Top Subdomain Takeover reports from HackerOne:
- Subdomain Takeover to Authentication bypass to Roblox - 744 upvotes, $0
- Subdomain takeover of datacafe-cert.starbucks.com to Starbucks - 303 upvotes, $0
- Authentication bypass on auth.uber.com via subdomain takeover of saostatic.uber.com to Uber - 168 upvotes, $0
- Subdomain takeover of storybook.lystit.com to Lyst - 156 upvotes, $1000
- Hacker.One Subdomain Takeover to HackerOne - 152 upvotes, $0
- Subdomain takeover at info.hacker.one to HackerOne - 130 upvotes, $0
- Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com to Grab - 127 upvotes, $1000
- Multiple Subdomain Takeovers: fly.staging.shipt.com, fly.us-west-2.staging.shipt.com, fly.us-east-1.staging.shipt.com to Shipt - 127 upvotes, $0
- Subdomain takeover of mydailydev.starbucks.com to Starbucks - 120 upvotes, $0
- Subdomain takeover of d02-1-ag.productioncontroller.starbucks.com to Starbucks - 119 upvotes, $0
- Subdomain takeover on http://fastly.sc-cdn.net/ to Snapchat - 110 upvotes, $3000
- Subdomain takeover on svcgatewayus.starbucks.com to Starbucks - 105 upvotes, $0
- Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record to Starbucks - 103 upvotes, $0
- Subdomain takeover on usclsapipma.cv.ford.com to Ford - 99 upvotes, $0
- Subdomain takeover of resources.hackerone.com to HackerOne - 94 upvotes, $500
- Subdomain takeover of fr1.vpn.zomans.com to Zomato - 91 upvotes, $350
- Subdomain takeover on wfmnarptpc.starbucks.com to Starbucks - 88 upvotes, $0
- Subdomain takeover of v.zego.com to Zego - 84 upvotes, $0
- Subdomain Takeover at creatorforum.roblox.com to Roblox - 83 upvotes, $0
- Multiple Subdomain takeovers via unclaimed instances to Starbucks - 82 upvotes, $0
- Subdomain takeover #2 at info.hacker.one to HackerOne - 78 upvotes, $0
- Subdomain takeover at signup.uber.com to Uber - 78 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 77 upvotes, $0
- Subdomain takeover due to unclaimed Amazon S3 bucket on a2.bime.io to Bime - 75 upvotes, $0
- Subdomain Takeover to Paragon Initiative Enterprises - 75 upvotes, $0
- Subdomain takeover dew to missconfigured project settings for Custom domain . to Flock - 75 upvotes, $0
- Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages to Greenhouse.io - 74 upvotes, $0
- Subdomain Takeover due to ████████ NS records at us-east4.37signals.com to Basecamp - 73 upvotes, $0
- Subdomain Takeover at test.shipt.com to Shipt - 72 upvotes, $750
- Subdomain takeover http://accessday.opn.ooo/ to Omise - 69 upvotes, $50
- Subdomain takeover on rider.uber.com due to non-existent distribution on Cloudfront to Uber - 66 upvotes, $1000
- myshopify.com domain takeover to Shopify - 64 upvotes, $0
- Subdomain takeover of main domain of https://www.cyberlynx.lu/ to Acronis - 63 upvotes, $100
- Subdomain takeover of images.crossinstall.com to X (Formerly Twitter) - 63 upvotes, $0
- Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com to Shopify - 60 upvotes, $500
- Subdomain takeover #3 at info.hacker.one to HackerOne - 57 upvotes, $0
- Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry to Ubiquiti Inc. - 56 upvotes, $0
- subdomain takeover on fddkim.zomato.com to Zomato - 56 upvotes, $0
- Subdomain Takeover Via via Dangling NS records on Amazon Route 53 http://api.e2e-kops-aws-canary.test-cncf-aws.canary.k8s.io to Kubernetes - 55 upvotes, $250
