Massive child porn site is hiding in plain sight, and the owners behind it

A few weeks ago I was called by a friend. He told me a very interesting story. He was just googling some HTML tags and searched for img src and img src html. He clicked in Google to search for images with these keywords and was stunned what was shown next. Photos from scantily clad kids in the search results everywhere:

He also searched for img src and img src html on Bing and DuckDuckGo to see what would happen. Same results there:

   

Swim and sport photos or minors, beach photos, private intimate family photos, ‘sexy looking’ selfies of kids. Photos on which the skin is visible from thin and tight swim clothing. This is disgusting! It made me feel really bad that photos of these kids where collected by dirty pedophiles on the internet to pleasure their own pedophilic sexual desire. And Google facilitates all this with a neat interface.

What was going on here??
Why is Google, Bing and DuckDuckGo showing these almost naked photos of under-age kids when searching for some generic HTML image tag? This is very weird behavior! That friend called me to help trace what was happening here. So I started analyzing the situation to see if I could be of any help here.

The photos Google Images is showing originate from all kinds of different sites, such as usseek.com, pinterest.com, taipreschool.com and imagesbrazil.com. What I quickly found out, is that these images had one thing in common: in the description of the image the reference to imgsrc.ru was made. Apparently all these images originate from that site, and were copied to other sites that left the reference.

Disclaimer
Don’t visit imgsrc.ru as images hosted on this site can be classified as child pornography and this is illegal in most countries. The site also hosts malware.

TL;DR
By doing simple HTML tag search in Google, Bing, or DuckDuckGo for ‘img src’ or ‘img src html’ you’ll get results of half naked children. The rabbit hole points back to a very large Russian image hosting company with 21.61 million visits per month.

Some interesting statistics arise:

  • 8 categories are full of pictures of minors.
  • Those 8 categories host 4,361,962 pictures in 128,293 albums (73%).
  • 57 categories host mostly normal photos.
  • Those 57 categories host 1,612,042 pictures in 47,413 albums (27%).

Let that sink in for a moment: 4.3 million photos of kids that pedophiles shared with each other. This is a very big operation going on here! 73% of all the albums on imgsrc.ru are pedophilic oriented.

This resulted in RTL News publishing the following story on national Dutch Tv about the phenomenon:

What is imgsrc.ru?
I opened up my browser and visited imgsrc.ru:

And immediately my anti-virus products displays a scary warning:

And shortly after:

This is not good! More on that later!

imgsrc.ru looks like an ordinary images hosting site. But when you click on the ‘kids’ category listed under ‘family’, you quickly notice some very pedo oriented descriptions in the names of the albums:

Also notice that all these albums where created in the last 8 hours. That’s quite some interaction going on here! I scrolled down the listed and a lot more albums appear:

Apparently there are 52,011 albums in the kids section, hosting 2,801,996 photos! That’s quite a lot!

Express.co.uk: Pedophiles raid social networks for children in family photos
The Sunday Express wrote the following article about imgsrc.ru in 2014:

“Pedophiles are raiding social networking sites for pictures of children on family days out. Photos taken by parents are being uploaded to a Russian website for perverts to leer at and make vile comments about them that will horrify the children’s families. [..]

The sinister practice is legal as the photos are not deemed indecent, even though the comments show they are being used for sexual gratification. [..]

Mr Danczuk, who has investigated child abuse in his own constituency of Rochdale, added: “These websites should be shut down immediately.”

Fellow Labour MP Tom Watson, who is working with police to expose pedophile rings, said: “The operators of these giant photo-sharing sites need to deal with these issues promptly.

“The police should track the authors of these sick comments. If they’re as brazen as this they are probably linked to other, illegal activity.”

Peter Saunders, from the National Association for People Abused in Childhood, said: [..] “There needs to be a special task force set up to smash these sort of rings at the source.”

The National Crime Agency does monitor iMGSRC.RU and a spokesman said images are assessed “on a case-by-case basis” but if they are not explicit, there is little the agency can do. [..]

In all iMGSRC.RU has 637,000 users and 38 million photographs uploaded, most viewed by normal decent people.

However it has thousands of pictures of children, some that can only be seen using an encrypted password, posted every day despite a policy of “absolutely no child porn”.

When contacted by the Sunday Express the website moderators refused to comment.”

Reviews of the site
On the dark web the imgsrc.ru website is described as following:

It looks like pedophiles use standard passwords to ‘protect’ their albums on imgsrc.ru that contain full nude child porn material. An abbreviation is used to indicate what the password is. This abbreviation is put in the album name so the in-crowd has easy access.

This post also shows that pedophiles exchange child porn images with each other via password protected directories on imgsrc.ru.

Some other comments I found on the internet that reference imgsrc.ru:

  • MiniScorch (2010): “full of child porn and other sik stuff”
  • Asgard01 (2011): “Avoid – The site had sick images of children.”
  • Michaelfromdenmark (2016): “I was looking at some google images, when a random site came up, http://imgsrc.ru/ I went on the site for fun, and I was like “okay well, there might be some good stuff on here”, but then I ended up finding a hell of a lot child porn, and other nasty stuff on there.”
  • Anonymous (2017): “Inappropriate for anyone [..] this site contains pictures of children in diapers and other content not appropriate for anyone.”

During my search it seems to be the case that the site has almost never been discussed by mainstream media.

United States sees imgsrc.ru as a child porn site
I found a lawsuit from December 14, 2015 in which someone got caught who wanted to exchange child porn content with an Australian undercover agent via contact initiated via imgsrc.ru. In the lawsuit the viewpoint of the United States towards imgsrc.ru is made clear:

  • “[..] The United States, Australia, and Russia are members of a Mutual Legal Assistance Treaty whereby member nations share information about internet traffic on websites including IMGSRC.RU, a Russian file-sharing site known to U.S. Homeland Security as a repository for child pornography. [..]”

In 2013 an end user of imgsrc.ru was also caught:

  • “[..] Manganelli’s email account was connected with an online photo and sharing website called iMGSRC, which according to the complaint is used to view and trade child pornography. [..]”

On May 5, 2015 Sander van der Werf wrote the following in his research about imgsrc.ru on his weblog:

  • “[..] IMGSRC.ru is a site which allows its users to upload pictures with the option to password-protect albums under the guise of protecting minors from pornography. To see the photos in those collections, users must ask each other for passwords.The site hosts a photo album titled “very sexy young teens,” marked with a nudity filter, and tagged with phrases such as “small,” “teen”  and “young.” And it’s popular.“We’ve recently reached a population of 708,000 USERS with a total of 42,000,000 PHOTOS uploaded,” reads the homepage.Despite a policy of “absolutely no child porn” on the site, child pornography still surfaces, evidenced by multiple arrests. And though the site has a clear record of hosting child pornography, it claims to have rules: standard pornography must be deposited in password-protected folders because the photos could be viewed by minors—“which is no good,” the site reads.iMGSRC is hosted out of Russia, a country currently considering harsh pedophelia laws, including castration. But the website cannot be taken down without governmental action.A website can be blacklisted with an order from the Roskomnadzor, Russia’s media supervisory body, according to Russian politician Ilya Ponomarev. “If [a] site is blacklisted, nobody inside Russia can access it without special software,” Ponomarev says. But iMGSRC.ru isn’t on that list, and it’s accessible to anyone in Russia. [..]Of many child pornography arrests, several have have been tied specifically to iMGSRC.ru. [..]”

