diff --git a/README.md b/README.md index c0212fa..d6c6c7a 100644 --- a/README.md +++ b/README.md @@ -36,16 +36,18 @@ A list of services that can be checked (although check for duplicates against th Engine | Status | Fingerprint | Discussion | Documentation --------------------------------------------- | -------------- | ----------------------------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- Airee.ru | Vulnerable | | [Issue #104](https://github.com/EdOverflow/can-i-take-over-xyz/issues/104) | +Anima | Vulnerable | `If this is your website and you've just created it, try refreshing in a minute` | [Issue #126](https://github.com/EdOverflow/can-i-take-over-xyz/issues/126) | [Anima Documentation](https://docs.animaapp.com/v1/launchpad/08-custom-domain.html) Akamai | Not vulnerable | | [Issue #13](https://github.com/EdOverflow/can-i-take-over-xyz/issues/13) | AWS/S3 | Vulnerable | `The specified bucket does not exist` | [Issue #36](https://github.com/EdOverflow/can-i-take-over-xyz/issues/36) Bitbucket | Vulnerable | `Repository not found` | -Campaign Monitor | Vulnerable | 'Trying to access your account?' | | [Support Page](https://help.campaignmonitor.com/custom-domain-names) +Campaign Monitor | Vulnerable | `Trying to access your account?` | | [Support Page](https://help.campaignmonitor.com/custom-domain-names) Cargo Collective | Vulnerable | `404 Not Found` | | [Cargo Support Page](https://support.2.cargocollective.com/Using-a-Third-Party-Domain) Cloudfront | Not vulnerable | ViewerCertificateException | [Issue #29](https://github.com/EdOverflow/can-i-take-over-xyz/issues/29) | [Domain Security on Amazon CloudFront](https://aws.amazon.com/blogs/networking-and-content-delivery/continually-enhancing-domain-security-on-amazon-cloudfront/) Desk | Not vulnerable | `Please try again or try Desk.com free for 14 days.` | [Issue #9](https://github.com/EdOverflow/can-i-take-over-xyz/issues/9) Digital Ocean | Vulnerable | Domain uses DO name serves with no records in DO. | | | Fastly | Edge case | `Fastly error: unknown domain:` | [Issue #22](https://github.com/EdOverflow/can-i-take-over-xyz/issues/22) Feedpress | Vulnerable | `The feed has not been found.` | [HackerOne #195350](https://hackerone.com/reports/195350) +Firebase | Not vulnerable | | [Issue #128](https://github.com/EdOverflow/can-i-take-over-xyz/issues/128) | Fly.io | Vulnerable | `404 Not Found` | [Issue #101](https://github.com/EdOverflow/can-i-take-over-xyz/issues/101) Freshdesk | Not vulnerable | || [Freshdesk Support Page](https://support.freshdesk.com/support/solutions/articles/37590-using-a-vanity-support-url-and-pointing-the-cname) Ghost | Vulnerable | `The thing you were looking for is no longer here, or never was` | @@ -56,28 +58,31 @@ HatenaBlog | vulnerable | `404 Blog is not found` Help Juice | Vulnerable | `We could not find what you're looking for.` | | [Help Juice Support Page](https://help.helpjuice.com/34339-getting-started/custom-domain) Help Scout | Vulnerable | `No settings were found for this company:` | | [HelpScout Docs](https://docs.helpscout.net/article/42-setup-custom-domain) Heroku | Edge case | `No such app` | [Issue #38](https://github.com/EdOverflow/can-i-take-over-xyz/issues/38) +Instapage | Not vulnerable | | [Issue #73](https://github.com/EdOverflow/can-i-take-over-xyz/issues/73) | | Intercom | Vulnerable | `Uh oh. That page doesn't exist.` | [Issue #69](https://github.com/EdOverflow/can-i-take-over-xyz/issues/69) | [Help center](https://www.intercom.com/help/) JetBrains | Vulnerable | `is not a registered InCloud YouTrack` | | [YouTrack InCloud Help Page](https://www.jetbrains.com/help/youtrack/incloud/Domain-Settings.html) -Key CDN | Not Vulnerable | | [Issue #112](https://github.com/EdOverflow/can-i-take-over-xyz/issues/112) | +Key CDN | Not vulnerable | | [Issue #112](https://github.com/EdOverflow/can-i-take-over-xyz/issues/112) | Kinsta | Vulnerable | `No Site For Domain` |[Issue #48](https://github.com/EdOverflow/can-i-take-over-xyz/issues/48) | [kinsta-add-domain](https://kinsta.com/knowledgebase/add-domain/) LaunchRock | Vulnerable | `It looks like you may have taken a wrong turn somewhere. Don't worry...it happens to all of us.