Subdomain indexed in google, but subdomain never existed

I’ve put this into the security section however it may not be the correct category.

This morning we were alerted by a client that there were pages indexed in google for our domain that do not and should not exist.

Our domain name is paleozone.com. There are currently pages indexed in google for “cloud.paleozone.com” which has never existed.

See:
https://www.google.com/search?q=site%3Acloud.paleozone.com&ei=FZOPYsuPEveRuvQP87mxuAQ&ved=0ahUKEwiL7r6wtP33AhX3iI4IHfNcDEcQ4dUDCA4&uact=5&oq=site%3Acloud.paleozone.com&gs_lcp=Cgdnd3Mtd2l6EANKBAhBGAFKBAhGGABQzAVYohJg6xNoAXAAeACAAVuIAfMDkgEBNpgBAKABAcABAQ&sclient=gws-wiz

They are all Russian Patents.

Does anyone have any idea how this could have occurred?

Cloudflare has been hosting our DNS for years. There has not been a time where the DNS was outside of Cloudflare, and not at the cached time of these pages.

I’m curious about your thoughts?

Thanks in advance,
John

As far as I can tell you seem to have been on Cloudflare since January 2020. Your statement that this hostname has not existed on Cloudflare also seems to check out, however, the hostname itself did exist at one point, seemingly in the first half of 2019.

It’s difficult to tell where Google got that hostname from, however there are two things that stand out

  1. It would seem that content was never hosted on your site, but all the indexed content was loaded from third party sites. Presumably via a redirect.
  2. The content scraped by Google does not appear from 2019, but from this year.

Based on that, I would assume Google may have cached and crawled that hostname for some reason. Now, whether it got the redirect from cloud's original IP address 45.x.x.x or your server is hard to tell (depends on whether Google had cached the address as well), but if it was the latter, I’d check if your server

  1. Was compromised at any point
  2. Returns content when it receives a request for cloud.paleozone.com

I’d also check the server logs, whether there are any cloud.paleozone.com related log messages.

Of course, I cannot rule out that Cloudflare did resolve at any time in the past months cloud.paleozone.com, but it is rather unlikely as the proxies do not tend to “invent” hostnames out of the blue.

Maybe also check your Cloudflare audit log for any changes to your DNS configuration.

1 Like

Thank you for the detailed reply.

Unfortunately, the audit log only goes back 30 days and the cache dates predate them. I’ll keep an eye on things. Again, appreciate the detailed reply.

Some of those sites were seemingly crawled in May. So if you have nothing in the audit log, it’s unlikely that this ever resolved via Cloudflare.

I’d still check the server as well and if there are any log messages for that hostname, respectively what the server returns for requests for that hostname.

The only activity in the last 30 days is my login this morning.

In that case we can most likely rule out that Cloudflare resolved that hostname.

It will be most likely mentioned Google issue in that case, though it certainly is interesting why Google would seemingly cache such a hostname.

Anyhow, still check your server as well.

That’s strange, my audit logs go back much further than that. Free plan.

The audit log does go back, but if the OP hasn’t logged in for a while, there obviously won’t be data.

Anyhow, the point was to check if there were any DNS changes and there seemingly weren’t, so that host won’t have resolved on Cloudflare.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.