The ip of domain is not pointing to wpengine.com,Attacker can signup there and takeover subdomain by using this ip check the error message by visiting domain ip it say's that:
This domain is successfully pointed at WP Engine, but is not configured for an account on our platform.
If you just signed up, we're still likely creating your account. Did you add this domain to your install? Did you point DNS to the correct IP address or CNAME?
If you've completed the steps above, or need more help, please contact us and we can help get your site up and running in no time.
http://188.8.131.52/ ======== https://br.blog.trello.com http://184.108.40.206/ ======== blog.trello.com
http://blog.trello.com is vulnerable to username enemuration here is the username of wp-admin
ID User Login 1 admin admin 2 Dan Ostlund dan
wordpress allow to brute force password and on net there are diffrent tools to brute force password of wordpress like WPscan