` |[Issue #74](https://github.com/EdOverflow/can-i-take-over-xyz/issues/74) | Mashery | Edge Case | `Unrecognized domain` | [HackerOne #275714](https://hackerone.com/reports/275714), [Issue #14](https://github.com/EdOverflow/can-i-take-over-xyz/issues/14) Microsoft Azure | Vulnerable | | [Issue #35](https://github.com/EdOverflow/can-i-take-over-xyz/issues/35) | Netlify | Edge Case | | [Issue #40](https://github.com/EdOverflow/can-i-take-over-xyz/issues/40) | +Ngrok | Vulnerable | `Tunnel *.ngrok.io not found` | [Issue #92](https://github.com/EdOverflow/can-i-take-over-xyz/issues/92) | [Ngrok Documentation](https://ngrok.com/docs#http-custom-domains) Pantheon | Vulnerable | `404 error unknown site!` |[Issue #24](https://github.com/EdOverflow/can-i-take-over-xyz/issues/24) | [Pantheon-Sub-takeover](https://medium.com/@hussain_0x3c/hostile-subdomain-takeover-using-pantheon-ebf4ab813111) Readme.io | Vulnerable | `Project doesnt exist... yet!` | [Issue #41](https://github.com/EdOverflow/can-i-take-over-xyz/issues/41) Sendgrid | Not vulnerable | | Shopify | Edge Case | `Sorry, this shop is currently unavailable.` |[Issue #32](https://github.com/EdOverflow/can-i-take-over-xyz/issues/32), [Issue #46](https://github.com/EdOverflow/can-i-take-over-xyz/issues/46)| [Medium Article](https://medium.com/@thebuckhacker/how-to-do-55-000-subdomain-takeover-in-a-blink-of-an-eye-a94954c3fc75) +SmartJobBoard | Vulnerable | `This job board website is either expired or its domain name is invalid.` | [Issue #139](https://github.com/EdOverflow/can-i-take-over-xyz/issues/139) | [Support Page](https://help.smartjobboard.com/en/articles/1269655-connecting-a-custom-domain-name) Squarespace | Not vulnerable | | Statuspage | Vulnerable | Visiting the subdomain will redirect users to https://www.statuspage.io. | [PR #105](https://github.com/EdOverflow/can-i-take-over-xyz/pull/105) | [Statuspage documentation](https://help.statuspage.io/knowledge_base/topics/domain-ownership) | Strikingly | Vulnerable | `page not found` |[Issue #58](https://github.com/EdOverflow/can-i-take-over-xyz/issues/58) | [Strikingly-Sub-takeover](https://medium.com/@sherif0x00/takeover-subdomains-pointing-to-strikingly-5e67df80cdfd) Surge.sh | Vulnerable | `project not found` || [Surge Documentation](https://surge.sh/help/adding-a-custom-domain) Tumblr | Edge Case | `Whatever you were looking for doesn't currently exist at this address` | Tilda | Edge Case | `Please renew your subscription` | [PR #20](https://github.com/EdOverflow/can-i-take-over-xyz/pull/20) -Unbounce | Not vulnerable | `The requested URL was not found on this server.` | [Issue #11](https://github.com/EdOverflow/can-i-take-over-xyz/issues/11) +Unbounce | Edge Case | `The requested URL was not found on this server.` | [Issue #11](https://github.com/EdOverflow/can-i-take-over-xyz/issues/11) Uptimerobot | Vulnerable | `page not found` |[Issue #45](https://github.com/EdOverflow/can-i-take-over-xyz/issues/45) | [Uptimerobot-Sub-takeover](https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/) UserVoice | Vulnerable | `This UserVoice subdomain is currently available!` | -Webflow | Edge Case | |[Issue #44](https://github.com/EdOverflow/can-i-take-over-xyz/issues/44) |[forum webflow](https://forum.webflow.com/t/hosting-a-subdomain-on-webflow/59201) +Webflow | Edge Case | `The page you are looking for doesn't exist or has been moved.` |[Issue #44](https://github.com/EdOverflow/can-i-take-over-xyz/issues/44) |[forum webflow](https://forum.webflow.com/t/hosting-a-subdomain-on-webflow/59201) Wordpress | Vulnerable | `Do you want to register *.wordpress.com?` | WP Engine | Not vulnerable | | -Zendesk | Not Vulnerable | `Help Center Closed` | [Issue #23](https://github.com/EdOverflow/can-i-take-over-xyz/issues/23) | [Zendesk Support](https://support.zendesk.com/hc/en-us/articles/203664356-Changing-the-address-of-your-Help-Center-subdomain-host-mapping-) +Zendesk | Not vulnerable | `Help Center Closed` | [Issue #23](https://github.com/EdOverflow/can-i-take-over-xyz/issues/23) | [Zendesk Support](https://support.zendesk.com/hc/en-us/articles/203664356-Changing-the-address-of-your-Help-Center-subdomain-host-mapping-)