Sub-domain takeover attack. The sub-domain was CNAME'ed to a S3 bucket and the S3 bucket had likely been deleted. The porn purveyor, re-created a new S3 bucket with pr0n.
Yes. These are pretty much standard fodder for bugs reported on somewhere like hackerone. I guess someone who knew what he was doing just decided to take advantage of it lol