Child pornography hosted by Yahoo

On an average day I come across 4 new child pornography sites that are hosted at Yahoo. Shocking? It was to me when it started, but it’s been going on for a long time. Finally, at the end of June 2006 I started keeping track of them in detail. Between July 1 and December 31, 2006 I counted 744 such sites hosted at Yahoo and the flood is continuing to this day. To give you a taste, here is one I received on 2006-01-14:

Feel new emotions, taste new experience,
a very HARD and HOT YEAAAAHH!!!

5-10y.o. kids starring as porn models.

Innocent, virgin, naive and so sexy.
Pervert porn.
True effect.


Download your free CP pics and movie samples.
Limited offer.

As you may know, a few years ago I started publishing names of domains (websites) that were advertised via spam. For more than two years I have been one of the principal data suppliers for It’s a Spam URL Blocklist that enables people to block spam based on the websites advertised. This type of spam blocking works even when spam advertising a spammer’s site is sent from a thousand different computers using a thousand different fake sender addresses.

About a decade ago, when the World Wide Web was just taking off there were a lot of headlines about child pornographers lurking in Cyberspace, but very little such material could actually be found. Nowadays most people have the perception that child pornography is tackled seriously by law enforcement, but in actual fact the criminals who sell pictures of child rape go about it more blatantly than ever. It is sickening.

Now how could a major reputable company such as Yahoo host repulsive, clearly-illegal material? They provide a legitimate service to register and host websites, like many other companies do. They are neither the cheapest nor the best webhoster, but a lot of people use them for personal websites.

All it takes is access to the Internet and a credit card.

The criminals use Yahoo for hosting illegal sites ranging from fake bank sites (phishing) to child pornography sites. They are not easy to track down since they use other people’s credit card data to register domains and sign up for site hosting. Then they upload websites and send out spam to advertise these sites. From amongst the millions of spam recipients, several thousand people will respond and sign up for more of this stuff, presumably hosted on others servers that are not closed down so quickly. They pay by credit card, handing their card data to the criminals. Repeat ad nauseam.

Once the illegal sites are reported to Yahoo, they will eventually shut them down, but by then the criminals have already had time to find new paying customers. The earlier the sites are detected and suspended, the less money the criminals make.

The credit card data abused for site hosting does not necessarily originate from child pornography customers. Phishing scams and fake internet stores are other data sources. There is reason to believe in connections between phishing gangs and child pornography gangs, as there are many common elements. Both extensively use Yahoo domains. Along with pill spammers and “warez” (software piracy) spammers they obtain credit card data in bulk and use armies of spambots to send out spam emails. These are remote controlled PCs infected with “Trojan horse” software that turn them into zombies that receive instructions from one of several hidden master servers on the Internet.

Yahoo is by no means the only company that ends up hosting illegal content. However, it is the biggest single webhosting company that we’ve come across that is hosting child pornography. No other company even comes close. There has got to be a reason for that.

The situation with phishing scams using newly registered domains is similar. Phishing sites tend to be hosted either on cracked websites, hijacked computers, computers in China or by Yahoo. There has to be a reason for why criminal spammers prefer Yahoo, even though it’s by no means the largest webhosting company.

Typically when a provider is massively abused for hosting illegal content, as for example MSN was for hosting Nigerian scam sites (419 scams), it means that either its credit card fraud detection mechanisms are inadequate or it’s technical support is not geared up to effectively handle fraud reports about hosted sites submitted by the public. Usually it’s a combination of both.

The spam gangs that host sites at Yahoo know that their sites will be shut down eventually. That’s why they launch four new sites per day and keep the mail pipeline stuffed with new spam. Every extra day that it takes a webhoster to respond is a day during which they get new credit card orders, at $99.95 a client. Some of that money finds its way to the rapists who provide the pictures.

For the last 6 months I have been reporting all Yahoo child pornography sites to the company. Trying to get a more direct connection, I contacted a friend in the USA with law enforcement contacts. My friend went as far as talking to the FBI, only to be told that the FBI wasn’t interested in this type of site. They were only after the main sites that the Yahoo sites act as a shop window for. The number of new sites is still the same as it was six months ago. Yahoo appears to have done nothing to discourage this abuse of their services.

I would be glad to hear from Yahoo directly to work out a modality to get those spam sites shut down as quickly as possible. Even more I wish for Yahoo to get its act together and tighten up its checks on new domain setups, so as to detect attempts to signup for illegal purposes by watching out for recurring patterns in the signup attempts. If I as the owner of a small software company can detect all those pornography domains to report then, why not a billion dollar company like Yahoo?

14 thoughts on “Child pornography hosted by Yahoo

  1. I have been reporting these site also to Yahoo for the last three or four years now. I strongly believe the sole reason for the sites is for phishing credit card numbers and not for the the sole purpose of selling illegal images.

