@bcl What's the exploitation opportunity here?
@K_REY_C I'm not entirely sure. But what happened was they noticed a subdomain I had setup was pointing to it and they registered a let's encrypt cert for it, and registered it with google search properties. It look to me like they're simply salting google results for anyfreepdf.com
I can't figure out how they made the association between the IP and the domain though.
@K_REY_C They were really quick to jump on it, I shut the droplet down on 3/25 and the cert was created the same day.
@bcl Super interesting. Thanks for the explanation. It seems like a very strange attack vector.
A Mastodon instance for info/cyber security-minded people.