Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

List of specific sub-domains seen as CNAMEs #26

Closed
bayotop opened this issue Aug 2, 2018 · 9 comments
Closed

List of specific sub-domains seen as CNAMEs #26

bayotop opened this issue Aug 2, 2018 · 9 comments
Assignees

Comments

@bayotop
Copy link
Contributor

@bayotop bayotop commented Aug 2, 2018

Hi, I wanted to share a list of CNAMEs (or rather just substrings), seen for sub-domains from public BBPs/VDPs on various platforms that might indicate a takeover-able sub-domain. I created the list a few months ago (it might be dated) and never found time to utilize it further so I'm sharing it publicly as it might be helpful to extend what this repository covers:

  • .herokudns.com, .herokuapp.com, herokussl.com
  • .azurewebsites.net, .cloudapp.net, .azure-api.net, .trafficmanager.net, .azureedge.net, .cloudapp.azure.com
  • .cloudfront.net, .s3.amazonaws.com, .awsptr.com, .elasticbeanstalk.com,
  • .uservoice.com
  • unbouncepages.com
  • ghs.google.com, ghs.googlehosted.com, .ghs-ssl.googlehosted.com
  • .github.io, www.gitbooks.io
  • sendgrid.net
  • .feedpress.me
  • .fastly.net
  • .webflow.io, proxy.webflow.com
  • .helpscoutdocs.com
  • .readmessl.com
  • .desk.com
  • .zendesk.com
  • .mktoweb.com
  • .wordpress.com, .wpengine.com
  • .cloudflare.net
  • .netlify.com
  • .bydiscourse.com
  • .netdna-cdn.com
  • .pageserve.co
  • .pantheonsite.io
  • .arlo.co
  • .apigee.net
  • .pmail5.com
  • .cm-hosting.com
  • ext-cust.squarespace.com, ext.squarespace.com, www.squarespace6.com
  • .locationinsight.com
  • .helpsite.io
  • saas.moonami.com
  • custom.bnc.lt
  • .qualtrics.com
  • .dotcmscloud.net, .dotcmscloud.com
  • .knowledgeowl.com
  • .atlashost.eu
  • headwayapp.co
  • domain.pixieset.com
  • cname.bitly.com
  • .awmdm.com
  • .meteor.com
  • .postaffiliatepro.com, na.iso.postaffiliatepro.com
  • .copiny.com
  • .kxcdn.com
  • phs.getpostman.com
  • .appdirect.com
  • .streamshark.io

The ones below need an approved registration, a demo or similar stuff so it's hard to tell if they are takeover-able or not:

  • .ethosce.com
  • .custhelp.com
  • .onelink-translations.com
  • .mashery.com
  • .edgesuite.net
  • .akadns.net
  • .edgekey.net
  • akamaiedge.net
  • .edgekey-staging.net
  • .lldns.net
  • .edgecastcdn.net
  • centercode.com
  • .jivesoftware.com
  • .cvent.com
  • .covisint.com
  • .digitalrivercontent.net
  • .akahost.net
  • .connectedcommunity.org
  • .lithium.com
  • .sl.smartling.com
  • pfsweb.com
  • .bsd.net
  • .vovici.net
  • .extole.com
  • .ent-sessionm.com
  • .eloqua.com
  • .inscname.net
  • insnw.net
  • .2o7.net
  • .wnmh.net
  • .footprint.net
  • .llnwd.net
  • .cust.socrata.net
  • .scrool.se
  • .phenompeople.com
  • .investis.com
  • .skilljar.com
  • .imomentous.com
  • .cleverbridge.com
  • .insnw.net
  • sailthru.com
  • static.captora.com
  • .q4web.com
  • .omtrdc.net
  • .devzing.com
  • .pphosted.com
  • .securepromotion.com
  • .getbynder.com
  • .certain.com
  • .certainaws.com
  • .eds.com
  • .bluetie.com
  • .relayware.com
  • .yodlee.com
  • .mrooms.net
  • ssl.cdntwrk.com
  • secure.gooddata.com
  • .deltacdn.net
  • .happyfox.com
  • .proformaprostores.com
  • .yext-cdn.com
  • .edgecastdns.net
  • .ecdns.net

Have fun.

@codingo
Copy link
Collaborator

@codingo codingo commented Aug 2, 2018

@EdOverflow will chat about how to organise this with you over other networks? Seems like there's a variety of approaches that we could take here.

@codingo
Copy link
Collaborator

@codingo codingo commented Aug 2, 2018

Also thank-you @bayotop, and good work!

@EdOverflow
Copy link
Owner

@EdOverflow EdOverflow commented Aug 2, 2018

@codingo, yep, we will have to figure out how to approach each item.

Thank you for sharing this list, @bayotop.

@codingo
Copy link
Collaborator

@codingo codingo commented Oct 15, 2018

Most of these are now resolved/check or duplicates of existing content. Closing issue.

@bluedangerforyou
Copy link

@bluedangerforyou bluedangerforyou commented Nov 1, 2018

How to claim ghs?
I tried and said I was Sammy but domain was not taken as I tested another one which said it was taken

@ziak2677
Copy link

@ziak2677 ziak2677 commented Mar 10, 2019

Hi i saw a error (Web Page Blocked
Access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error) is it vulnerable?
The CName is pointed to the cloudflare

@Sushmitha-shinelikestars

Hi, Can anyone guide me how to sign up in overvoice.com

It is asking for business email id, But I don't have any business email id.

Could anyone please help me here in creating an uservoice account as I need to test for the subdomain.

Thanks,
Sushmitha

@Tounsi007
Copy link

@Tounsi007 Tounsi007 commented May 12, 2019

Hi,
How can I do that with apigee.net
Please help

Repository owner locked and limited conversation to collaborators May 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
8 participants
@codingo @bayotop @bluedangerforyou @EdOverflow @Sushmitha-shinelikestars @ziak2677 @Tounsi007 and others