- Subdomain takeover on dev-admin.periscope.tv to X (Formerly Twitter) - 54 upvotes, $0
- Subdomain Takeover of brand.zen.ly to Zenly - 50 upvotes, $750
- Subdomain takeover #4 at info.hacker.one to HackerOne - 50 upvotes, $0
- Subdomain takeover of www█████████.affirm.com to Affirm - 49 upvotes, $500
- Subdomain takeover on developer.openapi.starbucks.com to Starbucks - 49 upvotes, $0
- URGENT - Subdomain Takeover on media.vine.co due to unclaimed domain pointing to AWS to X (Formerly Twitter) - 47 upvotes, $0
- Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com to Ubiquiti Inc. - 45 upvotes, $0
- Subdomain Takeover - https://competition.shopify.com/ to Shopify - 45 upvotes, $0
- Subdomain takeover due to non registered TLD [ ██████████.█████.██████.com ] to Affirm - 44 upvotes, $250
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 44 upvotes, $0
- Domain Takeover [3737signals.com] to Basecamp - 43 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 42 upvotes, $0
- Subdomain takeover of ███.wavecell.com to 8x8 - 39 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 39 upvotes, $0
- cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com ) to Automattic - 38 upvotes, $0
- svcardproxydevus.starbucks.com Subdomain take over to Starbucks - 38 upvotes, $0
- Subdomain takeover on one of the subdomain under mozgcp.net to Mozilla Core Services - 38 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla Core Services - 38 upvotes, $0
- Subdomain Takeover via Unclaimed WordPress site to Snapchat - 37 upvotes, $0
- subdomain takeover at status0.stripo.email to Stripo Inc - 36 upvotes, $0
- Subdomain takeover on svcgatewaydevus.starbucks.com and svcgatewayloadus.starbucks.com to Starbucks - 35 upvotes, $0
- subdomain takeover at █████████ to Mars - 35 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla Core Services - 35 upvotes, $0
- subdomain takeover at news-static.semrush.com to Semrush - 34 upvotes, $0
- registry.nodejs.org Subdomain Takeover to Node.js - 34 upvotes, $0
- Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io. to Legal Robot - 33 upvotes, $0
- Subdomain Takeover At the Main Domain Of Your Site to Sifchain - 33 upvotes, $0
- Subdomain takeover of █████████ to U.S. Dept Of Defense - 33 upvotes, $0
- EC2 subdomain takeover at http://████████/ to U.S. Dept Of Defense - 32 upvotes, $0
- [iot-hackathon.geekbrains.ru] Tilda Subdomain Takeover to Mail.ru - 31 upvotes, $0
- [ii.worki.ru ] emarsys subdomain takeover to Mail.ru - 31 upvotes, $0
- Subdomain takeover at http://test.www.midigator.com to Equifax-vdp - 31 upvotes, $0
- Subdomain Takeover using blog.greenhouse.io pointing to Hubspot to Greenhouse.io - 30 upvotes, $0
- GNIP subdomain take over to X (Formerly Twitter) - 30 upvotes, $0
- [engineering.udemy.com] - Subdomain Takeover (ghost.io) to Udemy - 30 upvotes, $0
- Domain Takeover in [obviousengine.com] a snapchat acquisitions to Snapchat - 30 upvotes, $0
- Domain takeover on http://doesfranshaveashell.com/ due to expiration to Ed - 30 upvotes, $0
- subdomain Takeover at blog.exchangemarketplace.com to Shopify - 27 upvotes, $0
- Subdomain takeover on healthyhackathon.khanacademy.org and hackweek.khanacademy.org to Khan Academy - 27 upvotes, $0
