The curious case of the “buttflap onesie” ad

Over the last few days, a number of keen eyed observers noted the presence of a strange undergarment advertisement following them across the internet. This analysis shows the ad is likely targeted at US adults who have visited certain webpages deemed to be "adult content" related, and that the ads are likely to be targeted via third party cookies and data brokers services. The ad is preferentially being shown on certain high quality sites, such as a salacious article on, where it appears that at least one brand safety technology vendor has labeled the given webpage as brand "unsafe". The ad is likely being run by a Chinese drop shipping company which operates several other e-commerce sites. The "adult content" nature of this article and other webpages where this ad was occasionally seen, coupled with certain brand safety labels, may allow the Chinese advertiser to get below market rates for what would be otherwise premium ad inventory.


This ad was first observed on a recent Elle article about the romance between convicted hedge fund manager Martin Shrekli (colloquially known as the "Pharma bro"), and journalist Christie Smythe.


Several individuals asked why they were being shown this specific ad. Given the goal of Adalytics, which is to provide individuals with "personalized ad analytics", I decided to do a quick analysis of what information is available on this ad campaign.

Who is running this ad campaign?

It appears that the digital ads point to A WhoIs domain lookup shows that the domain is shrouded by a privacy shield - it does not reveal who the owner is or where they are base. According to Internet Archive's Wayback Machine, this website has been active in its present form since at least early 2018.

However, further inspection of the website and other sources suggest that is a drop shipping website owned by a Chinese company, Shanghai Jigao Information Technology Co., Ltd. This company also appears to own the domain, which sells similar products. A simple Google search of the company and you will see Shanghai Jigao Information Technology Co., Ltd. runs the Facebook pages for both the brands.

You can also inspect the source code on, and see numerous comments in Mandarin that allude to Chicme.



Screenshots taken from source code on, using Chrome browser developer tools.

Ivrose uses the Real Time Bidding (RTB) and Programmatic Display service Sociomantic, which is now owned by Dunnhumby.


Why am I being targeted with this ad? uses 18 Ad trackers, sets 9 third party cookies, and uses adtech services from Bytedance (owner of TikTok), Twitter, Microsoft (Bing ads), Verizon (via Yahoo ad network), Criteo, Amazon, Facebook, and Google.

Screen Shot 2020-12-21 at 2.12.16 PM.png

Summary of tracking scripts and third party cookies placed in a user's browser upon visiting Data obtained from The Markup's Blacklight.

Screen Shot 2020-12-21 at 2.14.39 PM.png

Diagram of network HTTP calls made when your browser opens Diagram taken from also uses Javascript tags from IPONWeb, whose founder has been called "the Godfather of Ad tech" according to Digiday. LinkedIn says that IPONWeb is "a leader in the engineering of advanced programmatic, RTB, and media trading platforms across digital, TV, DOOH, and audio".

Screen Shot 2020-12-21 at 2.10.57 PM.png

List of ad tech services contacted by, according to The Markup's Blacklight

It is interesting to note that certain websites owned by Hearst Media, such as, also utilize IPONWeb's services on their webpages. Hearst also uses a number of behavioral and demographic data broker services on their pages.

Screen Shot 2020-12-21 at 2.22.40 PM.png

List of ad tech services contacted by, according to The Markup's Blacklight

I asked different Adalytics browser extension users if they had seen this ad. Based on the responses I got, it seems the Ivrose onesie ad was only shown to users in the United States. Ivrose uses re-marketing services from Google - if you visit their website, you will drastically increase your chances of seeing one of their ads. However, users outside of the US who visit their website, such as some Adalytics users in Dubai, did not see this ad following them around the internet. This suggests that Ivrose is specifically restricting their digital marketing campaign to consumers in the US.

I also observed a pattern that Adalytics users who regularly use new Chrome context profiles or regularly clear all third party cookies do not see the Ivrose onesie ad when the visit or other websites where this ad was seen, such as or

Based on this information, we can infer that Ivrose is using behavioral or demographic targeting cookies, and is focusing on adults in the US. It is likely that cookies set via IponWeb (or other types of user tracking, such as browser canvas fingerprinting), is being used to identify, track, and target users recieving these ads.

If you click on the "Why this ad?" icon for the Ivrose onesie, you will see that the ads are shown based on "Websites you've visited". We also noted that if you create a new Chrome browser context or profile, and visit the same article, you may see this ad from

Screen Shot 2020-12-21 at 2.35.30 PM.png

According to Google's "Why this ad?", the ad is shown based on Google's estimate of your interests. Note that this ad was observed on a fresh Chrome browser context profile (with no third party cookies), on a VPN with a new IP address.

Screen Shot 2020-12-21 at 2.36.23 PM.png

It is therefore likely that Google or some other ad tech company is classifying the article as being related to Adult content or subjects, and is targeting users who visit articles like this one with adult like content, including the Ivrose ad.

Is the article brand "safe"?

Given the circumstantial evidence that this article is enriched for certain "adult themed" advertisements, one may reasonably wonder if brand safety vendors are labeling this as "unsafe". A quick examination of the website with the Adalytics browser extension reveals that Oracle Grapeshot has seemingly labeled this article as "safe". However, it appears that a number of luxury brands may be using custom keyword block lists which are preventing their ads from being shown on this specific article.


Screenshot of the article, showing what appear to be third party brand safety labels for specific brands.

However, it appears that some other brand safety vendors, such as Double Verify or Integral Ad Science, may be blocking ad creatives from rendering on this article. The image below shows a "swap-out" which occurs when an ad is about to load but then is intercept by the tech if it deems a given webpage to contain brand "unsafe" content.


Screenshot of an ad creative swap observed on the article. The "Be Safe" image is a placeholder that is inserted in lieu of the actual ad that won the bidding auction.

Hearst Media sites, particularly, tend to command higher prices in programmatic ad auctions, as measured on cost per mille (CPM) basis. An unpublished Adalytics analysis found that certain Hearst Media sites receive ad bids of $10-18 CPM. If an article is being marked as brand "unsafe" or blocked by certain key advertisers, it may enable less premium brands, such as Ivrose, to secure what would otherwise be premium ad inventory, at below market rate prices.

Further analysis and data collection would be needed to confirm this hypothesis.

Receive future blog posts

Subscribe below to get new articles