
Thousandeyes Breach Spamming Google Search with Fake PDFs - fewiron9
https://www.google.com/search?q=site%3Athousandeyes.com+filetype%3Apdf+cloud
======
fewiron9
It seems like Thousandeyes must have figured out the breach and what happened.
The links on google do not work, because the domain does not exist. However,
the old IP for one of them was 23.92.28.179 and that still works, and says is
a PDF mirroring site.

Here is what ipaddress.com has as what those domains pointed to: [http://vps-
atl6.agents.thousandeyes.com.ipaddress.com/](http://vps-
atl6.agents.thousandeyes.com.ipaddress.com/)
[http://vps4-atl1.ag0.thousandeyes.com.ipaddress.com/](http://vps4-atl1.ag0.thousandeyes.com.ipaddress.com/)

------
hank808
[https://www.google.com/search?q=site%3Athousandeyes.com+file...](https://www.google.com/search?q=site%3Athousandeyes.com+filetype%3Apdf+cloud)
is just a list of all of the PDFs, published from a *.thousandeyes.com
address, that has been indexed by google. I don't see why this is interesting
at all.

~~~
ccnafr
He believes the company is doing it on purpose to rank better for "cloud"
-related SERPs

~~~
fewiron9
If you click on any of those links they are all fake. If you click on
"cached", you see the text googlebot saw - totally different and most likely
valid PDF. Someone is doing cloaking.

I also do not think the company is doing it on purpose, a lot of these PDFs
are titles for ebooks that would be copyright violation.

[https://searchengineland.com/guide/seo/violations-search-
eng...](https://searchengineland.com/guide/seo/violations-search-engine-spam-
penalties)

------
fewiron9
Came across this while trying to find a direct link to the PDF of their cloud
research, trying to bypass download forms. To my surprise there was a ton of
PDFs linking to shady site.

~~~
techbio
Links seem to be dead now.

~~~
fewiron9
They must be monitoring Hackernews... they took the domain down.

