My guess would be NSEC zone walking if your DNS provider supports DNSSEC. But that shouldn’t work with unregistered or wildcard domains

The next guess would be during setup, someone somewhere got ahold of your SNI (and/or outgoing DNS requests). Maybe your ISP/VPN service actually logs them and announce it to the world

I suggest next time, try setting up without any over-the-internet traffic at all. E.g. always use curl with the –resolve flag on the same VM as Apache to check if it’s working