It seems no police force is going after the owners of the site, only a few end users have been caught from reading the media reports about imgsrc.ru.

The site exists since 2005. It’s almost 2018 now, and imgsrc.ru is still up and running …

Safety first! No more image downloads 
Becoming aware of what the site in front of me really is, I thought it would be smart to configure my browser to stop downloading images. I don’t want to see – and store any child pornography related material on my hard disc. In Firefox this can be easily accomplished by visiting about:config and then change the permissions.default.image setting to 2:

That’s all! Now I can safely visit imgsrc.ru and do some more research about the site.

No contact details
The site looks really simple and amaturistic. Nowhere on the site is listed who owns it and who’s responsible for it. There is only a search bar, a FAQ, an album overview and list of all users. It looks very anonymous. The site has a Russian domain name and is visible in Russian and English.

Pedo pictures are everywhere
I clicked through all kinds of different image categories on the site to look at the album names. Some categories look like they’re full of pedo content:

How many pictures of minors are hosted?
There are in total 65 categories on imgsrc.ru in which albums can be placed. An album contains on average 34 pictures (in the ‘kids’ category). I’ve collected and calculated the total number of albums and pictures per category:

I’ve screened the album names to look for indication of pictures of kids and marked ‘xxx’ next to each category when it’s probably full of pedo material (see red rectangles in above tables).

Some interesting statistics arise:

  • 8 categories are full of pictures of minors.
  • Those 8 categories host 4,361,962 pictures in 128,293 albums (73%).
  • 57 categories host mostly normal photos.
  • Those 57 categories host 1,612,042 pictures in 47,413 albums (27%).

Let that sink in for a moment:

  • 4.3 million photos of kids that pedophiles shared with each other. This is a very big operation going on here!
  • 73% of all the albums on imgsrc.ru is probably pedophilic oriented.

Specific search for photos of minors
Pedophiles use shortcuts to describe the content of the album. A 15y boy or 15yo boy means a 15 year old boy. I was wondering how many albums contained photos of kids from 1 to 17 year old. I made use of the site’s search bar and searched for 17y, 16y, etc. The following statistics arise:

Now that’s weird! When I searched for 9y, than the search results don’t contain any results! Same for 8y up to 1y. Apparently there are no albums that contain 1y up to 9y in the album name, or the website filters those albums out in the search results. Which of the two would it be?

Creating in-depth statistics
To answer that question, I needed to create more insight into what exactly is hosted on the site. So I decided to analyze all the 52,011 album names in the ‘kids’ category. In order to get all those 52,011 album names, I needed to download 521 webpages, as each webpage contains 100 album names:

I used Burp Suite Intruder to automatically save all the 521 webpages. Via PHP en regular expressions I scraped all the album information from the gathered HTML files and generated statistics.

Searching for pictures of minors in harvested data
With this new gathered data I searched again for 1y up to 17y:

Look what we found here!

Search engine blacklists specific search term
It’s now proven that there are albums in the ‘kids’ category that contain the phrase 9y up to 3y. These albums weren’t shown earlier in the search results! This means the webmaster deliberately blacklisted albums that could contain images from children that are less than 10 years old. Why would this be done?

  1. To hide these images more, because those are considered worse?
  2. Or does the webmaster has at least some moral and disapproves pedophilia involving kids that are less then 10 years old? There are significant less pictures from kids below 10 years old, compared to photos from kids from 10 years and older.

Update January 1, 2018
After publishing this article, people pointed out that the most logical explanation is that the search form needs at least three characters for search terms. Otherwise all albums may pop-up in the search results page.

Some more statistics

  • The ‘kids’ category has 2,801,996 pictures stored in 52,008 albums that are uploaded by 12,208 users.
  • 100,669 pictures were stored in an album that have a name that contains 1y or a similar variant up to 17y. These photos were uploaded by 1,322 unique user names in 3,254 albums.
  • From those 3,254 albums, 1,076 were password protected (33%).
  • The ‘kids’ category represents 40% of the pedophilic oriented flagged categories on the site.

FAQ
The FAQ contains some additional insight into the daily operations of managing the users of the site:

They mention child porn specifically, because it’s their daily operation managing it. They apparently need to specify what is unacceptable child porn, such as “urinating, spanking, bound pics and alike”. It seems other less extreme form of child porn is acceptable? Such as all the images we saw in Google that fit in the grey zone? These, and also the dirty comments below them are not removed by moderators of the site.

How popular is this site?
Imgsrc.ru is the 873 most visited site in the world according to website traffic experts SimilarWeb:

Wow! This is one popular site! I didn’t see that one coming!

It has 21.61 million visits per month. The site is even more popular in the United States, as imgsrc.ru ranks as the 763 most visited site there (!).

Alexa is another respected company specialized in measuring website traffic. According to them:

  • imgsrc.ru is the 3,115 most visited site in the world
  • 0.0144% of global Internet users visit it.
  • It has 17.7 million visits per month.
  • In each visit on average 62 webpages are visited.
  • That’s 1,097,400,000 webpages per month.
  • Each visits takes on average 15 minutes.

19% of the visitors seems to originate from the United States, 14% from Germany and 10% from Russia:

As expected a lot more men (ca. 75%) than woman visit the site.

How many registered users does the site have?
Via the Internet Archive I’ve looked at the webpage on imgsrc.ru that lists the total number of registered users on the site. The webpage listed the following amount over the years:

imgsrc.ru has almost a million registered users. This is huge! During the last 11 years there seems to be a continuous flow of newly registered users.

Who are the owners of the site?
I stumbled across one of the biggest pedophile community sites in the world that aired in 2005. It’s running now for more that 12 years and apparently the FBI, Interpol and other police forces around the world were unable to take the site down. Only a few end-users of the site were prosecuted. Maybe because they can’t find the owner(s) of the site?

Let’s see if there is a way to deanonymize the owner(s) of the site!

Whois to the rescue!
The domain name imgsrc.ru was registered on April 14, 2005. The ownership information (also called whois information) is anonymized for imgsrc.ru since November 11, 2011. Luckily there is DomainTools.com that archives whois records over time. I have been digging through lots of records and created the following timeline. On the given date, the e-mail address was the new owner of imgsrc.ru:

On December 28, 2010 the e-mail address jd@artdesign.ru became owner. That change only lasted for one day (!). Was this a hostile domain name takeover that was quickly reverted by support@imgsrc.ru?

Other connected domain names
The following domain names redirect visitors towards imgsrc.ru:

  • imgsrc.su
  • imgsrc.co
  • imsgrc.ru
  • imgsec.ru

The images on imgsrc.ru are stored on subdomains of icdn.ru. Domain name is.pp.ru is used to link to icdn.ru. They used multiple webhosting companies to host all the images.

