Menu

Executive Summary - Are ad tech vendors facilitating or monitoring ads on a website that hosts Child Sexual Abuse Material ?

⚠️ WARNING: This report contains both explicit adult content, as well as references to (though zero direct depictions of) confirmed Child Sexual Abuse Material. Adalytics has already notified the Federal Bureau of Investigation (FBI), Department of Homeland Security HSI Special Agents (DHS HSI), the National Center for Missing & Exploited Children (NCMEC), and the Canadian Centre for Child Protection (C3P) of the potential Child Sexual Abuse Material. The Canadian Centre for Child Protection analyzed a number of images reported by Adalytics, and believed they met the definition of child sexual abuse material under Canadian law.

This empirical research report – which is based on publicly available information - deals with the issue of digital advertising transparency and “brand safety” and, thus, must necessarily focus on language and/or ideas that many (including the authors of this report) may consider offensive. Specifically, this report contains depictions or mentions of adult pornographic content which may not be suitable for all audiences or for the workplace environment. The report does not include any direct depictions of confirmed CSAM which were already reported to law enforcement. Reader discretion is strongly advised.

This executive summary contains no images. The full report, including images, can be found here: https://adalytics.io/blog/adtech-vendors-csam-full-report

Executive Summary

  1. imgbb.com (and its affiliate, ibb.co) is an ad-supported, anonymous, free, image and sharing website. This website does not require users to register before being able to upload and share a photo on its platform. The website itself appears to go to lengths to hide its own ownership - the website does not communicate who owns it, and all of its WhoIS domain records are redacted. According to third party sources, this website has over forty million page views per month - more monthly page views than the websites of the Financial Times, Los Angeles Times, Politico, or the website of the Library of Congress.

  2. During the course of conducting research on how US Government ads were served to bots and crawlers, Adalytics unintentionally and accidentally came across a historical, archived instance where a major advertiser’s digital ads were served to a URLScan.io bot that was crawling and archiving an ibb.co page which appeared to be displaying explicit imagery of a young child. Adalytics immediately ceased reviewing the archive of the explicit child content, and reported the page to the FBI, DHS HSI special agents, the National Center for Missing & Exploited Children (NCMEC), and the Canadian Centre for Child Protection (C3P).

  3. ibb.co and imgbb.com appear to allow anonymous upload of photos without requiring users to register. Furthermore, the websites appears to allow users to hide specific photos from Google and Bing search results, by instructing the search engines to mark the pages as “noindex” via HTML meta tags.

  4. According to the National Center for Missing & Exploited Children (NCMEC), imgbb.com has been notified dozens of times over the course of 2021, 2022, and 2023 that the platform was hosting child sexual abuse materials (CSAM).

  5. Reddit appears to block or ban imgbb.com and ibb.co photo sharing links from its own platform (reddit.com).

  6. In addition to hosting CSAM, imgbb.com and ibb.co appear to host explicit adult content as well as potentially copyright infringing materials. The website also appears to host explicit depictions of canine-human bestiality and zoophilia, which may construe animal abuse.

  7. imgbb.com appears to financially support its free image hosting service by displaying digital ads from ad tech vendors such as Amazon, Google, Criteo, Quantcast, Microsoft, Outbrain, TripleLift, Zeta Global, Nexxen, and others.

    1. It is worth noting that Google AdX, Google Ad Manager, and DV360 do not appear to be actively transacting ads on imgbb.com or ibb.co as of January 2025, at least in the observational sample of data available in this research study.

  8. Many major advertisers appeared to have had their ads placed on a website which has been known - since at least 2021 - to host some amounts of CSAM. These advertisers may have inadvertently contributed funding to a website that is known to host and/or distribute CSAM. The list of advertisers whose ads were confirmed to have served on a site hosting CSAM include major entities such as the Department of Homeland Security, Texas state government (Office of the Texas Governor), Interpublic Group (IPG), Arizona State University, Tom Brady's TB12, MasterCard, Starbucks, PepsiCo (Gatorade), Mars candy and pet foods, McAfee, Kimberly-Clark Corporation (KCC; Depend), Honda, Uber Eats, Google Pixel, Amazon Prime, Whole Foods, DenTek, Puma, Fanduel, Sony Interactive Entertainment (Audeze), Sony Electronics, Thrive Market, Intuit (Mailchimp), Unilever, Lay's potato chips, Adobe, HP, L'Oreal, Acer, Duracell, Kenvue, Sanofi Consumer Healthcare NA, SC Johnson (off bug spray), Audible, AMC Networks' Acorn TV, J.M. Smucker Company (Meow Mix), Kodak, Medtronic, Reckitt Benckiser (mucinex, vanish), Leukemia & Lymphoma Society, Nestle, Adidas, Domino's Pizza, Hill's Science Pet Food, Samsung, Clorox, Simplisafe, Hallmark, Galderma Cetaphil, GoDaddy, Blink security cameras, Paramount+, HBO Max, Prestige Consumer Healthcare (Diabetic Tussin), Dyson, Tree Hut, Colgate, Hill’s Pet Nutrition, Sling TV, Progressive Leasing, Panasonic (ARC5 Palm-Sized Electric Razor), Sleep Number, Glad Trash Bags, savethechildren.org, Associated British Foods (Twinings tea), WayFair, SanDisk, Allergan, Sennheiser, Raymour & Flanigan furniture, Monday.com, Teamson Home, Brita, Virtue Labs smooth shampoo, Filorga, Delta Faucet, Wall Street Journal, Mansion Global, Yves Rocher, Allianz, Beiersdorf, Hertz, Mondelez, Amazon Ads, 23andMe and Skyscanner.

  9. Multiple major brand advertisers whose ads were served on explicit content on imgbb.com reported that their ad tech vendors, such as Amazon, do not provide the advertisers with page URL level reporting that would allow the brands to investigate exactly on what page URLs their ads served. This is especially problematic in the context of a media publisher such as imgbb.com, where a lot of the content can only be seen if a user knows the exact page URL to check, because ibb.co allows uploaders to mark images as “noindex” and thus hide the images from Google and Bing search result pages.

  10. Multiple major advertisers reported to Adalytics that their brand safety vendors had marked 100% of measured ad impressions served on ibb.co and imgbb.com as “brand safe” and/or “brand suitable”. Independent data obtained from URLScan.io confirmed that some of these media buyers' ads had served on explicit, sexual content.

  11. Ad brand safety verification such as DoubleVerify and IAS were seen measuring or monitoring ads on various explicit pages on imgbb.com on behalf of major brands such as FanDuel, Arizona State University and Thrive Market.

    1. In one instance, 197 video ads showing the National Football League (NFL) or FanDuel logo were served on a ibb.co page showing a photo from an “online multiplayer sex game”. The 197x NFL and FanDuel co-branded video ads appeared to use DoubleVerify video tags. A screen recording of the 197x NFL co-branded ads can be seen here: https://www.loom.com/share/4a8de1732df14ac295e115abc520b815

  12. Amazon, Google and other ad tech vendors claim to have media inventory quality policies. However, it is unclear the degree to which those policies are actually enforced if major brands and the US government's ads can be seen on a website that has been known to host CSAM for 3+ years.

Receive future blog posts

Subscribe below to get new articles