Possible Takeover of Domain using Gcore CDN

[sn1p3rt3s7]

If the NS record of domain points to ns2.gcdn.services and ns1.gcorelabs.net and the CDN is not currently active. Then an attacker can create a CDN resource with Origin source as the IP of your website ( content ). Site: give the apex domain you want to takeover.
If it is already used by another user it'll be shown that you can't takeover.

Note: Choose entire site, not subdomain.
This is because if you choose subdomain it'll ask you to add CNAME record with value cl-xxxx.gcdn.co
where xxxx is random. So it is not feasible. But to takeover the entire site the criteria is

• The CDN resource with the site should not be already registered in Gcore
• The nameservers should point to the nameserver I wrote at the first line.
  If both satisfies you can takeover the domain. This is not subdomain takeover but the entire domain takeover is only possible.
  The chance someone misconfigure like this for their main domain is rare. Think of scenario where a company X has a slightly unpopular domain like Y where NS is configured with the above values but there is no CDN resource attached with that domain ( which means no A or CNAME record but only NS record, the site won't load as you guessed ). In that case you can takeover. I was able to takeover a domain using this method. Encountering such a scenario in the wild could happen if you are lucky.
  Netlas query: (ns:ns1.gcorelabs.net AND !_exists_:a AND !_exists_:cname)