Infrastructure connected to imgsrc.ru:

77.247.178.171 dlp.imgsrc.ru
83.222.2.111 imgsrc.su
83.222.2.111 0xs.ru
83.222.2.111 imgsrc.ro
83.222.2.111 imgsrc.co
83.222.2.111 icdn.ru
83.222.2.111 imgsrk.ru
87.242.72.143 imgsec.ru
87.242.72.143 imsgrc.ru
87.242.72.143 xn--j1ajhzqe.xn--p1ai
87.242.72.203 eu.icdn.ru
87.242.72.203 s2.eu.icdn.ru
87.242.72.203 static.icdn.ru
87.242.72.203 imgsrc.net
87.242.73.60 imgsrc.ru
87.242.73.60 praha-2.imgsrc.ru
87.242.73.60 mh2.imgsrc.ru
87.242.73.60 teen-galaxy.net

If someone wants to blacklist these sites and IP addresses in website and DNS filtering services: that would be great!

E-mail addresses from owners
I’ve also digged through the whois records of those domain names and compiled the following list of e-mail addresses that were owner (in the past) of the given domain name:

Now we’re getting somewhere!

Deanonymization via Facebook
Two of the e-mail addresses of imgsrc.ru owners were easily deanonymized by searching Facebook for the profile that’s linked to a given e-mail address:

enzgaenz@gmail.com is Anton Kovalenko, and
imzlata@gmail.com is Zlata Fedulova:

Anton is also friends with Zlata on Facebook, so this confirms they know each other:

Zlata has a LinkedIn and Twitter account. Anton uses also Instagram.

Deanonymizing jd@artdesign.ru
E-mail address jd@artdesign.ru was at least one day owner of imgsrc.ru on December 28, 2010. This e-mail address is also used to register domain name jdwuzhere.ru. This domain name is used in the following profile on imgsrc.ru:

Notice that this user jd wuz here is created on January 11, 2006 – so also one of the first users of imgsrc.ru. I searched Google for hits on jdwuzhere and hit jackpot.

There’s a profile on FourSquare with username jdwuzhere. The first FourSquare account that jdwuzhere followed was zlata:

This is the FourSquare account of Zlata Fedulova, one of the other deanonymized owners of imgsrc.ru. Zlata’s FourSquare account has a link to Twitter account @zlatafedulova which has also the name ‘Zlata Fedulova’ set.

I’ve now confirmed that the FourSquare account of jdwuzhere is connected to account zlatafedulova, and thus indirect to imgsrc.ru. This is important, because the FourSquare account from jdwuzhere links to Twitter account @jdwuzhere. This Twitter account has set the same profile photo of an Instagram profile from user jdwuzhere. This Instagram profile displays the real name of the user: Vladimir Sopot (look at the right bottom of the screenshot):

The first Twitter account that was followed by @jdwuzhere was @imgsrc_ru:

There is also a Facebook profile with username jdwuzhere that’s from Vladimir Sopot:

Jdwuzhere is owner of imgsec.ru
jdwuzhere@gmail.com is owner of imgsec.ru, a domain name that redirects all traffic to imgsrc.ru. imgsec.ru resolves to the same IP address as imgsrc.ru87.242.72.143. This means that imgsec.ru is hosted on the same server as imgsrc.ru.

Mapping the relations
A hacker friend of mine validated this deanonymization research and drafted the following diagram to map the relations found:

With this overview in hand we can now conclude that the third owner of imgsrc.ru is Vladimir Sopot.

Three owners are busted, now the last one?
One of the developers of the site in Skinny Bravo. He’s the public figure behind the site.

Via the website www.archive.org it is possible to look how a website looked like in the past. The Internet Archive is a non-profit organization that archives webpages on the internet. The following screenshot is from one of the first posts on imgsrc.ru by someone named Skinny in June 2006:

Skinny is also mentioned as ATR.skinny in the copyright statement in the site’s footer.

Skinny’s whois records
From almost the whole period between September 2008 until December 2010 the e-mail address skinny.bravo@gmail.com was linked as owner of imgsrc.ru according to archived whois records from DomainTools. This is probably also the e-mail address from the official imgsrc.ru‘s spokesperson named ‘skinny’.

Skinny Bravo has a profile on imgsrc.ru:

This profile is created on November 25, 2005 and thus must be one of the first profiles ever created on imgsrc.ru. Unfortunately the e-mail address associated with this profile is hidden.

Google cache got copy of Skinny’s e-mail address
This was not always the case. The Google cache of Skinny’s profile page on imgsrc.ru shows that at one time in history the e-mail address support@imgsrc.ru was used by Skinny:

support@imgrc.ru is also the e-mail address used to register ownership of imgsrc.ru on December 29, 2010.

Skinny also has the e-mail address skinny.bravo@gmail.com and used this address to register ownership for imgsrc.ru

Internet Archive shows new e-mail address
The Internet Archive has a copy of a webpage from April 28, 2006 about an XML interface to imgsrc.ru:

It translates in English to: “Comments and suggestions about this XML interface can be sent to isrc@mail.ru.” In the footer ATR.skinny & ATR.shaitan is shown as owners of the site.

Skinny’s Twitter profile
Skinny also has a Twitter profile @skinny_bravo but doesn’t use it:

The password reset function of his Twitter account reveals the following e-mail address that is linked as a back-up account:

is**@m**.** is probably isrc@mail.ru, the e-mail address listed on imgsrc.ru in 2006 as owner of the site’s API.

Password reset of mail.ru reveals mail address
The password reset functionality of mail.ru reveals a back-up e-mail address for iscr@mail.ru:

The back-up address for iscr@mail.ru is ski*********@gmail.com, which probably is skinny.bravo@gmail.com.

Findings about Skinny Bravo

  1. ATR.skinny & ATR.shaitan are mentioned as owners in the footer of imgsrc.ru in 2006.
  2. The developer(s) of the API for imgsrc.ru used iscr@mail.ru as public address for support.
  3. Twitter account @skinny_bravo first tweet was about imgsrc.ru.
  4. The Twitter password reset functionality shows that @skinny_bravo used iscr@mail.ru as back-up mail address.
  5. The mail.ru password reset functionality shows that skinny.bravo@gmail.com is used as back-up mail address.
  6. Whois records show that skinny.bravo@gmail.com was linked as the owner of imgsrc.ru, imgsrc.su and imsgrc.ru.

Imgsrc.ru was already pedophile oriented in 2006
In Skinny’s profile on imgsrc.ru a link is visible to his weblog hosted on livejournal.com. This weblog doesn’t seem to contain any content. But it did in the past according to archived webpages by the Internet Archive:

In above post from November 2006 Skinny is complaining that people attack his site because of its “pedophilic orientation”. This confirms that it’s probably a pedophile site from the start, and not something from recent years.

Almost nobody wants to host imgsrc.ru
In October 2008 it looked like imgsrc.ru was dumped by their webhosting provider and had a hard time finding a new home. Skinny asked all kinds of webhosting companies to host his site, but got rejected by quite a few webhosters:

Imgsrc.ru started in 2006
The Internet Archive shows us also that imgsrc.ru started in 2005 and managed to stay alive over the years:

Dead end
Unfortunately I couldn’t find anything more useful on Skinny.

