Subdomain Takeover PoC

Hi, my name is Pavel and I'm a security researcher.

What happened?

During a recent check I stumbled upon your subdomain which was pointing to an unclaimed Heroku instance. Since it's unclaimed, anyone can link your subdomain and host any content on it.

What are the consequences?

This puts your website, your customers and employees in danger. There's great potential for phishing attacks as well as distribution of malware etc.

What did you do?

To help you prevent any malicious actions, I have claimed the subdomain on Heroku and most likely already sent you an email, informing you about the security issue I have discovered. If there was no mail from me yet, just send me a message directly.

How to solve the issue?

Since you are not using this subdomain anymore, simply remove the DNS record pointing to Heroku to make it unavailable.

How can I contact or thank you?

That's simple. To contact me, just drop me an email to pavel@azanov.de. If you want to buy me a coffee or help me get Christmas gifts and something nice for my wife, just use the PayPal link down below.

PayPal Me