This post is the write-up about subdomain takeover vulnerable service Announcekit that I found. Although this is a paid service, It's possible to create PoC without having to purchase the service during trial period.
AnnounceKit is a user communication platform that helps you announce product updates to increase feature adoption.
CNAME record should be pointing to cname.announcekit.app
akit-tk.melbadry9.xyz. 42 IN CNAME cname.announcekit.app.
I use the following Nuclei template to check for possible candidates.
name: Announcekit service detection
To verify whether subdomain takeover may be possible we should see a similar error page.
Vulnerable Subdomain Error Page
To detect vulnerable subdomain we use the following fingerprint based on HTTP response we confirm whether subdomain is vulnerable or not.
"Error 404 - AnnounceKit"
I use the following Nuclei template to check for vulnerable subdomain.