Deanonymization results so far
Since 2005 the owners behind imgsrc.ru remained anonymous. Until now. Some of them made critical mistakes in using the e-mail address and nickname associated with imgsrc.ru on social networks they use in their normal daily lives. I could deanonymize three owners of imgsrc.ru:

  1. Zlata Fedulova
  2. Vladimir Sopot
  3. Anton Kovalenko

skinny.bravo@gmail.com and instronkoreas@yahoo.com still remain anonymous based on my open source intelligence hunting. That updated owner table of imgsrc.ru:

Back to the anti-virus pop-up
Remember the scary anti-virus notification I got when initially navigating to imgsrc.ru?

When this happened I immediately investigated what was going on. Kaspersky flagged a downloaded JavaScript file as a trojan horse (HEUR:Trojan.Script.Generic) when I first navigated to imgsrc.ru. The malware was loaded from:

  • hxxps://coinhive.com/lib/coinhive.min.js

This malicious file is included in every page on imgsrc.ru:

Second opinion
I’ve scanned the file with 67 virus scanners via VirusTotal.com:

12 out of 67 virus scanners mark the file as malware. Symantec classifies the file as PUA.JScoinminer. This file looks very sketchy!

Crypto currency miner runs in the background
The JavaScript code flagged as malware is from coinhive.com. According to their website the JavaScript does the following:

“Coinhive offers a JavaScript miner for the Monero Blockchain that you can embed in your website. Your users run the miner directly in their Browser and mine XMR for you in turn for an ad-free experience, in-game currency or whatever incentives you can come up with.”

Coinhive is a service that takes a commission of 30 procent and let’s users via JavaScript use the cpu of site visitors to mine the crypto currency Monero.

Malware Bytes says the following about Coinhive:

“Cryptocurrency miners [such as Coinhive, red.] are usually VERY resource intensive. This is because you are asking your system to do immense calculations it probably wasn’t designed to do, quickly, which is fine if you’ve got the hardware for it. But if you are running a 10-year-old system you bought off the shelf, it could not only decrease the speed and efficiency of your system, but even damage the hardware.

Over the years, we’ve observed miners also included with sketchy software and malware, as a means to make more money for the people behind this kind of garbage software. [..]

We do not claim that CoinHive is malicious, or even necessarily a bad idea. The concept of allowing folks to opt-in for an alternative to advertising, which has been plagued by everything from fake news to malvertising, is a noble one. The execution of it is another story.

The reason we block CoinHive is because there are site owners who do not ask for their users’ permission to start running CPU-gorging applications on their systems. [..]”

This malware doesn’t seem to be really bad and only consumes the cpu and electricity of your computer.

Update December 31, 2017: CoinHive drops imgsrc.ru as customer
I contacted CoinHive and reported that they financially support a large pedophile site with their service. They investigated the site and replied:

“We’ve disabled their account and will no longer be supporting them. We’ll do our best to remove our code from their site. However, we can not force them.”

Great! They dropped their customer: imgsrc.ru will not longer earn money via their crypto miner. Good news!

Update January 3, 2017: How much money do they earn with mining?
Security researcher Troy Mursch (@bad_packets) did research on CoinHive. He published in November 2017 excellent research, and found out that CoinHive is used on 30,000+ sites. I asked him to calculate what imgsrc.ru would earn for running the Monero crypto miner on their site:

* note for ‘rate/1 million hashes’ setting: Coinhive’s current published rate is used. Also note that this calculation is based on 17.3 million visitors a month. Not every visitor will have JavaScript turned on, and some ad blockers and anti-virus products will also block Coinhive.

According to Troy, imgsrc.ru earns 27.77 Monero (XMR) per month. 27.77 XMR can be exchanged for $10,455:

That’s quite a lot of money for just running JavaScript code on your visitor’s computers (!)

Update January 4, 2017
Curious to see if imgsrc.ru removed the CoinHive JavaScript code, I checked their site again: it’s removed! Someone sent me a Twitter message that he noticed that the CoinHive code was removed within 24 hours. That’s really quick!

imgsrc.ru is now cut off their revenu of $10,000+ a month! Excellent!

What’s next?
Now that I’ve found one of the biggest pedophile sites on earth and traced three of its owners, what’s next? I called the research redaction of RTL News to help me with this investigating, and to report the site to the authorities. They also did their research and spoke with Interpol, Europol, the Dutch police and the Dutch Hotline for child pornography (Meldpunt Kinderpornografie). Interpol didn’t want to comment on the site and Europol says they don’t work with the Russians.

The Dutch police and Dutch Hotline for child pornography both are very well aware of imgsrc.ru. When RTL News told the police that we traced three owners of the site, they didn’t seem to be really interested in it. They say there is little they can do because the site is based in Russia and collaboration with Russia is politically complicated. They say they monitor the end-user usage of the site and if it involves Dutch children. They didn’t want to say anything further about how monitoring was performed and what the results so far were.

I didn’t expect that reaction! That doesn’t sound very ambitious to me! Why catch a few of the millions of end-users on the site, if you can stop the site altogether by catching the owners of the site? Why are police forces around the world tolerating this site for over 11 year?

Now that this story is published, I hope that Russian authorities step in and take responsibility.

Update December 30, 2017: RTL News Tv broadcast
During this research I closely worked together with research journalists Bart van den Berg and Koen de Regt from RTL News. They published the following story on national Dutch Tv about the phenomenon:

RTL News also published the following article (automatically translated via Google Translate):

Pedophiles share (Dutch) children’s photos on public Russian site
Pedophiles exchange millions of photos of Facebook and Instagram on a Russian site on a large scale. This was the discovery of RTL Nieuws’s research editors, who studied the shadowy barter trade of children’s photos. The Image Search site is not hidden on the dark web, but is simply accessible to everyone on the internet.

At first glance, Image Search looks like a bona fide site to share photos, as it can on the better-known Flickr or Picasa. However, an analysis by security researcher Sijmen Ruwhof shows that there are mainly photos of children on it. There are almost 3 million, and there are dozens added every day.

Explicit comments among the photos
Most children’s photos are innocent in themselves. Often the holiday snapshots of children on the beach, in the playground or at the swimming pool that have been put online by parents or children. But they are all provided with sexually tinted titles such as ‘Cute 15yo dutch girl, nice boobs’ or ‘super hot Dutch boy’ and explicit comments. Also on the site e-mail addresses are exchanged and calls are made to share more material.

Warning
We can imagine that you want to see if your children’s photos are on Image Search. A visit to the site is strongly discouraged by the police. The site also contains material that is classified as child pornography by the police. Collecting, downloading and even just viewing this material is punishable. [..]

Due to the existence of these types of sites, the police have been warning for some time to be careful with pictures of children. Security researcher Ruwhof is surprised that this happens in all openness and undisturbed. “You can just take your smartphone with you, and you can view those photos, it’s so accessible that I’m really shocked,” says Ruwhof.

Dutch children too
On the site are estimated hundreds of pictures of Dutch children. The research editors of RTL Nieuws traced a mother of one of those children. She wants to remain anonymous. These are photos that her daughter placed on her own Facebook page when she was 13 years old. The mother says it is ‘terrible’ to find that ‘innocent photos are misused in this way’.

The Dutch police know the Russian site and says that besides innocent children’s photos also prohibited child pornographic material is hosted there. Nevertheless, the police have not taken any action yet. “We have to choose: if it takes us a lot of time and a lot of work to investigate these kinds of sites, where we do not know yet if we will be successful, the question is always: should we not use that research capacity to investigate cases from which we know upfront that there’s active abuse?”, says national coordinator Child Pornography and Child Sex Tourism Ben van Mierlo against RTL News.