- Subdomain takeover on mta1a1.spmail.uber.com to Uber - 27 upvotes, $0
- Subdomain Takeover via Unclaimed Amazon S3 Bucket (Musical.ly) to TikTok - 26 upvotes, $200
- Subdomain takeover on podcasts.slack-core.com to Slack - 26 upvotes, $100
- Subdomain takeover on tilda.geekbrains.ru and fl-change.geekbrains.ru to Mail.ru - 26 upvotes, $0
- Subdomain takeover on 'de-headless.staging.gymshark.com' to Gymshark - 26 upvotes, $0
- Subdomain takeover on one of the subdomain under mozgcp.net to Mozilla Core Services - 26 upvotes, $0
- Sub-Domain Takeover at http://www.codefi.consensys.net/ to Consensys - 25 upvotes, $500
- [ux.shopify.com] Subdomain takeover to Shopify - 25 upvotes, $0
- Bulgaria - Subdomain takeover of mail.starbucks.bg to Starbucks - 25 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 25 upvotes, $0
- Possible subdomain takeover at openapi.starbucks.com to Starbucks - 24 upvotes, $0
- {REDACTED}.data.gov subdomain takeover. to GSA Bounty - 24 upvotes, $0
- subdomain take over at recommendation.algolia.com to Algolia - 24 upvotes, $0
- [Screenhero] Subdomain takeover to Slack - 23 upvotes, $0
- Subdomain takeover on "info-edcrunch.skillfactory.ru" to Mail.ru - 23 upvotes, $0
- Domain Takeover - gl-canary.freetls.fastly.net to GitLab - 22 upvotes, $200
- Subdomain Takeover in http://genghis-cdn.shopify.io/ pointing to Fastly to Shopify - 22 upvotes, $0
- Subdomain takeover at segway.shipt.com to Shipt - 21 upvotes, $300
- Subdomain takeover of translate.uber.com, de.uber.com and fr.uber.com to Uber - 21 upvotes, $0
- Subdomain takeover due to an unclaimed Amazon S3 bucket on ███ to U.S. Dept Of Defense - 21 upvotes, $0
- subdomain takeover disney.samokat.ru to Mail.ru - 21 upvotes, $0
- Subdomain Takeover Affecting at vex.weather.com to IBM - 21 upvotes, $0
- Subdomain take-over of {REDACTED}.18f.gov to GSA Bounty - 20 upvotes, $0
- Broken subdomain takeover of runpanther which was pointing towards herokuapp to Panther Labs - 20 upvotes, $0
- Main Domain Takeover at https://www.marketo.net/ to Adobe - 20 upvotes, $0
- Subdomain takeover on one of the subdomain under mozgcp.net to Mozilla - 20 upvotes, $0
- Subdomain Takeover in http://assets.goubiquiti.com/ to Ubiquiti Inc. - 19 upvotes, $0
- Subdomain Takeover (moderator.ubnt.com) to Ubiquiti Inc. - 19 upvotes, $0
- Subdomain takeover at iosota.razersynapse.com via Amazon S3 to Razer - 18 upvotes, $200
- Subdomain Takeover (http://docs.olx.ph/ , http://calendar.olx.ph/, http://sites.olx.ph/) to OLX - 18 upvotes, $0
- Subdomain takeover of ████ to U.S. Dept Of Defense - 18 upvotes, $0
- DNS Misconfiguration (Subdomain Takeover) - █████████.8x8.com to 8x8 - 18 upvotes, $0
- Domain Takeover at 3hopify.media to Shopify - 18 upvotes, $0
- Subdomain Takeover to Mail.ru - 18 upvotes, $0
- Subdomain Takeover due to unclaimed domain pointing to AWS to GSA Bounty - 17 upvotes, $150
- Subdomain take over signup.websummit to WebSummit - 17 upvotes, $0
- Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com to Udemy - 17 upvotes, $0
- Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services to Acronis - 17 upvotes, $0
- Subdomain Takeover at https://new.rubyonrails.org/ to Ruby on Rails - 17 upvotes, $0
- Subdomain Takeover via unclaimed UserVoice domain to Snapchat - 16 upvotes, $250
