Google Finance is still ingesting fabricated earnings stories from a restricted Ethiopian government domain, and the pages are getting newer. A direct visit today to the IDACORP ticker page found a dars.gov.et item timestamped three days old, sitting beside a legitimate TradingView headline in the platform's News stories module. The stock had not appeared in any prior documentation of the pattern.
The finding shifts the shape of a story that PPC Land first documented on Monday, July 13, 2026. That report confirmed fabricated earnings headlines attributed to dars.gov.et on the Criteo and Zeta Global ticker pages, and established that clicking through led not to any article but to a WhatsApp group chat invite for a purported stock trading club. What it could not establish was whether the pattern was static or growing.
It is growing. The IDACORP page carries a dars.gov.et entry dated three days ago, which places its creation on or around Sunday, July 12, 2026 - one day before that report published. A same-day search of the domain surfaces four further tickers that appeared in none of the earlier documentation: UPS, NCR Voyix, F5, and Wendy's. The freshest of those pages is three days old. The oldest is two weeks.
What the IDACORP page shows
The Google Finance page for IDACORP, trading as IDA on the New York Stock Exchange, displays two items under News stories, a module the platform labels as drawing "From sources across the web." The first is attributed to TradingView and timestamped fifteen hours old. The second is attributed to https://www.dars.gov.et/ and timestamped three days old. Its headline reads: "IDACORP Q1 2026 Earnings: EPS Beats Estimates by 7.9% as Utility Operations Perform Steadily - Net..." with the remainder truncated by the display.
The full title, recoverable from the underlying URL, completes as "Net Income Trends." The page sits at a path beginning /first-dry/, followed by the headline rendered as a hyphenated slug and terminating in the numeric string 43-19617.
That path segment is the first technical detail worth pausing on. It carries no relationship to the content it hosts, to the domain's stated function, or to any conventional content management taxonomy. A parallel structure appears across the other confirmed pages: the UPS item sits under the same /first-dry/ directory, while the F5 entries sit under /expert-time/. Both segments read as arbitrary tokens rather than editorial categories.
The domain is the real agency, not a lookalike
The July 13 report described dars.gov.et as "hijacked-looking." Today's search results narrow that considerably.
Every one of the fabricated earnings pages returns the same page title in search results: "Official Document Authentication and Authorization Website." That is the title of the genuine Documents Authentication and Registration Service site - the Ethiopian federal notarization agency to which the domain is registered. The injected pages are inheriting the real installation's metadata, which means they are being served from inside the real installation rather than from a separate host masquerading as it.
A second result makes the mechanism more specific. A search for the Wendy's variant returns not the article page but a redirect: http://dars.gov.et/Login.aspx?ReturnUrl=%2Fexpert-time%2FWEN-Q1-2026-Earnings-EPS-Beats-Estimates-by-241-Shares-Rise-35-8502. The response is an ASP.NET authentication gate, carrying standard boilerplate about first-time password changes and administrator resets.
The ReturnUrl parameter is the detail that matters. It preserves the full path of the requested spam page and hands it back to the login form as a post-authentication destination. That is not the behaviour of a static page dropped onto a server. It is the behaviour of a live application routing an unauthenticated request through its own access control, which places the injected content inside the application's own URL space rather than beside it.
The domain sits under .gov.et, a country-code extension restricted to Ethiopian governmental use. Nothing in the agency's mandate - document authentication and registration, conducted at branch offices in Addis Ababa and Dire Dawa, with a website written in Amharic - touches equities, financial data, or publishing.
Nineteen days after the update completed
The timing is what makes this a governance question rather than a curiosity.
Google's June 2026 spam update was logged on the Google Search Status Dashboard at 09:03 PDT on June 24, 2026, described as applying "globally and to all languages." It was declared complete on Friday, June 26 at approximately 2pm ET, a rollout of roughly 48 hours, as documented in PPC Land's account of that week.
The IDACORP page was created roughly sixteen days after that rollout closed. It was indexed and surfaced in a Google product within three days of creation. As of today, nineteen days after the update completed, it remains live.
