OnlyFans Creators Are Accidentally Fixing Government Website Security
Adult content creators filing copyright takedowns are, as a side effect, helping university and government IT teams find hacked pages on their own websites.

Key points
- Security researchers at Upguard identified a pattern in which hackers post stolen OnlyFans content on hacked government and university websites to run scams and spread malware.
- Google refers to the criminals behind this tactic as "SEO parasites" because they exploit the trusted reputations of official websites to rank higher in search results.
- OnlyFans creators, as copyright holders of their own content, can file DMCA takedown notices, which are formal legal requests that force stolen content to be removed from search results.
- Upguard tracked the takedowns through Google's DMCA Transparency Report and the Lumen Database, a research archive of takedown notices.
- When a site operator receives one of these notices, it doubles as a tip-off: something unauthorised was posted on their server, and they should go looking for how it got there.
Government websites and university domains have a reputation problem, and it starts with a very specific kind of hack.
Criminals break into the web servers, the computers that host a website's pages, belonging to councils, federal agencies, and colleges. Once inside, they quietly plant pages stuffed with stolen adult content. That content acts as bait. Google's search algorithm trusts official-looking domains, so these hidden pages rank well. Visitors who click are funnelled through a chain of redirects and eventually land on scam pages or sites that try to install malware, which is malicious software designed to damage a device or steal information.
Google has a name for the people running this scheme: SEO parasites. SEO stands for Search Engine Optimisation, the practice of making web pages appear near the top of search results. These criminals piggyback on the credibility of legitimate institutions to do it cheaply and at scale.
How are ordinary people caught in the middle?
Anyone searching for something routine can accidentally land on one of these planted pages. The scam sites at the end of the redirect chain may try to steal payment details, install ransomware (software that locks your files until you pay a ransom), or simply run ad-fraud schemes that cost businesses money. If you end up on an unexpected page after clicking what looked like a government link, close the tab immediately and do not enter any personal information.
Now, researchers at Upguard have spotted an unlikely clean-up crew.
OnlyFans creators own the copyright to their content. That gives them the legal right to file a DMCA notice, which is a formal complaint under the Digital Millennium Copyright Act, a US law that requires platforms and search engines to remove infringing material on request. Creators filing these notices to protect their own work are, without meaning to, scrubbing hacked government pages from Google's search results.
The side benefit is significant. When a university IT department or government webmaster receives a takedown notice about content posted to their domain, it tells them exactly where to look for the vulnerability that let the criminals in.
Upguard tracked hundreds of these notices through Google's public DMCA Transparency Report and the Lumen Database, a research archive. The pattern was clear: official domains, adult content, and copyright complaints all pointing at the same compromised servers.
It is not a solution. It is a symptom of how badly unmonitored web infrastructure gets abused. But for overworked IT teams at public institutions, an unexpected copyright notice may be the clearest signal they get that something has gone badly wrong.



