ShieldReport
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign InRun Free Scan
Run Scan
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign In
← Back to Wiki

Subdomain Takeover

high
CWE-284DNS Security

What is Subdomain Takeover?

Subdomain takeover occurs when a DNS record (typically a CNAME) points to an external service that has been deprovisioned, allowing an attacker to claim that service and serve content on the subdomain.

How it works

A company creates blog.example.com pointing to a GitHub Pages or Heroku app. When they stop using the service but don't remove the DNS record, an attacker can create a new account on that service and claim the subdomain.

Impact

Phishing attacks from a trusted domain, cookie theft via parent domain cookies, credential harvesting, and reputation damage.

How ShieldReport detects this

ShieldReport's Subdomain Takeover Watchdog monitors DNS CNAMEs pointing to expired services across S3, Heroku, GitHub Pages, Shopify, Azure, and 30+ other providers.

How to fix it

Remove DNS records when deprovisioning external services. Regularly audit subdomain DNS records. Use ShieldReport's 24/7 monitoring to detect dangling records before attackers do.

Tags

dnssubdomainmonitoring

Is your site vulnerable to Subdomain Takeover?

Run a free scan to find out in under 2 minutes.

Scan Now
ShieldReport

Website security scanning and reporting for developers, teams, and agencies.

ShieldReport - Security reports done in minutes which developers understand | Product Hunt

Product

  • Free Security Scan
  • What We Check
  • Pricing
  • Sample Report

Resources

  • Security Blog
  • FAQ
  • Website Security Checklist
  • CSP Guide

Topics

  • Security Headers
  • TLS Configuration
  • OWASP Top 10
  • Vulnerability Scanning

© 2026 ShieldReport. All rights reserved.

Run Free ScanPricingBlogSitemapRSS Feed