DANGLING RECORDS

Find subdomains attackers can claim.

Old CNAMEs to GitHub, S3, Netlify, and friends can point at nothing you control. Someone else can host content on your subdomain. We hunt those dangling records from cert logs + fingerprints.

Domain

Fetching subdomains from crt.sh…

HOW TO USE

Type your root domain.
Click Scan Domain. We pull hostnames from cert logs.
Fix or delete risky CNAMEs — or claim the cloud resource so you own it again.

Provider-Specific Guides

GitHub Pages subdomain takeover guide
Heroku subdomain takeover guide
Netlify subdomain takeover guide
AWS S3 bucket takeover guide
Azure resource takeover guide

Find subdomains attackers can claim.

Inactive subdomains (0)

Provider-Specific Guides