- Sub Domain Takeover to Gratipay - 16 upvotes, $0
- subdomain takeover at status-stage0.stripo.email to Stripo Inc - 16 upvotes, $0
- Subdomain Takeover due to unclaimed domain pointing to Acquia Cloud to Insulet Corporation - 16 upvotes, $0
- Domain Takeover of Reddit.ru via DNS Hijacking to Reddit - 15 upvotes, $500
- Subdomain takeover at ftp.thx.com to Razer - 15 upvotes, $250
- AWS subdomain Takeover at estore.razersynapse.com to Razer - 15 upvotes, $250
- DNS Misconfiguration (Subdomain Takeover) ███.wavecell.com to 8x8 - 15 upvotes, $0
- Potential Subdomain Takeover Possible to Boozt Fashion AB - 14 upvotes, $120
- URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io to Vimeo - 14 upvotes, $0
- Subdomain Takeover to Mail.ru - 14 upvotes, $0
- Subdomain takeover of www2.growasyouplan.com to Palo Alto Software - 14 upvotes, $0
- Subdomain takeover [████████] to U.S. Dept Of Defense - 14 upvotes, $0
- [supportlocal.delivery-club.ru] Subdomain Takeover to Mail.ru - 13 upvotes, $500
- Subdomain Takeover uptime to BTFS - 13 upvotes, $100
- Subdomain takeover in http://support.scan.me pointing to Zendesk (a Snapchat acquisition) to Snapchat - 13 upvotes, $0
- Subdomain takeover of blog.snapchat.com to Snapchat - 13 upvotes, $0
- Subdomain Takeover – jet.acronis.com pointing to unclaimed Webflow services to Acronis - 13 upvotes, $0
- Subdomain takeover on slack.augur.net pointing to GitHub Pages to Augur - 12 upvotes, $250
- Helpdesk takeover (subdomain takeover) in razerzone.com domain via unclaimed Zendesk instance to Razer - 12 upvotes, $250
- [Critical] Subdomain Takeover to Instacart - 12 upvotes, $0
- Subdomain takeover of ████.jitsi.net to 8x8 - 12 upvotes, $0
- Subdomain Takeover on 1c-start.tochka.com pointing to unbouncepages to QIWI - 12 upvotes, $0
- 8ybhy85kld9zp9xf84x6.imgur.com Subdomain Takeover to Imgur - 12 upvotes, $0
- Subdomain takeover on s3.shopify.com to Shopify - 11 upvotes, $500
- Subdomain Takeover on http://kiosk.owox.com/ to OWOX, Inc. - 11 upvotes, $0
- Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry to Ubiquiti Inc. - 11 upvotes, $0
- Domain takeover (legalrobot.co.za) to Legal Robot - 11 upvotes, $0
- SUBDOMAIN TAKEOVER [http://dev.rbk.money/] to RBKmoney - 11 upvotes, $0
- Route53 Subdomain Takeover on test-cncf-aws.canary.k8s.io to Kubernetes - 11 upvotes, $0
- DNS Misconfiguration (Subdomain Takeover) █.staging.█.8x8.com to 8x8 - 11 upvotes, $0
- Subdomain Takeover at course.oberlo.com to Shopify - 11 upvotes, $0
- DNS Misconfiguration (Subdomain Takeover) ███████.8x8.com to 8x8 - 10 upvotes, $0
- DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com to Palo Alto Software - 10 upvotes, $0
- Subdomain Takeover at http://gameday.websummit.net to WebSummit - 9 upvotes, $0
- Subdomain takeover in many subdomains to OWOX, Inc. - 9 upvotes, $0
- code.wordpress.net subdomain Takeover to WordPress - 9 upvotes, $0
- Subdomain Takeover of multiple *.ttcdn.co domains to Shopify - 9 upvotes, $0
- Subdomain Takeover - pmp.oneweb.net to OneWeb - 9 upvotes, $0
- subdomain takeover (abandoned Zendesk █.easycontactnow.com) to 8x8 - 9 upvotes, $0
- subdomain takeover at odoo-staging.exness.io to EXNESS - 9 upvotes, $0
- Sub Domain Take over to Gratipay - 8 upvotes, $0
- Subdomain Takeover at Landing.udemy.com to Udemy - 8 upvotes, $0
