Passive Takeover - uncovering (and emulating) an expensive subdomain takeover campaign

The report describes a widespread, opportunistic 'passive takeover' subdomain-takeover campaign in which an actor operates roughly 700 IPs (many in AWS Elastic IP space) to claim dangling A records by provisioning cloud instances after discovering valid passive-DNS mappings; the author demonstrates a PoC, outlines the attacker methodology, lists detection/mitigation advice, and publishes a curated list of ~345 IPs and corresponding domains observed serving takeover pages.