New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

List of specific sub-domains seen as CNAMEs #26

Closed
bayotop opened this Issue Aug 2, 2018 · 5 comments

Comments

4 participants
@bayotop
Contributor

bayotop commented Aug 2, 2018

Hi, I wanted to share a list of CNAMEs (or rather just substrings), seen for sub-domains from public BBPs/VDPs on various platforms that might indicate a takeover-able sub-domain. I created the list a few months ago (it might be dated) and never found time to utilize it further so I'm sharing it publicly as it might be helpful to extend what this repository covers:

  • .herokudns.com, .herokuapp.com, herokussl.com
  • .azurewebsites.net, .cloudapp.net, .azure-api.net, .trafficmanager.net, .azureedge.net, .cloudapp.azure.com
  • .cloudfront.net, .s3.amazonaws.com, .awsptr.com, .elasticbeanstalk.com,
  • .uservoice.com
  • unbouncepages.com
  • ghs.google.com, ghs.googlehosted.com, .ghs-ssl.googlehosted.com
  • .github.io, www.gitbooks.io
  • sendgrid.net
  • .feedpress.me
  • .fastly.net
  • .webflow.io, proxy.webflow.com
  • .helpscoutdocs.com
  • .readmessl.com
  • .desk.com
  • .zendesk.com
  • .mktoweb.com
  • .wordpress.com, .wpengine.com
  • .cloudflare.net
  • .netlify.com
  • .bydiscourse.com
  • .netdna-cdn.com
  • .pageserve.co
  • .pantheonsite.io
  • .arlo.co
  • .apigee.net
  • .pmail5.com
  • .cm-hosting.com
  • ext-cust.squarespace.com, ext.squarespace.com, www.squarespace6.com
  • .locationinsight.com
  • .helpsite.io
  • saas.moonami.com
  • custom.bnc.lt
  • .qualtrics.com
  • .dotcmscloud.net, .dotcmscloud.com
  • .knowledgeowl.com
  • .atlashost.eu
  • headwayapp.co
  • domain.pixieset.com
  • cname.bitly.com
  • .awmdm.com
  • .meteor.com
  • .postaffiliatepro.com, na.iso.postaffiliatepro.com
  • .copiny.com
  • .kxcdn.com
  • phs.getpostman.com
  • .appdirect.com
  • .streamshark.io

The ones below need an approved registration, a demo or similar stuff so it's hard to tell if they are takeover-able or not:

  • .ethosce.com
  • .custhelp.com
  • .onelink-translations.com
  • .mashery.com
  • .edgesuite.net
  • .akadns.net
  • .edgekey.net
  • akamaiedge.net
  • .edgekey-staging.net
  • .lldns.net
  • .edgecastcdn.net
  • centercode.com
  • .jivesoftware.com
  • .cvent.com
  • .covisint.com
  • .digitalrivercontent.net
  • .akahost.net
  • .connectedcommunity.org
  • .lithium.com
  • .sl.smartling.com
  • pfsweb.com
  • .bsd.net
  • .vovici.net
  • .extole.com
  • .ent-sessionm.com
  • .eloqua.com
  • .inscname.net
  • insnw.net
  • .2o7.net
  • .wnmh.net
  • .footprint.net
  • .llnwd.net
  • .cust.socrata.net
  • .scrool.se
  • .phenompeople.com
  • .investis.com
  • .skilljar.com
  • .imomentous.com
  • .cleverbridge.com
  • .insnw.net
  • sailthru.com
  • static.captora.com
  • .q4web.com
  • .omtrdc.net
  • .devzing.com
  • .pphosted.com
  • .securepromotion.com
  • .getbynder.com
  • .certain.com
  • .certainaws.com
  • .eds.com
  • .bluetie.com
  • .relayware.com
  • .yodlee.com
  • .mrooms.net
  • ssl.cdntwrk.com
  • secure.gooddata.com
  • .deltacdn.net
  • .happyfox.com
  • .proformaprostores.com
  • .yext-cdn.com
  • .edgecastdns.net
  • .ecdns.net

Have fun.

@codingo

This comment has been minimized.

Collaborator

codingo commented Aug 2, 2018

@EdOverflow will chat about how to organise this with you over other networks? Seems like there's a variety of approaches that we could take here.

@codingo

This comment has been minimized.

Collaborator

codingo commented Aug 2, 2018

Also thank-you @bayotop, and good work!

@EdOverflow

This comment has been minimized.

Owner

EdOverflow commented Aug 2, 2018

@codingo, yep, we will have to figure out how to approach each item.

Thank you for sharing this list, @bayotop.

@codingo

This comment has been minimized.

Collaborator

codingo commented Oct 15, 2018

Most of these are now resolved/check or duplicates of existing content. Closing issue.

@bluedangerforyou

This comment has been minimized.

bluedangerforyou commented Nov 1, 2018

How to claim ghs?
I tried and said I was Sammy but domain was not taken as I tested another one which said it was taken

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment