If you do a GET / request against the IP (typically http too) does it yield a redirect to your proper fqdn? It shouldn’t return anything and remain stealthy as you likely dont want to expose anything directly on IP connections and rely solely on your vhosts.

I use healthchecks.io to alert me if any backups dont fire on time or have error states, free to use and a nice first line when I can’t keep an eye on it regularly

I bet the 2FA secret was leaked too though…

Interesting, didn’t know that. Do you think that different enough from a timeout / reboot requirement of code? Could the app tell?

Nothing stopping an exta fingerprint being registered though…