LAST UPDATED: 2022-06-26
This report is a list of all the websites we (or our collaborative partners) have been able to identify and verify to be compromised.
These websites might be used for sending spam, participating in DDoS attacks, redirecting users to exploit kits, etc. This information will be listed in the “category” field of the report.
A large subset of these compromises are caused by outdated versions of CMS, such as Joomla/Drupal/Wordpress (or plugins for these) and weak or keylogged FTP credentials.
As always, there is no guarantee that there are no additional infections or compromises on any IP that we report on. We have seen several different criminal groups abusing the same compromised system for different purposes; the same IP/domain that is hosting a spambot may also be used for infecting unsuspecting users. We recommend investigating systems with the assumption that there are more compromises on the systems than are reported.
You can learn more on the report in our Compromised Website Report tutorial.
You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.