  2. Ah, and when you do report the site to Yahoo, Yahoo reports it to the NCMEC, who then reports it to law enforcement, who then arrests the innocent person who had his or her credit card stolen, who’s life is then destroyed. Trust me, I speak from personal experience. It is especially disheartening that the ISP doesn’t check to make sure the data provided for the transaction is accurate (as in our case the address on file with our card company was not that used) but reports it anyway. And, of course, we did have affidavits of fraudulent activity that we sent to our CC company that the police chose to ignore. Eventually, the charges were dropped, but that didn’t stop the destruction of our lives.

  3. Pingback: The Omega Connection »

  4. Seem like yahoo is a favorite website for scam ring gangs, i
    normally receive several emails from these scums daily in my mail , majority of them have yahoo .com or as sender address or as correspondence address. I send most of the full header mails to yahoo abuse department for them to do something about it. Several weeks into this , i am still wondering what really been done by yahoo since i am getting as many mails from these gangs as before, seem like this billion dollar company is not very aggressive or take these scums seriously at all.

  5. It is disturbing to keep seeing these sites even though we have reported them before. Its plain to see that nothing is being done about this problem as the sites all remain the same. I am really not sure which website hosts these sites, but I did read something about the US not being able to do anything about it if it falls outside of our “jurisdiction”. For example, a CP site being ran out of some other country cannot be interfered with. This information came from an organization that supposedly fights CP, but i reported several of these sites and this organization says that they will send an email telling you why or why not anything was done about the offending site. Obviously, nothing was done about it since I received no email offering an explanation. The organization warns not to go looking for such sites, but that doesnt solve the problem and it doesnt change the fact that these sites just keep popping up. I agree that law enforcement is not taking an active enough role.

  6. I just received my first known similar e-mail and I have already been going around in circles this morning. I called my local police station – they told me to call gmail since that’s my e-mail provider and Comcast since that’s my ISP. I called Google and they said since it’s from a Yahoo e-mail address to call Yahoo. Well finding a number to report stuff to yahoo is impossible, or close to. I did NOT go to the site at first because I don’t want to see that as a victim of abuse myself. I figured I’d report it and THEY’D take it from there. Well I went to the person’s profile that sent it to me and it has, of course, been deleted. I went to the site, finally, to see if it’s worth continuing on with, and it doesn’t exist (I received he e-mail Saturday on my mobile phone while out of town and only just got back to report it). I searched for the company advertised IN the web address and found tons of references to child porn. (The same one – CP.)

    Where do I go from here if the profile and the site no longer exist?

  7. Perhaps maybe the FBI is setting a trap and is running the sites themselves? I wouldn’t put it past the Government to do something like that, operate a child porn website to entrap perverts

  8. This brownallbe45 site comes up with a new… site after a while. Quite a few sites give you redirects to it like”” and other with “” I know not of it’s real or not… but it does use “” (on this site after ‘=’ is different) So, Stan in some sense is correct. — dot —

  9. Well, I came across this site by mistake, as I was looking for a tutorial on how to delete the viruses that often tag along with the notorious spam that promotes this and so many more topics. But I have one major question to ask.

    Since you are so knowledgeable of cp sites, and know of all the previous ones that have been up and down, why does it seem to me like you might be LOOKING FOR THEM!? Huh?

    Like you might be some sick perv who can’t justify his urges to sodomize an innocent little child, so you go in serch for sites that do all the dirty work for you and let you just sit back and wax your carrot for the imitated thrill of popping that preteen cherry, huh?

    I think you might be a closet pedaphile, and you only turn them in, because you’re too worried that if you didn’t, you might be found out due to all the content stored on your computer.

    See, even if you don’t download it, it still sticks to you. Its in the history files and cookies. and it builds up in the virtual drives and residual ram, so even if you wipe your drives and reinstall everything, it can still be found. Not all that hard to do really, even the mildest of computer repair shops know how to pick up erased data

    So, you just keep waxing the carrot to your cp, keep up the good job of reporting it afterward and hope no one links you to the death of a missing child that was molested, if you happened to be tagged for whatever reasons…

    If I’m wrong, I apologize for any accusations, but logically, if a man cheats on his wife, he usually is the first to accuse her of cheating, to point potential blame away from him, so “if the shoe fits” or so they say.

  10. I can’t speak for anyone else who commented on this thread, but I find these websites simply because I work to block spam: I contribute data to the SURBL spam blacklist and have listed over 85,000 domains created by spammers in the last three months alone. I run spamtraps and extract names of websites advertised by spam emails so that others don’t have to receive that garbage.

    I am glad that Yahoo finally cleaned up its act on child pornography sites and wish they would do the same on numerous phishing sites that still show up on their servers every day.

    To their credit they diligently shut down sites that I report to them but they should be able to tighten their procedures to catch potential criminal sites on their own, as they seem to have done in case of those child pornography domains, which I now haven’t seen show up in many months.

  11. We just publish to mobile books on android related to child porn call Child “NET” SAFETY! please visit

    This book is for parent to give them some idea how to prevent Children to effect from Porn on internet.There is a lot of information and helpful tips for you to make your home SAFE AND HAPPY. Please check those two apps and leave you comment. Both apps are free.

Leave a Reply

Your email address will not be published. Required fields are marked *