URL analysis
In 2024, as in previous years, image hosts were the website type we most frequently saw being abused by offenders distributing child sexual abuse imagery. These provide ‘storage’ for images which can be viewed on the site or shared externally, often on dedicated websites and within forums.
When our analysts see images being shared in this way – with images stored on an image host site but shared, for example, on a forum – they seek to take down the images on both sites. By taking this two-step action, the image is removed at its source and from all other websites into which it was embedded, even if those websites have not yet been found by our analysts.
Cyberlockers continue to be exploited by criminals sharing child sexual abuse imagery. These high-storage sites can be used to share one image or video at a time, or one or more folders that could potentially contain hundreds of images or videos under a single URL.
The chart above shows that most of the URLs we found to be showing criminal imagery were image host sites.
Our award-winning IWF Hash List, launched in 2016, can help image hosts tackle this abuse by preventing the upload, sharing and storage of known child sexual abuse images and videos.
In the remaining 4,981 (2%) URLs, the content was hosted on a paid-for service, or it was not possible to tell whether the hosting was free or paid for. The majority of these were banner sites, which are websites that are arranged with images displayed in rows and columns. There are usually links to other sites meaning when the user clicks on a banner image it opens the linked website containing criminal imagery.
The below table shows that Category A content is more often seen by our analysts on a paid hosting site than Category C content. The opposite is true of free hosting sites; Category C content is more often seen by our analysts than Category A content.
| Category A | Category B | Category C | Gateways, referrers, adverts, inchoate sites | Total | |
|---|---|---|---|---|---|
| Free hosting | 55,849 | 61,754 | 164,624 | 2,885 | 285,112 |
| Paid hosting | 2,847 | 348 | 876 | 910 | 4,981 |
In 2024, we also observed an increase in the number of legitimate commercial websites being hacked by bad actors and used to distribute child sexual abuse imagery.
In each of these cases, we can surmise that perpetrator(s) gained access to the content management system for a website, then added URLs – hidden pages – to that website containing child sexual abuse material that can be accessible through a direct URL or embedded somewhere on the site enabling members of the public to stumble upon them.
This increase is due to the same bad actors targeting multiple legitimate sites and displaying almost identical content on each of them. This allowed our analysts to find and action these sites proactively.
In 2024, we saw 59 legitimate sites abused in this way; a 23% increase on what we saw in 2023.