On November 3 2014, the bug bounty hunter Frans Rosén published a report about a sub-domain takeover at media.vine.co that pointed to AWS.
Frans Rosén included an interesting screenshot with a popup created with JavaScript as evidence, as shown in the following screenshot, which demonstrates the impact of this vulnerability:
If you pay attention to the preceding screenshot, you will realize the page could well be a phishing attack designed to steal credentials or sensitive information from users who trust the main domain.
If you want to read more about this bug, you can see the following link: https://hackerone.com/reports/32825.