This category includes spam, hatespeech, or depictions of sexual exploitation. Only spam falls within CERT.at's competency. In case you want to report websites containing child sexual exploitation or endorsement of National Socialist ideology, please contact https://www.stopline.at/en/home.
Shadowserver's Spam-URL feed contains IP addresses of relay servers and URLs which have been found in spam emails.
Spam messages often contain multiple legitimate URLs to look more credible and increase the likelyhood that users click on the malicious URLs as well. However, if one of your URLs is listed in the feed you should check it on your webserver to elimiate the possibility that criminals gained access to it and placed malicious files there.
Additionally, shadowserver collects the IP addresses of the last hop before the mail is delivered because this cannot be spoofed. In case on of your IPs is listed as such, your server was sending, routing or forwarding the spam message.
- Criminals may have access to your web server and/or mail server.
- Check your web server and/or mail server for unauthorized access and traces of an intrusion. If you find that a server has likely been compromised CERT.at recommends to reinstall the operating system and restore the data from a known good backup. If there are no (good) backups available it is also possible to try cleaning the machine using anti-malware software. If you are unsure how to do this don't hesitate to seek professional help.