‘They do not do punishable things’
An additional problem in dealing with this type of sites is that a lot of material is not child pornography according to the law. “They do not do punishable things under Dutch law, even though we find this very undesirable and unpalatable, it is not something that is punishable,” says Arda Gerkens, director of the Child Porn Reporting Center, who regularly receives reports about the site.

However, individual users of the site have occasionally been prosecuted. For example, RTL News’s research editors found a lawsuit from 2015 against a man from Deventer [Dutch city, red.]. He offered child pornography on Image Search. An Italian priest would also have been active on the site. He maintained contact with members of a child porn network through Image Search, of which he would be a part of. In the United States, three users of the site have been convicted for possession of child pornography.

The Russian site did not respond to requests from RTL News to respond.”

Update January 2, 2018: Federal police in Belgium starts investigation on Belgium images 
I was called by Marc Klifman from Belgium news paper Nieuwsblad who read my research. He contacted various Belgium authorities and wrote the following story (automatically translated via Google Translate):

Pedophiles share holiday photos from Belgium kids
On the Russian website Image Search, pedophiles exchange stolen child photos from Facebook and Instagram, as well as numerous photo’s of Belgian children, along with dirty comments from perverted adults.” The photos are open to everyone. “The Federal Police and Child Focus started an investigation. “The website seems innocent, but it is only a cover for pedophiles to freely share child pornography,” experts say.

Beautiful images of cities and nature appear on the homepage. But whoever clicks a little further, soon notices that pedophiles have been exchanging stolen photos of Facebook in Instagram for many years.

It suffices to enter the term ‘Belgium’ or ‘Belgian’, and immediately photo series of Belgian children and young women appear. The album ‘Belgian Summer Camp’ is a collection of photos of children in swimwear at summer camp. Among the photos, registered users of the site from different countries place dirty comments below the photos.

Most child photos are innocent. Often the snapshots of children playing on the beach, in the playground or at the swimming pool that parents or children have put online themselves”, says Dutch IT security expert Sijmen Ruwhof, who did research on the site. “But in practice this is just a cover for pedophiles who come to exchange child pornography on this site.”

According to the specialist, 73 percent of the images on the site consist of children’s photos. “The visitors to this website are therefore not interested in looking at beautiful snapshots of the city of Brussels”, says Ruwhof. “Their comments also say enough. They copy children’s photos that they find on social media, place them in a completely different context and invite other people to give dirty comments. ”

According to Ruwhof there are also many albums on the site that are only accessible with a password for pedophiles. “It’s no longer about innocent child photos, but about child pornographic material,” he says.

The Russian website has existed since 2005 and is growing every year in terms of number of visitors and registered users. Justice services worldwide know the problems. However, Ruwhof thinks that there is hardly any action. “Nobody intervenes. The American FBI is not, the Dutch police are not. It will be your child who you suddenly discover that his or her picture is on a website full of pedophiles. Unfortunately nothing is being done about it. Perhaps because the owners of the website are Russians and that it is diplomatically difficult. ”

House searches and arrests
The federal police in our country received the information about the new Belgian children’s photos yesterday via our editorial staff and will investigate the images. “We know this website and have acted against it in the past”, says Yves Goethals, section child abuse officer at the federal police. “Last year we made arrests in this case. In the beginning this website was primarily a place where visual material was exchanged. But now the site is becoming more and more a place where first contacts are made, with pedophiles spreading images later in other places.”

According to Goethals, there is a lot of cooperation at international level to combat the problem. “The information that now emerges can mean the start of a larger investigation, which can later lead to house searches and convictions.”

Strictly speaking, according to the federal police, this is not a child pornography website, but a forum for exchanging photos. Visiting the website is not punishable, but placing compromising, stolen images or inappropriate comments is.

Child Focus has also started an investigation into the images with Belgian children on the Russian website. “It is very clear that some photos on this website are not placed for their aesthetic quality, but with a different intention,” says spokesman Dirk Depover. “It is highly objectionable that these photos are misused to release feelings of lust and power from certain people. I can imagine that if parents discover this, they would be very shocked about it. Rightly so.”

Child Focus encourages people and associations to be particularly careful about what images they put on social media. “Take note of which photos you publicly share. Adjust your privacy settings beforehand, because if you ignore that, anyone in the world can do what they want with those photos.”

Update January 2, 2018: Majority of Dutch parlement wants minister to take action
The Dutch House of Representatives wants to know from the minister why the police doesn’t take action against imgsrc.ru (Dutch national Tv):

RTL News writes on their website (automatically translated via Google Translate):

The House of Representatives wants the Russian pedosite to be tackled
“[..] This morning it appeared that the Belgian police and Child Focus will do research, because there are also photos of Belgian children on the site. There would also have been ten arrests in Belgium.

Current abuse
However, this does not bring the Dutch police to other thoughts. A spokesperson let RTL News know that the Dutch child pornography team remains in its position. Questioning these types of sites would be too much work with uncertain outcome. The Dutch police prefer to spend their time on combating current abuse.

A parliamentary majority of CDA, VVD, PvdA and SP is not satisfied with that. “Regular photos are mixed with child pornographic material, which is terrifying, and I think that should be countered,” says Madeleine van Toorenburg (CDA).

Coalitist VVD wants clarification from the minister about the attitude of the Dutch police. “That the Belgians have started an investigation, I understand, especially if this could lead to traffickers being trapped in child pornography, for example.” I want to know what considerations are playing in the Netherlands “, says Foort van Oosten (VVD)

Reconsider
Opposition parties SP and PvdA go a step further. They want the Dutch police to follow the way the Belgians react. “If there are concrete indications about this Russian site, the police must intervene. I would like to know from the minister why the Dutch police, unlike the Belgian colleagues, don’t take action”, says Atje Kuiken (PvdA).

“The police must reconsider the decision not to start an investigation, and if there is no capacity, they should let us know”, says Michiel van Nispen (SP).

‘Sick spirits’
The CDA also wants that the Ministry of Foreign Affairs contacts Russia about the matter. “The site is managed by sick minds who allow child pornography and all kinds of miserable texts to be placed”, says Van Toorenburg. “I think Russia also wants to have children safely”.

Update January 3, 2018: Official questions for minster
Questions from Dutch political party CDA for the minister of Safety and Justice:

Update January 3, 2018: Reboot It! Podcast about the story
The Reboot It! podcast talks about the story:

Update January 8, 2018: Dutch Tv program Wakker Nederland about imgsrc.ru
Today the Dutch Tv program Wakker Nederland talks about imgsrc.ru. Member of Parliament Madeleine van Toorenburg (CDA) wants that the Russian authorities take the site down:

Rough transcript of relevant comments from Madeleine van Toorenburg:

Host: “Parents have to think much more consciously about what kinds of pictures they put of their children on social media, according to CDA [political party, red.]. Recently, it became clear that photos of Dutch children, among others, turned up on a Russian child pornography website. Mrs. van Toorenburg (second-chamber member CDA). This is a horrible story. RTL News brought this news. How does this story go exactly? On first sight Image Search looks like a normal photo website.”

