Subdomain takeover is again in scope, however we've decided to put a fixed fee of 50 EUR on this vulnerability as we have a project running to fix this type of vulnerability more structurally.

We've also added two new domains in Tier 3. A vulnerability found on either one of domains and is present on the other will be considered a duplicate. (Production versus staging environment).

Happy hacking!