Over the last few days, a number of keen eyed observers noted the presence of a strange undergarment advertisement following them across the internet. This analysis shows the ad is likely targeted at US adults who have visited certain webpages deemed to be "adult content" related, and that the ads are likely to be targeted via third party cookies and data brokers services. The ad is preferentially being shown on certain high quality sites, such as a salacious article on elle.com, where it appears that at least one brand safety technology vendor has labeled the given webpage as brand "unsafe". The ad is likely being run by a Chinese drop shipping company which operates several other e-commerce sites. The "adult content" nature of this article and other webpages where this ad was occasionally seen, coupled with certain brand safety labels, may allow the Chinese advertiser to get below market rates for what would be otherwise premium ad inventory.
This ad was first observed on a recent Elle article about the romance between convicted hedge fund manager Martin Shrekli (colloquially known as the "Pharma bro"), and journalist Christie Smythe.
Several individuals asked why they were being shown this specific ad. Given the goal of Adalytics, which is to provide individuals with "personalized ad analytics", I decided to do a quick analysis of what information is available on this ad campaign.
Who is running this ad campaign?
It appears that the digital ads point to ivrose.com. A WhoIs domain lookup shows that the domain is shrouded by a privacy shield - it does not reveal who the owner is or where they are base. According to Internet Archive's Wayback Machine, this website has been active in its present form since at least early 2018.
However, further inspection of the website and other sources suggest that ivrose.com is a drop shipping website owned by a Chinese company, Shanghai Jigao Information Technology Co., Ltd. This company also appears to own the domain chicme.com, which sells similar products. A simple Google search of the company and you will see Shanghai Jigao Information Technology Co., Ltd. runs the Facebook pages for both the brands.
You can also inspect the source code on ivrose.com, and see numerous comments in Mandarin that allude to Chicme.Screenshots taken from source code on ivrose.com, using Chrome browser developer tools.
Ivrose uses the Real Time Bidding (RTB) and Programmatic Display service Sociomantic, which is now owned by Dunnhumby.
Why am I being targeted with this ad?
Ivrose.com uses 18 Ad trackers, sets 9 third party cookies, and uses adtech services from Bytedance (owner of TikTok), Twitter, Microsoft (Bing ads), Verizon (via Yahoo ad network), Criteo, Amazon, Facebook, and Google.Summary of tracking scripts and third party cookies placed in a user's browser upon visiting ivrose.com. Data obtained from The Markup's Blacklight.Diagram of network HTTP calls made when your browser opens Ivrose.com. Diagram taken from pagexray.fouanalytics.com
It is interesting to note that certain websites owned by Hearst Media, such as elle.com, also utilize IPONWeb's services on their webpages. Hearst also uses a number of behavioral and demographic data broker services on their pages.List of ad tech services contacted by elle.com, according to The Markup's Blacklight
I asked different Adalytics browser extension users if they had seen this ad. Based on the responses I got, it seems the Ivrose onesie ad was only shown to users in the United States. Ivrose uses re-marketing services from Google - if you visit their website, you will drastically increase your chances of seeing one of their ads. However, users outside of the US who visit their website, such as some Adalytics users in Dubai, did not see this ad following them around the internet. This suggests that Ivrose is specifically restricting their digital marketing campaign to consumers in the US.
I also observed a pattern that Adalytics users who regularly use new Chrome context profiles or regularly clear all third party cookies do not see the Ivrose onesie ad when the visit elle.com or other websites where this ad was seen, such as slate.com or bbc.com
Based on this information, we can infer that Ivrose is using behavioral or demographic targeting cookies, and is focusing on adults in the US. It is likely that cookies set via IponWeb (or other types of user tracking, such as browser canvas fingerprinting), is being used to identify, track, and target users recieving these ads.
If you click on the "Why this ad?" icon for the Ivrose onesie, you will see that the ads are shown based on "Websites you've visited". We also noted that if you create a new Chrome browser context or profile, and visit the same elle.com article, you may see this ad from viralsharks.com:
According to Google's "Why this ad?", the ad is shown based on Google's estimate of your interests. Note that this ad was observed on a fresh Chrome browser context profile (with no third party cookies), on a VPN with a new IP address.
It is therefore likely that Google or some other ad tech company is classifying the elle.com article as being related to Adult content or subjects, and is targeting users who visit articles like this one with adult like content, including the Ivrose ad.
Is the elle.com article brand "safe"?
Given the circumstantial evidence that this elle.com article is enriched for certain "adult themed" advertisements, one may reasonably wonder if brand safety vendors are labeling this as "unsafe". A quick examination of the website with the Adalytics browser extension reveals that Oracle Grapeshot has seemingly labeled this article as "safe". However, it appears that a number of luxury brands may be using custom keyword block lists which are preventing their ads from being shown on this specific article.Screenshot of the elle.com article, showing what appear to be third party brand safety labels for specific brands.
However, it appears that some other brand safety vendors, such as Double Verify or Integral Ad Science, may be blocking ad creatives from rendering on this elle.com article. The image below shows a "swap-out" which occurs when an ad is about to load but then is intercept by the tech if it deems a given webpage to contain brand "unsafe" content.Screenshot of an ad creative swap observed on the elle.com article. The "Be Safe" image is a placeholder that is inserted in lieu of the actual ad that won the bidding auction.
Hearst Media sites, particularly elle.com, tend to command higher prices in programmatic ad auctions, as measured on cost per mille (CPM) basis. An unpublished Adalytics analysis found that certain Hearst Media sites receive ad bids of $10-18 CPM. If an article is being marked as brand "unsafe" or blocked by certain key advertisers, it may enable less premium brands, such as Ivrose, to secure what would otherwise be premium ad inventory, at below market rate prices.
Further analysis and data collection would be needed to confirm this hypothesis.