The websites of your local government agencies can be great repositories for helpful resources. They can also host a lot of porn. According to a report from 404 Media, several government and university websites across the country are hosting PDFs that link to scammy, spammy websites that promote porn sites and apps. Other sites host website redirection attacks that send any unfortunate soul who clicks them to sex toy retailers and malware downloads.

The plague of spam, porn, and malicious material has been spotted on the sites of towns like Irvington, New Jersey, on the site of the New York State Museum, and even on federal government sites like Reginfo.gov, a regulatory affairs compliance website run by the General Services Administration. Per 404 Media, the proliferation of the porn-packed PDFs was spotted by a researcher named Brian Kelly, who has set out to inform both affected agencies and local media to draw attention to the problem.

How exactly the PDFs and malicious links got there depends on who you ask. In Washington—where AI porn content was found on the state’s Department of Fish and Wildlife, Department of Veterans Affairs, and Fire Commissioners Association—officials believe that tools that allowed user uploads, like the VA’s group calendar, were used to inject malicious material onto the site. The agency’s communications representative told The Tacoma News Tribune that it identified 10 IP addresses used to upload this inappropriate content and blocked them. The California Secretary of State suggested something similar to 404 Media, stating that a portal for uploading documents on its website was attacked.

In Indiana, where a PDF with instructions on how to create deepfakes appeared on the Department of Health’s website, the state claimed the upload was the result of a “significant surge in bot activity targeting three of the agency’s public-facing applications.”

The Nevada Department of Transportation pointed 404 Media to another potential source of the problem: a third-party software provider called Granicus, which sells a variety of tools to government agencies and civilian organizations. The company claims to support more than 5,500 government organizations, though 404 noted that not all of the affected websites use Granicus.

Taking down the PDFs has proven relatively easy for agencies once they are made aware that the problem is there, but the malicious links continue to be a problem, sending people unfortunate enough to accidentally click in the wrong spot to, in one case, “realistic” animal vagina pocket masturbators. It’d be great if local governments were proactive about promoting sexual health, but this probably isn’t the best way to go about it.