Van Toorenburg: “And in the end this Russian site turns out to be a repository of a about 3 million so-called innocent child photos. A whole circle of pedophiles is watching these photos.”

Host: “The photos themselves are actually just vacation photos copied from social media, no incriminating photos. It’s all about the comments below the photo’s?”

Van Toorenburg: “It’s the comments, but there are also child pornographic pictures hosted on the site. The site contains all sorts of pictures of children, with dirty comments below them.

The [Dutch, red.] police says: “Do not go to this site and check if your children’s photos are on it. Because there are also very different kinds of images on it, and then you are actually looking at pedophile oriented photos on this horrible site. You should not do that.”

I think that it’s important that the police are going to look at what they can do against Image Search, and also what Russia is doing against this site. There’s actually nothing going on now. I think this is important enough to do something against it. So I also ask questions to the responsible minister to see if Russia, maybe together with the Netherlands and Belgium can act against this site. There are a lot of pictures of European children on that site.”

Update January 10, 2018: Interview by LesInrocks
Amélie Quentel from LesInrocks (French media) called me about my research. She’s written an in-depth article about it.

Update January 15, 2018: Swiss radio Vertigo
Swiss radio station Vertigo about imgsrc.ru:

Update January 18, 2018: Swiss Tv channel about imgsrc.ru
Swiss Tv channel RTS Info skyped me to talk about about my latest research regarding imgsrc.ru:

Update January 24, 2018: Motherboard VICE write-up
Thibault Prévost from Motherboard made a nice write-up of the story so far.

Update February 14, 2018: Russian internet watchdog Roskomnadzor
RTL News called the Russian internet watchdog Roskomnadzor and asked them about imgsrc.ru. They wrote the article below (automatically translated by Google Translate):

Internet watchdog finds more than 2,000 times child pornography on controversial photo website

The Russian internet watchdog Roskomnadzor has found more than 2,000 times child pornography on the photo website Image Search since 2013. That is what a spokesman told RTL News. On the site are estimated hundreds of pictures of Dutch children.

The research editors of RTL Nieuws revealed earlier that this Russian website for sharing photos is a cover for pedophiles. They exchange children’s photos on a large scale.

Secretly copied
Most photos are innocent and have been put on social media by children and parents. Pedophiles secretly copy these photos, place them on Image Search and provide them with sexually tinted texts. The photos are then exchanged for prohibited child pornographic material.

Since 2013 Roskomnadzor has received 3,465 reports of child pornography on Image Search. The reports came from citizens and government bodies. In 2,006 cases it has been established that this concerns prohibited material. The owner of the Image Search site removed 1,998 URLs with prohibited content.

No ban
Forbidding the site, goes too far, says the Russian internet watchdog. According to a spokesperson, the lion’s share of the photos on the site is innocent: it is mainly images of nature, family life, events and travel.

An analysis of security researcher Sijmen Ruwhof previously showed that this is not true. Two thirds of the photos are stolen child photos: a total of about 2.8 million. The amount of banned child pornography is not known.

House of Representatives wants action
Because there are hundreds of photographs of Dutch children on the site, the House of Representatives wants the government to take action. Tomorrow morning the House will discuss this with ministers Grapperhaus and Dekker of Justice and Security.

English sites that link to this story

  1. BrusselsTimes.com: ‘Photos of Belgian children appear on Russian paedophile website’
  2. NLtimes.nl: ‘Dutch MPS call police to act against Russian pedophile site’
  3. Reddit.com thread #1: ‘IT researcher discovers massive Russian child porn site “hiding in plain sight” and deanonymizes owners; Europol authorities refuse to act’
  4. Reddit.com thread #2: ‘Deanonymized child porn site operators use coinhive to mine XMR on the computers of their visitors’
  5. Reddit.com thread #3: ‘Massive child porn site is hiding in plain sight, and the owners behind it’
  6. Reddit.com thread #4: ‘Massive Child Porn site and it’s owners being hidden in plain sight’
  7. HackerNews: ‘Massive child porn site is hiding in plain sight’
  8. Voat.co: ‘Brand New Rabbit Hole, tagged image searches’

Dutch sites that link to this story

  1. RTLnieuws.nl (December 30, 2017): ‘Pedofielen delen massaal (Nederlandse) kinderfoto’s op openbare Russische site’
  2. RTLnieuws.nl (December 31, 2017): ‘Wij plaatsen alleen onherkenbare foto’s van onze kinderen op internet’
  3. RTLnieuws.nl (January 2, 2018): ‘Tweede Kamer wil dat Russische pedosite wordt aangepakt’
  4. RTLnieuws.nl (February 14, 2018): ‘Internetwaakhond vindt ruim 2000 keer kinderporno op omstreden fotowebsite’
  5. Telegraaf.nl: ‘Pedofielen delen foto’s Nederlandse kinderen op Russische site’
  6. AD.nl: ‘Onschuldige kinderfoto’s massaal verspreid via Russische pornosite’
  7. WNL.tv: ‘Pedofielen delen Facebook-foto’s van Nederlandse kinderen’
  8. CopsInCyberSpace.WordPress.com: ‘Pedofielen delen massaal (Nederlandse) kinderfoto’s op openbare Russische site’
  9. WijALaMama.nl: ‘Shocking: pedofielen delen massaal (Nederlandse) kinderfoto’s op Russische site’
  10. NationaleZorggids.nl: ‘De Jonge: Plaats niet zomaar kinderfoto’s op internet’
  11. KinderopvangTotaal.nl: ‘Ouders wees voorzichtig met delen foto’s kinderen’
  12. VL-nieuws.nl: ‘Ouders wees voorzichtig met delen foto’s kinderen’

Belgium sites that link to this story in Dutch

  1. Nieuwsblad.be: ‘Pedofielen delen vakantiefoto’s van Belgische kindjes’
  2. Standaard.be: ‘Pedofielen delen vakantiefoto’s van Belgische kinderen: tien aanhoudingen in ons land’
  3. VTM.be: ‘Al 10 opgepakt in België voor Russische pedosite’
  4. DeMorgen.be: ‘Onderzoek naar pedosite met Belgische vakantiefoto’s’
  5. HLN.be (December 30, 2017): ‘Pedofielen delen miljoenen Facebook-in Instagramfoto’s van kinderen op Russische site’
  6. HLN.be (January 2, 2018): ‘Pedofielen wisselen online foto’s uit van uw kind: 10 aanhoudingen in België’
  7. Knack.be: ‘Politie en Child Focus openen onderzoek naar pedosite met Belgische vakantiefoto’s’
  8. GVA.be: ‘Tien Belgische aanhoudingen in onderzoek naar Russische site waar pedofielen foto’s uitwisselen’
  9. NewsMonkey.be: ‘Hoe pedofielen wereldwijd massaal vakantiefoto’s van onze Belgische kinderen verspreiden’
  10. Skynet.be: ‘Onderzoek naar pedosite met Belgische vakantiefoto’s’
  11. ScienceJournalist.be: ‘Pedofielen delen vakantiefoto’s van Belgische kinderen’ (pdf)

