 

Share this article on


Anna Quiroga

Senior Marketing Content Creator

EXOGROUP articles