Adult creators trying to scrub pirated material from Google are also tripping over a mess many public institutions have failed to clean up: hacked government and university websites stuffed with spam pages.
Cybersecurity company UpGuard says it found more than 2,000 government and education domains in 80 countries that have received copyright takedown requests tied to adult content creators over the past 15 years. The finding suggests those sites may have been compromised and used to lure search users with promises of leaked OnlyFans material.
Greg Pollock, UpGuard’s director of research, said the pattern has accelerated sharply since 2020. His analysis found 384,286 takedown requests covering 631,193 URLs on government and education sites since 2011. Google appears to have removed about 130,000 of those URLs, while taking no action on roughly 460,000, according to UpGuard.
The mechanics are grubby but familiar. Scammers abuse vulnerable publishing systems on official domains, then upload pages or PDFs packed with search-friendly phrases: creator names, “leaked OnlyFans,” free downloads, porn, games, phones, whatever gets clicks. Because .gov and .edu domains often carry search authority, those pages can surface high in Google results. Visitors who click usually do not get the promised videos or images. UpGuard and WIRED observed redirects to dubious dating pages and other suspicious sites, which may generate money through advertising schemes.
Pollock said adult creators are not deliberately cleaning up government infrastructure. Their representatives are filing notices to defend copyrighted work, and Google delisting can be effective because these hijacked pages may have little audience outside search.
The dataset was built from Google’s copyright transparency reports and Harvard University’s Lumen Database, which archives takedown notices. Pollock said he identified adult creator-related requests by looking at notices to known porn “leak” sites and companies that monitor piracy for creators, then cross-referenced those notices against .gov and .edu domains. The adult-content-linked notices are a tiny subset of the more than 17.9 billion copyright removal requests sent to Google since 2011.
Google said its anti-spam systems are “highly effective” at keeping hacked pages out of top search results. A company spokesperson also said Google uses multiple systems to detect and warn users about malicious pages, including Chrome warnings for potentially dangerous content. The spokesperson said DMCA removals generally apply to specific pages rather than whole domains.
Laura Lux, an adult creator who has posted online for nearly two decades and now primarily uses OnlyFans, told WIRED that piracy has been constant throughout her career. Lux said creators lose money when paid material is easy to find through search, and that using a DMCA service has become necessary because stolen content spreads widely.
Lux uses Rulta, an Estonia-based takedown company. UpGuard’s analysis says Rulta drove about 90 percent of the adult creator-linked requests to government and education domains in the past couple of years. Rulta did not immediately respond to WIRED’s request for comment. Across the full analysis, UpGuard found 11,000 adult-content-linked copyright owners represented by 554 organizations.
Dan Purcell, founder and CEO of creator protection firm Ceartas, said compromised official domains using creator names can form an effective funnel for scammers, since people hunting for pirated adult content may click with less caution. Purcell said his company has seen government and university sites used this way, but he argued that DMCA claims are the wrong instrument when a hacked page uses a creator’s name as bait without hosting copyrighted content. In those cases, he said Ceartas alerts site security or administrators directly.
Jennifer Urban, a clinical professor of law at UC Berkeley, said the DMCA has long attracted complaints involving search ranking, privacy, and other problems beyond copyright. She said notices that reach outside copyright are legally questionable under the DMCA, even when the complainants are sympathetic.
Alexander Small, a cofounder of Fanlock, another removal company, told WIRED that his firm files only when it has a good-faith belief a page contains a client’s copyrighted work. If a page only uses a name to bait users, Small said, Fanlock does not treat that as a copyright issue.
Pollock said defenders of government and education sites could use adult-content keywords as a compromise signal. Small teams may not know their publishing systems have been poisoned until Google, a takedown vendor, or an embarrassed search result tells them. Glamorous security theater this is not, but it is telemetry.
This story draws on original reporting from WIRED.