Subdomain Takeover

A subdomain takeover occurs when a DNS record points to an external service (like a deprovisioned Heroku app, GitHub Pages site, or S3 bucket) that an attacker can claim. Because the DNS still resolves to the external provider, the attacker can host content on your subdomain — enabling phishing, cookie theft (if the subdomain shares a parent domain cookie), and bypassing CSP or CORS policies. Monitoring DNS records for dangling CNAMEs pointing to unclaimed external services is essential.

Why it matters for your website

• 1Can result in traffic interception, phishing attacks using your domain, or service disruption
• 2Often discovered and exploited before organizations notice
• 3Preventable with proper monitoring and defensive DNS configuration