RedHunt Labs studied internet-wide domains for severe vulnerability, 400K+ found to be prone

Share Article

Attack Surface Management company RedHunt Labs studied 220 Million domains on the internet for subdomains takeover vulnerability, under Project Resonance. More than 400,000 subdomains were prone to this attack across multiple industries i.e. e-commerce, education, healthcare, gov, etc.

Internet-Wide Analysis of Subdomain Takeover

Internet-Wide Analysis of Subdomain Takeover

You can't protect what you are now aware of. Visibility of the Attack Surface is a must for every cybersecurity leader.

Attack Surface Management company, RedHunt Labs, recently revealed that thousands of subdomains. across multiple industry verticals, are prone to Subdomain Takeover Vulnerability based on the large-scale study performed by their research team.

As companies have adopted modern and dynamic infrastructure, the majority of attacks and breaches take place outside of the firewall.

With so many third party associations and modern application practices, assets exist not only in an organization's network but also in places which are outside the control of organizations. While such assets pose the same amount of security risk, they are difficult to be tracked using traditional Cyber Security products. RedHunt Labs, using its Internet-Scale SaaS solution NVADR, continuously tracks these assets and monitors the organization's external Attack Surface (also known as “Hacker’s View of the organization”).

As subdomain is one of the major categories in the asset definition, RedHunt Labs conducted an internet-wide survey consisting of approximately 220 million domains/subdomains collected by their hundreds of bots spread across the internet.

Subdomain takeover is a vulnerability that occurs when a webpage hosted at the third-party cloud service is deleted but the DNS entry for it is retained. The attacker simply now claims the organization’s subdomain mapping and thus starts controlling the content hosted on the subdomain. This can allow an attacker to serve malicious content or misleading information and thus cause Brand Reputation loss, User Distrust and Spear-Phishing, and Data-Breach.

The results of this study were quite surprising as thousands of domains/subdomains (400K+), including those belonging to prestigious universities and government agencies, were prone to this attack. Talking about third parties which allowed this misconfiguration, Shopify (62%) had the highest share of such subdomains while Unbounce (14%) ranked second, followed by Heroku (9%), GitHub Pages (4%), Bigcartel (2%), Tumblr (1%), Webflow (1%) and Pantheon (1%). WordPress,, AWS, etc, with HelpJuice all had their share in 20%.

The most common vulnerable subdomain keyword was ”www”, which means most of the stale records pointed to the “root domain” of the sites. The next prevalent subdomain keyword was “shop”, followed by “store”, “blog”, “mail”, “hostmaster” and “cpanel”. The complete list of such subdomain keywords was released through their GitHub repository and the detailed results were published on their blog.

In terms of industry verticals, RedHunt Labs observed that ~1k .edu sites and ~200 .gov sites were also affected along with healthcare, wellness, and fitness sites with ~5k potential subdomain takeovers all combined.

The results clearly suggest that organizations are not effectively managing their ever-evolving attack surface and hence are unable to keep their perimeter secure without continuous monitoring on a large scale. As a solution to this, RedHunt Labs, help their clients continuously discover, monitor, and track subdomains (along with a variety of other untracked assets) owned by them and check for subdomain takeovers (along with several other security vulnerabilities) on a continuous basis using their SaaS product NVADR.

About RedHunt Labs:
RedHunt Labs is a UK based company providing Attack Surface Management (ASM) solution NVADR to deliver hacker’s view of an organization. Combining years of experience in offensive security, defensive security, and Open Source Intelligence (OSINT) RedHunt Labs has created 'NVADR' to solve the continuous perimeter security problem. RedHunt Labs runs the internet security research project 'Project Resonance' and also educates the world with the cutting edge tools and techniques in OSINT. The company is backed by private investors from the UK and is part of LORCA Cohort 5.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Sudhanshu Chauhan

Shubham Mittal
since: 03/2018
Follow >
Visit website