That sequence disposes of the most generous available explanation. A fabricated page surfacing during an active rollout window could be attributed to transitional instability. A fabricated page created after the rollout closed, indexed within days, and still live nineteen days later describes a detection system that is not catching the pattern at all.
The earlier March 2026 spam update had completed in approximately 19.5 hours, the fastest on record. Both updates run through SpamBrain, the AI-driven detection layer Google first deployed publicly in December 2022 for large-scale link manipulation.
The policy categories were written for this
Google introduced expired domain abuse and site reputation abuse as named spam policy categories in its March 2024 announcement, with site reputation abuse taking effect from May 5, 2024. Both were drafted to address domains hosting content inconsistent with their established purpose in order to exploit accumulated ranking signals.
A restricted government notarization domain publishing US utility earnings analysis is close to the category's definitional centre. Whether either policy applies here is a question Google has not addressed publicly. Neither has Ethio Telecom, the state-owned operator administering the .et registry. The agency's own site carries no notice of a security incident.
There is a documented lag between policy authorship and enforcement capability. Site reputation abuse received no algorithmic enforcement when introduced; manual enforcement began in May 2024, with algorithmic detection developing across the following two years. Google did not formally clarify that its spam policies covered AI-generated surfaces in Search until May 15, 2026, roughly two years after AI Overviews launched at scale.
What is confirmed and what is not
The distinction matters in both directions, and it is worth stating plainly.
Confirmed by direct visit today: Google Finance surfaces dars.gov.et as a news source on the IDACORP and Criteo ticker pages. The Criteo item was documented on July 13 and remains present. The IDACORP item is new to the record and carries a timestamp postdating that report.
Confirmed on the domain but not on Google Finance: fabricated earnings pages exist for UPS, NCR Voyix, F5, and Wendy's. These were located through search of dars.gov.et directly. Whether Google Finance currently surfaces them on the corresponding ticker pages has not been verified by direct visit.
The July 13 report flagged fourteen further tickers at snippet level, including DoorDash, Procter & Gamble, Enterprise Products Partners, Sidus Space, Wise Group, Upstart Holdings, United Airlines, and Paramount Skydance. Those remain unverified by direct visit. The confirmed footprint is therefore smaller than search results imply, and the actual footprint is plausibly larger than direct visits have established.
Why this reaches the marketing community
Google Finance is not a third-party aggregator. It is a product Google operates directly, built on Google's own index, exited from beta on June 25, 2026 after a ten-month test, and available globally. It reached more than 100 countries on April 8, 2026 and Europe on May 11, 2026. The News stories module carrying the fabricated items sits inside a platform whose research panel synthesises information from across the web on demand.
The audience for that product is people making decisions about money. The redirect destination described in the July 13 reporting - a WhatsApp group invite for a purported trading club - matches a recruitment structure federal agencies have documented targeting US stock investors at scale.
For Criteo specifically, the fabricated headline sits beside legitimate reporting on the Vista Equity and Quinti Capital takeover approach submitted during the week of June 29, 2026. Anyone researching the company through Google Finance during an active acquisition situation encounters both.
The wider stake is the reliability of the index that AI-mediated search surfaces depend on. Google has spent 2026 running an unusually active enforcement cycle - four broad ranking incidents in approximately thirteen weeks between February and June. Enforcement of that intensity coexisting with a fabricated financial page that survives nineteen days past a completed spam update, on a Google-operated product, describes a gap between the enforcement apparatus and the surfaces it is meant to protect.
