You make a really good point about the post patch exploitation from Cloudbleed putting that in a different category. I guess my thinking was: Is this guy the first? Are the authoritative IO domain servers compromised some other way? Are the other servers legit?