A DNS record pointing to a cloud service you stopped using can be hijacked by anyone who re-registers it. We map your subdomains and find the dangling records that can be taken over.
Run a free domain scan All checks →We enumerate your subdomains and check each DNS record: does a CNAME point to an external service (e.g. S3, GitHub Pages, Azure, Heroku, Netlify) that is no longer claimed? Such a dangling record can be re-registered by an attacker and used for phishing under your domain name.
A hijacked subdomain sits on your trusted domain — perfect for phishing, cookie theft and bypassing domain-based trust. It's one of the most common and overlooked flaws in a growing attack surface, and it isn't visible in your own systems.
Do you actually take over the subdomain?
No — we verify that it's hijackable without registering the service or publishing anything. You remediate from the report.
How do you find our subdomains?
Via public sources: certificate logs (CT), DNS and passive records — the same surface an attacker sees.
Is this part of the review?
Yes — subdomain takeover is a core part of our external attack-surface review.
Run a free scan or order a full Security Assessment — prioritised, not noise.
Run a free domain scan