undefined | Better HN

0 pointsmelevittfl1y ago0 comments

But there's no evidence in the OP's post that they have, in fact, discovered the domain. The only thing posted is that there is a GET request to a listening web server.

The OP and all the people talking about certificates are making the same assumption. Namely that the scanning company discovered the DNS name for the server and tried to connect. When, if fact, they simply iterate through IP address blocks and make get requests to any listening web servers they find.

0 comments

denysvitali1y ago

I really doubt CloudFlare gives them an IPv4 and they can see all the logs for said IPv4

p0w3n3d1y ago

OP states that the domain was discovered

crazygringo1y ago

No they didn't. They said "How did the internet find my subdomain?" They're assuming the internet found their subdomain. They don't provide any evidence that happened, just that they found their IP address.

j / k navigate · click thread line to collapse