Timeline
- March 5, 2024 - Google announces site reputation abuse and expired domain abuse spam policies, effective May 5, 2024
- May 5, 2024 - Site reputation abuse policy takes effect; manual enforcement begins
- December 2022 - SpamBrain deployed publicly for large-scale link manipulation detection
- March 24, 2026, 12:18 PDT - March 2026 spam update released globally; completes in approximately 19.5 hours
- May 15, 2026 - Google formally clarifies that spam policies apply to generative AI responses in Search
- June 24, 2026, 09:03 PDT - June 2026 spam update released globally
- June 26, 2026, approximately 2pm ET - June 2026 spam update declared complete after roughly 48 hours
- June 25, 2026 - Google Finance exits beta globally
- Week of June 29, 2026 - Vista Equity and Quinti Capital submit takeover approach for Criteo
- Approximately July 1, 2026 - F5 dars.gov.et page dated two weeks before observation
- Approximately July 8, 2026 - NCR Voyix dars.gov.et page dated one week before observation
- Approximately July 10, 2026 - UPS dars.gov.et page dated five days before observation
- Approximately July 12, 2026 - IDACORP dars.gov.et page dated three days before observation
- July 13, 2026 - PPC Land documents fabricated dars.gov.et earnings stories on Criteo and Zeta Global ticker pages
- July 15, 2026 - Direct visit confirms dars.gov.et item live on IDACORP ticker page; Criteo item still present
Related PPC Land coverage
- Fake earnings stories persist on Google Finance despite two 2026 spam updates - The original documentation of the dars.gov.et pattern on the Criteo and Zeta Global ticker pages, including the WhatsApp redirect.
- Google's June 2026 spam update is live - what it hits and why it matters - Records the June 24 launch time and global scope of the enforcement cycle the fabricated pages survived.
- Meta, Amazon, LiveRamp: brand control cracks open at Cannes Lions 2026 - Documents the June 26 completion of the June 2026 spam update after a roughly 48-hour rollout.
- Google announces major Search Update and New Spam policies - The March 2024 introduction of expired domain abuse and site reputation abuse, the categories structurally closest to this fact pattern.
- Google spam policies now officially cover AI Overviews and AI Mode in Search - Covers the May 15, 2026 clarification extending existing spam rules to generative AI surfaces.
- Google's March 2026 spam update is live - what changed and why it matters - Details the first spam enforcement action of 2026 and its record 19.5-hour rollout.
- Google Finance exits beta with portfolios, AI tasks, and an Android app - Documents the June 25, 2026 general availability launch of the product carrying the fabricated headlines.
- Google Finance AI tools reach 100+ countries with local language support - Covers the April 8, 2026 international rollout that established the platform's current reach.
- Google Finance AI lands in Europe with Deep Search now global - Records the May 11, 2026 European launch and the global availability of Deep Search.
- Private equity circles Criteo as Google's search grip slips - Covers the takeover approach for Criteo, one of two tickers confirmed to carry a fabricated dars.gov.et headline.
Summary
Who: Google, whose Finance product surfaces the fabricated content; dars.gov.et, the restricted Ethiopian government domain named as source; and the Documents Authentication and Registration Service, the federal notarization agency to which that domain is registered. Ethio Telecom administers the .et registry. Neither Google nor Ethio Telecom has addressed the case publicly.
What: A direct visit confirms Google Finance is surfacing a fabricated IDACORP earnings story attributed to dars.gov.et, timestamped three days old and therefore created after PPC Land's July 13 report on the same pattern. Four further tickers - UPS, NCR Voyix, F5, and Wendy's - carry equivalent pages on the domain, confirmed by search but not by direct visit to Google Finance. Search results show every fabricated page inheriting the real agency's site title, and a login redirect exposes a live ASP.NET application, indicating injected content inside the genuine installation rather than a lookalike domain.
When: The IDACORP page was observed today, July 15, 2026, carrying a July 12 timestamp. Google's June 2026 spam update completed on June 26 at approximately 2pm ET, nineteen days before observation and sixteen days before the IDACORP page was created.
Where: Google Finance ticker pages, specifically IDA on the New York Stock Exchange and CRTO on Nasdaq. The source pages sit on dars.gov.et under path segments reading /first-dry/ and /expert-time/.
Why: The pattern persists despite two 2026 spam updates and despite policy categories written in March 2024 for domains hosting content inconsistent with their established purpose. The fabricated pages postdate the most recent enforcement cycle, which indicates a detection gap rather than transitional rollout instability. Google Finance is a product Google operates directly on its own index, exited beta on June 25, 2026, and aimed at people researching financial decisions - which is what separates this from a generic search quality issue.
Discussion