Home / Tools / Check for subdomain takeover risk
DNS Security · Scan Check Guide

Check for subdomain takeover risk

30 min Impact: high Effort: medium ✓ Scan-verified — no manual checkbox

If you have a DNS record (usually a CNAME) pointing your subdomain at a third-party service you've since stopped using — a deleted Heroku app, an unclaimed AWS S3 bucket, an old GitHub Pages site — anyone can often claim that exact service name and effectively take over your subdomain, serving whatever content they want from what looks like your own domain.

A subdomain with a CNAME still pointing to a cloud service you've stopped using — a deleted Heroku app, an unclaimed GitHub Pages site — can often be claimed by anyone, letting them serve content from your own subdomain.

How to fix it

  1. 1
    Audit every subdomain's DNS records
    List every CNAME and A record pointing to third-party services (cloud hosts, page builders, app platforms).
  2. 2
    Confirm each target service is actually still active
    For each subdomain, visit the service it points to directly and confirm it resolves to YOUR content, not an error page or "not claimed" message.
  3. 3
    Remove DNS records for anything no longer in use
    If a subdomain points to a service you decommissioned, delete that DNS record entirely rather than leaving it dangling.
  4. 4
    Re-check periodically
    This risk resurfaces any time you stop using a third-party service without cleaning up the DNS record that pointed to it.

Common mistakes

How you'll know it's done

Every subdomain's DNS record points to a service you're actively using and verified as under your control.

Tools that help

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →