top | item 43289275

(no title)

But there's no evidence in the OP's post that they have, in fact, discovered the domain. The only thing posted is that there is a GET request to a listening web server.

The OP and all the people talking about certificates are making the same assumption. Namely that the scanning company discovered the DNS name for the server and tried to connect. When, if fact, they simply iterate through IP address blocks and make get requests to any listening web servers they find.

discuss

unknown|1 year ago

[deleted]

denysvitali|1 year ago

I really doubt CloudFlare gives them an IPv4 and they can see all the logs for said IPv4

p0w3n3d|1 year ago

OP states that the domain was discovered

crazygringo|1 year ago

No they didn't. They said "How did the internet find my subdomain?" They're assuming the internet found their subdomain. They don't provide any evidence that happened, just that they found their IP address.