• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Uptimerobot.com Custom Domain or Subdomain Takeover

September 24, 2018 by Jack Wilder 10 Comments

Uptimerobot.com Custom Domain or Subdomain Takeover – Oke kali ini saya akan membahas kemungkinan melakukan takeover pada laman uptimerobot.com. Uptimerobot.com adalah layanan untuk menampilkan status uptime dari layanan yang kita punya. Sebagai contoh mungkin bisa dilihat di status.linuxsec.org. Yep, laman untuk menampilkan status uptime dari server kita. Nah, layanan ini sendiri bisa digunakan secara gratis maupun berbayar (versi premium).

Public Status Page untuk Uptimerobot.com pun bisa digunakan untuk domain kustom. Syaratnya dengan menambahkan CNAME yang diarahkan ke stats.uptimerobot.com.

nah jika suatu saat pemilik dari custom domain tersebut menghapus Public Status Page nya namun tidak menghapus record CNAME di domain amanger, subdomain tersebut bisa kita takeover. Sebagai contoh disini saya test di uptime.zafkiel.net . uptime.zafkiel.net mengarah ke stats.uptimerobot.com naum tidak ada public status page yang dibuat.

yuyudhn@LINUXSEC:~$ curl https://uptime.zafkiel.net/
page not found
yuyudhn@LINUXSEC:~$ curl -I https://uptime.zafkiel.net
HTTP/2 404
content-type: text/html; charset=utf-8
date: Mon, 24 Sep 2018 10:34:14 GMT
etag: W/"e-d2v0Cs2NwwmTXQ8pOCI5YoIXuhc"
server: Caddy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
...

Lalu test dengan perintah dig

yuyudhn@LINUXSEC:~$ dig uptime.zafkiel.net
....
uptime.zafkiel.net.     215     IN      CNAME   stats.uptimerobot.com.
stats.uptimerobot.com.  215     IN      A       69.162.67.141

Oke langkah yang bisa kita ambil adalah mendaftarkan public status page untuk custom domain tersebut.

Cek uptime.zafkiel.net

Oke sekian tutorial kali ini dan semoga bermanfaat.

Filed Under: Domain Takeover, Web Hacking

Reader Interactions

Comments

  1. mizbaul says

    September 21, 2022 at 3:37 am

    need help

    Reply
  2. hehe says

    March 12, 2023 at 3:14 pm

    myre

    Reply
  3. roy says

    June 27, 2023 at 12:16 pm

    it’s paid feature

    Reply
    • Yoo Cherry says

      March 5, 2024 at 7:51 pm

      yep now it is paid feature. it is free to custom your domain before

      Reply
      • YOUNESS says

        September 17, 2024 at 6:00 pm

        hi do you have an account with this feauture , I HAVE A VULNURABLE SITE ,
        if yes reply to give the contact information , btw this site has a bug bounty program and that subdomain abondoned

        Reply
  4. someone says

    July 17, 2024 at 3:15 pm

    i am trying to do this, and i have some questions.
    1. when i tried dig url => CNAME is not stats.uptimerobot.com
    does it have to be stats.uptimerobot.com?

    2. adding a custom domain is a paid feature. can i takeover the domain without paying to uptimerobot?

    Reply
  5. bulsluk says

    July 27, 2024 at 6:35 pm

    untuk tampilan situs nya yang Vulnerability itu kaya gimana mas?

    Reply
  6. Papa's Pizzeria says

    March 17, 2025 at 1:35 pm

    Interesting point about Uptimerobot! Securing your uptime status page is crucial. Makes you wonder if subdomain takeover risks exist, especially if DNS records aren’t properly configured after migrating. Reminds me of the time I was meticulously crafting the perfect pizza in Papa’s Pizzeria, only to have a server crash wipe out my progress! Server security is just as important as perfecting that pepperoni placement.

    Reply
  7. hello says

    June 26, 2025 at 9:19 pm

    Reply
  8. hacked says

    June 26, 2025 at 9:21 pm

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Cara Mendapatkan RDP Gratis Dengan Shell Windows

WordPress Fraction Theme Version 1.1.1 Privilege Escalation

MIME Type Sniffing pada Form Upload Gambar

Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

Exploit WPStore Themes Upload Vulnerability

Cara Deface Website dengan Teknik Local File Inclusion

Prestashop Module Blocktestimonial File Upload Auto Exploit

Uptimerobot.com Custom Domain or Subdomain Takeover

Hack Targeted Website using Reverse IP

WordPress Plugin CopySafe PDF Protection Shell Upload

LinuxSec / 20 queries in 0.09 seconds