- Possible Subdomain Takeover to Khan Academy - 8 upvotes, $0
- Subdomain Takeover at blog.instamart.ru to Mail.ru - 8 upvotes, $0
- AWS subdomain takeover of www.███████ to U.S. Dept Of Defense - 8 upvotes, $0
- Possible Domain Takeover on AWS Instance. to Rocket.Chat - 8 upvotes, $0
- Sub Domain Takeover at mk.prd.vine.co to X (Formerly Twitter) - 7 upvotes, $0
- Subdomain takeover (sales.mixmax.com) to Mixmax - 7 upvotes, $0
- Subdomain Takeover on proxies.sifchain.finance pointing to vercel to Sifchain - 7 upvotes, $0
- Subdomain Takeover of Brave.com to Brave Software - 6 upvotes, $0
- Subdomain Takeover to GSA Bounty - 6 upvotes, $0
- Subdomain Takeover at analyticstest.geekbrains.ru to Mail.ru - 6 upvotes, $0
- Subdomain takeover http://promo.instamart.ru/ to Mail.ru - 6 upvotes, $0
- Subdomain takeover at ws.bimedb.com due to unclaimed Amazon S3 bucket to Bime - 5 upvotes, $0
- Full Sub Domain Takeover at s3.websummit.net to WebSummit - 5 upvotes, $0
- Possible Subdomain Takeover at http://production.s3.rubygems.org/ pointing to Fastly to RubyGems - 5 upvotes, $0
- Possible Subdomain Takeover to Mixmax - 5 upvotes, $0
- Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition) to Shopify - 5 upvotes, $0
- subdomain Takeover to Mail.ru - 5 upvotes, $0
- Subdomain takeover of ███ to U.S. Dept Of Defense - 5 upvotes, $0
- Subdomain Takeover at http://██.get8x8.com/ to 8x8 - 5 upvotes, $0
- subdomain takeover 1511493148.cloud.vimeo.com to Vimeo - 4 upvotes, $0
- Subdomain Takeover to Zomato - 4 upvotes, $0
- Sub-Domain Takeover to X (Formerly Twitter) - 4 upvotes, $0
- Full Sub Domain Takeover at wx.zopim.net to Zendesk - 4 upvotes, $0
- mailgun subdomain takeover on "email.mail.geekbrains.ru" to Mail.ru - 4 upvotes, $0
- URGENT - Subdomain Takeover on users.tweetdeck.com , the same issue of report #32825 to X (Formerly Twitter) - 3 upvotes, $420
- Subdomain Takeover in http://staging.wepay.com/ pointing to Fastly to WePay - 2 upvotes, $100
- URGENT - SUBDOMAIN TAKEOVER ON TWITTER ACQ. to X (Formerly Twitter) - 2 upvotes, $0
- Subdomain takeover : URGENT to KIWI.KI GmbH - 2 upvotes, $0
- SUBDOMAIN TAKEOVER(FIXED) to New Relic - 2 upvotes, $0
- Potential Subdomain Takeover - http://storefront.newrelic.com/ to New Relic - 2 upvotes, $0
- [staging.tarantool.org] Github Pages Subdomain-take-over to Mail.ru - 2 upvotes, $0
- Subdomain takeover at msproject.geekbrains.ru to Mail.ru - 2 upvotes, $0
- Subdomain takeover on one of the subdomain under mozgcp.net to Mozilla - 2 upvotes, $0
- Subdomain Takeover on OWOX.RU to OWOX, Inc. - 1 upvotes, $0
- Subdomain Takeover on http://blog.owox.com/ to OWOX, Inc. - 1 upvotes, $0
- Subdomain take over oh-no.cuvva.co and ohno.cuvva.co to Cuvva - 1 upvotes, $0
- [performancemarketing.geekbrains.ru] Tilda Subdomain Takeover to Mail.ru - 1 upvotes, $0
- Subdomain Takeover on delivey.yelp.com to Yelp - 1 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 1 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 1 upvotes, $0
- URGENT - Subdomain Takeover in support.urbandictionary.com pointing to Zendesk to Urban Dictionary - 0 upvotes, $0
- Sub domain take over in gratipay.com to Gratipay - 0 upvotes, $0
- Subdomain takeover on one of the subdomain under mozaws.net to Mozilla - 0 upvotes, $0