Subdomain Takeover

@picklepwns discovered a subdomain takeover attack. Technically, the domain was out of scope for our Vulnerability Disclosure Policy. We want to remind hackers to please limit their testing to domains explicitly listed in that scope (which is repeated on our HackerOne program page for convenience). This is for your own safety: we want to be sure that everyone's on the same page about your activities being authorized. That said, this was a legitimate vulnerability, which we fixed with other government partners. Thanks for the find, @picklepwns - we really appreciate it!