Belgium sites that link to this story in French

  1. RTL.be: ‘Des photos de vacances d’enfants belges volées sur Facebook: elles apparaissent sur un site pédophile russe’
  2. Levif.be: ‘Des photos d’enfants belges apparaissent sur un site pédophile russe’
  3. 7sur7.be: ‘Des photos d’enfants belges sur un site pédophile russe’
  4. Dhnet.be: ‘Des photos d’enfants belges en vacances apparaissent sur un site pédophile russe’
  5. LeSoir.be: ‘La police va enquêter sur des photos d’enfants belges affichées sur un site pédophile russe’
  6. LeSoir.be: ‘La Belgique en alerte orange, c’est dans le vent
    Photos d’enfants sur un site pédophile russe: 10 arrestations en Belgique
  7. Lanouvellegazette.be: ‘Des enfants belges sur un site pédophile russe!’
  8. Lameuse.be: ‘Des enfants belges sur un site pédophile russe!’
  9. DeRedactie.be: ‘Des photos de vacances d’enfants belges sur un site pédophile russe’
  10. RTBR.be: ‘Des photos d’enfants belges apparaissent sur un site pédophile russe’
  11. LaLibre.be: ‘Des photos d’enfants belges en vacances apparaissent sur un site pédophile russe’
  12. Wanted-pedo.com: ‘Des photos d’enfants belges en vacances apparaissent sur un site pédophile russe’
  13. Secunews.org: ‘Des photos d’enfants belges volées sur les réseaux sociaux apparaissent sur un site pédophile russe’
  14. Nordeclair.be: ‘Des enfants belges sur un site pédophile russe!’
  15. Zappy.be: ‘Des pédophiles regardent les photos de vos enfants’
  16. Sudinfo.be: ‘Des enfants belges sur un site pédophile russe!’

Belgium sites that link to this story in German

  1. Grenzecho.net: ‘Pädophile teilen Urlaubsbilder belgischer Kinder auf russischer Internetseite’

French sites that link to this story

  1. LesInrocks.com: ‘Comment un hacker a levé le voile sur l’un des plus gros sites pédopornographiques au monde’
  2. Motherboard.VICE.com: ‘Un site russe héberge des images pédopornographiques en toute impunité’
  3. Linkeol.fr: ‘Comment un hacker a levé le voile sur l’un des plus gros sites pédopornographiques au monde’
  4. Top-breaking.news: ‘Photos d’enfants sur un site pédophile russe: 10 arrestations en Belgique’
  5. 24hgold.com: ‘Protection des données, Facebook agace…’
  6. Lilianeheldkhawam.com: ‘Protection des données, Facebook agace…’

Swiss sites that link to this story

  1. RTS.ch: ‘Médias: De Facebook à un site pédophile: itinéraire de nos photos dʹenfants’
  2. Cmic.ch: ‘Photos d’enfants sur les réseaux sociaux’
  3. Swiss.EconomicBlogs.org: ‘Protection des données, Facebook agace…’

Romania sites that link to this story

  1. Avocatnet.ro: ‘Să-ți spun cum îi ajuți chiar tu pe pedofili să-ți cunoască copilul. Și cum îi încalci drepturile’
  2. Portalziare.ro: ‘Pericol Online: Cum îi ajuți chiar tu pe pedofili să-ți cunoască copilul’
  3. Maramedia.ro: ‘Pericol Online: Cum îi ajuți chiar tu pe pedofili să-ți cunoască copilul’
  4. Stirilekanald.ro: ‘Cum ii ajutam chiar noi pe pedofili sa-si gaseasca victimele. Toti parintii fac acest lucru, fara sa-si dea seama, insa consecintele pot fi dramatice’

About Sijmen Ruwhof

Independent IT Security Researcher / Ethical Hacker
This entry was posted in analysis, child porn, deanonymization, osint, privacy, website. Bookmark the permalink.

89 Responses to Massive child porn site is hiding in plain sight, and the owners behind it

  1. Pingback: Pedofielen delen massaal (Nederlandse) kinderfoto’s op openbare Russische site – Cops in cyberspace

  2. Important topic, important and great work of @sruwhof that we need to be more awere of ! Take care about the children and protect them ! #infosec #children #awareness

  3. Sijmen, wat een verhaal, ongelofelijk! Goed dat het nu out-in-the-open is, hopelijk voert het de druk op de autoriteiten ook wat op.

  4. top-job Sijmen

    and perhaps…in light of all this (and the ease with which family-photos are “stolen” *from* the Web to cater for these sort of sods…)

    it’d be a good idea to repost this with a simpler text along with it
    *TO WARN PARENTS and Peers for this danger*???

  5. I can’t find the right words. Unbelievable!!

  6. Wow, what a lot of work Sijmen Ruwhof, job well done!

  7. Wow, this is very good extensive research!! Well done Sijmen Ruwhof – since Russia is involved, it may be a good idea to have this translated into Russian and publish that as well?

    The truth behind this whole story is very disturbing!!

  8. Mooi werk Sijmen! Wat een indruk moet dit onderzoek op je hebben gemaakt. Hopelijk wordt het in Rusland verder opgepakt. Succes met alles!

  9. Well done! Hopefully it gets the follow up by all authorities it deserves.

  10. Really important !!!
    Thank you for this – we all need to be more alert about this topic !

  11. Kick ass, Sijmen! Trots op je.

  12. Anonymous says:

    Did you really think police were not already aware of the owners identities? If they could arrest them they would but there all in Russia so case closed.

  13. This is solid research that’s well worth reading, but I’d like to add a bit of nuance (thread)

    • A quick search confirms imgsrc​.ru hosts a whole lot of other material that is neither illegal nor objectionable. Calling it a “massive child porn site” seems rather over the top. It’s a free site that performs little to no curation, and thus attracts some rather dubious content.

    • There is also a huge difference between using public images of children for sexual gratification or even sharing them for that purpose, and abusing children and sharing images of the abuse (or engaging in behaviour that facilitates or encourages such abuse).

    • The former is objectionable and may well be illegal in many jurisdictions, but the latter is far, far worse. It is unclear how many actual abuse images end up on imgsrc​.ru. Given that possession of such material is often illegal, I doubt a lot gets uploaded to public websites.

    • Another thing: one shouldn’t refer to the subject as “child porn”, but as child (sexual) abuse material (“CSAM” is the official term used by law enforcement). It’s not porn, and the sexual gratification part isn’t relevant anyway. It’s the abuse that matters.

    • I’d also avoid the term “paedophile”: someone’s sexual preferences, no matter how objectionable you think they are, shouldn’t become anyone’s concern as long as they’re not acted upon. Again, it’s the abuse that is the problem.

    • Finally, I’d avoid using the Daily Express as a source for anything, but especially on a sensitive subject like this. [end]

  14. Christine says:

    Wauw, goed gedaan! Wel een domper dat ze niks doen na zulk dilligent onderzoek. Dat verklaart misschien ook waarom het al zolang wordt gedoogd. Het is geen silkroad. Deden ze maar zo hun best om uitbuiting van kinderen tegen te gaan als tegen drugshandel. Met het eerste raken vooral mensen beschadigd en bij het tweede de belastinginkomsten. Niet cynisch bedoeld maar ik snap het anders gewoon niet. Laten we hopen dat jouw onderzoek tot iets grootser dan die hele imsrc.ru leidt. Nogmaals goed gedaan

  15. Great investigation! Well done Sijmen Ruwhof! Hopefully the governments will give more priority now to dismantle this practice.

