[no-dr-onboard]

Hi, former pentester here. If any one of your trusted clients is using a google/chromium based browser, the telemetry from that browser (webdiscovery) would reveal the existence of the subdomain in question. As others have said, security by obscurity doesn't work.

[geek_at]

Current pen tester here and this guy is right. There was a Google blog post years ago where Google planted a site with an unguessable url and indexed it and used edge to surf on the site. Shortly after this site was also listed on Bing.

Google had a "gotcha" moment when Microsoft responded basically with "yeah we didn't steal it from Google, you had telemetry enabled"

Total shitshow

[3np]

Would love to read this if a link is still around

[treesknees]

The Bing Sting!

https://googleblog.blogspot.com/2011/02/microsofts-bing-uses...

https://www.bbc.com/news/technology-12343597

https://news.ycombinator.com/item?id=2165469

https://moz.com/blog/the-bing-sting-facts-why-bing-arent-cop...