@rmbolger thanks. Indeed there are many legitimate reasons to host DNS for a third-party, though they might not like that their service was used by a hijacker. They probably don't care.
I have to say that I focused on recovering the domains rather than collecting evidence, so the only two crumbs of evidence I have are:
(I assume the hijacker intended to use CF to reverse-proxy its stuff anyway)
=> More informations about this toot | View the thread | More toots from olasd@mastodon.opportunis.me
=> View rmbolger@mastodon.social profile
text/geminiThis content has been proxied by September (3851b).