I hope “they” do some sort of atp and / or rate limiting
I came across this in a Google search, and wanted to correct this.
Nabu is using Amazon’s Route 53, and Route 53 will not allow a DNS dump, so you can’t actually get that public information.
The certificates are issued view Let’s Encrypt, and the issued certificates are not public.
If you are implying that your connectivity is being leaked, then yes, it is being leaked through DNS providers, browser diagnostics, and similar, but they are not publicly available information.
You’re assumption was correct earlier. Most services that do not require port-forwarding create a persistent session to their cloud servers, which you then connect to to proxy that connection.
Google have removed the certificate search feature that I linked to originally so the link doesn’t make much sense now.
A similar feature is available at OSINT Certificate Search.
Search here for ui.nabu.casa
Ah, I see what you’re saying, the public CA is being monitored for issued certs via CT.
This page is more relevant: Subdomain search | Merklemap