  16. Pejte zdej iskat fotke svojih sončec z dopustov, ki jih tako radi lepite na fb.

  17. Great techniques here. (thx to @Stanley142 + @Blackmond_ for sharing it out) –> https://sijmen.ruwhof.net/weblog/ [..]

  18. Fascinating and disturbing. At some level Google knows about it, too (maybe). A Google image search for “img src” has a disclaimer at the bottom:
    “Suspected child abuse content has been removed from this page. ”

  19. Anonymous says:

    Sounds like you found a honeypot!

  20. Imgsrc, ah ben oui allez voir les commentaires sous certaines images de ce site, c’est …

  21. Nice work , thank you

  22. @sruwhof just read a blog post of yours and it was great #respect

  23. I’m 99% sure 1-9y doesn’t show up in the search because the search term is too short.

  24. Nice work. I’ve a question about your research on the owners. How does an email liked to a Facebook or Twitter account with photo indicate the person shown is indeed part of this? Or a natural living person at all?
    Thinking about id theft, mob mentality etc #security

  25. Руснявый хостинг картинок хостил детское порно. И почему я не удивлен… https://sijmen.ruwhof.net/weblog/ [..]

  26. La historia es interesante, y mezcla hacktivismo con política internacional. Siempre quedan claras dos cosas:
    No se toca a Rusia
    Esperar que los CFSE de Europa frenen algo así es rezar porque llueva hacia arriba https://sijmen.ruwhof.net/weblog/ [..]

  27. Pretty solid investigation.

  28. This is what’s known as draining the swamp

  29. Astonishing and such brave work, something I personally would have great difficulty doing. https://sijmen.ruwhof.net/weblog/ [..]

  30. Just another great investigation. Congrats! https://sijmen.ruwhof.net/weblog/ [..]

  31. A must read. Brilliant and thorough work by the author, thank you @sruwhof https://sijmen.ruwhof.net/weblog/ [..]

  32. @krebsonsec hope you see this and give it the attention it needs from mainstream media. Many in my field will agree this site is a scurge to the internet and a gateway site where many ‘likeminded individuals’ first meet

  33. This is Scary and Disgusting. I am not good at the tech stuff so someone please explain but the pedos are stealing pics from family sites of their children in tight fighting swim suits and what we may think as innocent photos but are scantily clad to these sickos. Here are a few words and I know you will not like them. Swim and sport photo’s or minors, beach photo’s, private intimate family photo’s, ‘sexy looking’ selfies of kids. Photo’s on which the skin is visible from thin and tight swim clothing. This is disgusting! It made me feel really bad that photo’s of these kids where collected by dirty pedophiles on the internet to pleasure their own pedophilic sexual desire. And Google facilitates all this with a neat interface. READ more to find out how these perverts find and steal the photos and how this guy researches it. They even go to PINTEREST.

  34. This is very interesting, thanks.

  35. Bebe says:

    Thank you for doing this!!!

  36. Top story: Massive child porn site is hiding in plain sight, and the owners beh… https://sijmen.ruwhof.net/weblog/ [..] see more http://tweetedtimes.com/jensendougi69?s=tnp

  37. Massive #ChildPorn site is hiding in plain sight, and the owners behind it https://sijmen.ruwhof.net/weblog/ [..] by @sruwhof
    Awesome analysis
    #OSINT

  38. Saw this posted but now it’s been deleted. This post is too important to allow it to be removed. It’s VERY well researched and referenced. DO NOT DO THE SEARCHES it describes. “Massive Child Porn site and it’s owners being hidden in plain sight” https://www.reddit.com/r/conspiracy/comments/7nh0wf/saw_this_posted_but_now_its_been_deleted_this/

  39. IT researcher discovers massive Russian child porn site “hiding in plain sight” and deanonymizes owners; Europol authorities refuse to act https://sijmen.ruwhof.net/weblog/ [..]

  40. Great research on such a nasty topic that needs more attention to get it shut down.

    Massive child porn site is hiding in plain sight, and who are the owners behind it:

    https://sijmen.ruwhof.net/weblog/ [..]

  41. Bueno el RT que di hace rato se centraba en la parte de que usan Coin-hive para minar Monero, pero los urjo a que lean la nota, un sitio gigantesco de Pornografía infantil oculto a plena vista…

  42. Are we shocked to learn #Coinhive was used to monetize the site? https://sijmen.ruwhof.net/weblog/ [..]

  43. Goed onderzoek van @sruwhof naar notoire Russische kinderporno website : https://sijmen.ruwhof.net/weblog/ [..]

  44. Hey man, I know the reaction was disheartening. Child pornography should not be subject to politics. That should be something the world comes together against. Keep up the good work, because justice will find its way.

  45. Complimenten Sijmen voor je speurwerk!

  46. Als je deze video bekijkt en de namen van de mensen die dit doen, invoert in Google Search krijg je echt heel enge previews van teksten. Walgelijk. Hopelijk doet Interpol daar iets mee. Die mensen gebruiken wel schuilnamen maar dat is makkelijk te achterhalen en helaas, ze zitten ook in Nederland.

  47. Very well written and researched article interesting both for sw #testing and #InfoSec people https://sijmen.ruwhof.net/weblog/ [..]

  48. @Brett_Shavers pretty good case study here, author lays out methodology pretty well. Thanks to @sruwhof for taking on this troubling site.

  49. Legitimate websites using #Coinhive are extremely rare. However as you mentioned, #cryptojacking is a great way to monetize illicit content.

    Such as this site: https://sijmen.ruwhof.net/weblog/ [..]

  50. Pingback: Comment un hacker a levé le voile sur l’un des plus gros sites pédopornographiques au monde - Linkeol, L'actualité des entreprises en France

  51. Great investigation against a cp-oriented image hoster. Hopefully Internet does not forget anything, and beginners mistakes can be used year after. https://sijmen.ruwhof.net/weblog/ [..]

  52. cedrik says:

    Congrats, you’re a hero man!
    it’s a real pleasure to see that people like you exist.

  53. Sijmen Ruwhof, #hacker néerlandais, a levé le voile sur l’un des plus gros sites pédopornographiques du monde #infosec #data @lesinrocks http://mobile.lesinrocks.com/2018/01/10/actualite/comment-un-hacker-leve-le-voile-sur-lun-des-plus-gros-sites-pedopornographiques-au-monde-111030770/

  54. În urmă cu câteva săptămâni, Sijmen Ruwhof, un mic geniu în ale tehnologiei, publica pe blogul personal un… https://fb.me/6yxBtfaSk

  55. Comment un hacker a levé le voile sur l’un des plus gros sites pédopornographiques au monde.
    Sijmen Ruwhof, un spécialiste néerlandais de cybersécurité, a mené l’enquête sur un site web russe http://mobile.lesinrocks.com/2018/01/10/actualite/comment-un-hacker-leve-le-voile-sur-lun-des-plus-gros-sites-pedopornographiques-au-monde-111030770/

  56. Pingback: Photos d'enfants sur les réseaux sociaux | Cmic Blog

  57. Pingback: Cine se afla in spatele protestelor #REZIST & Chilotareala

Comments are closed.