Dangling Records
GitHub Pages Subdomain Takeover
If you deleted a GitHub Pages site but left the CNAME in your DNS, anyone can create a GitHub account with the same username and serve content on your subdomain. This is one of the most common subdomain takeovers.
How it happens
- You create a subdomain pointing to
username.github.io. - You delete the GitHub repo or Pages site.
- You forget to delete the DNS CNAME.
- An attacker creates
github.com/username. - Your subdomain now serves their content.
The fingerprint
When a GitHub Pages site does not exist, GitHub returns: There isn't a GitHub Pages site here. That is the takeover fingerprint. If your CNAME points there, it is claimable.
How to check
Run DomainPreflight Dangling Records. It checks all your subdomains against the GitHub Pages fingerprint automatically.
How to fix
Delete the CNAME record from your DNS. If you still need the subdomain, recreate the GitHub Pages site first.
Fix it step by step
*.github.io.Scan your domain for dangling provider records
Open Dangling Records Scanner →FAQ
What is a GitHub Pages subdomain takeover?
When a CNAME points to a deleted GitHub Pages site, anyone can create a GitHub account with the same username and serve content on your subdomain.
How do I know if my subdomain is vulnerable?
Run DomainPreflight Dangling Records. It checks all your CNAMEs against known takeover fingerprints including GitHub Pages.
What does the GitHub Pages takeover page look like?
There isn't a GitHub Pages site here. If your subdomain shows this, the CNAME is dangling and claimable.
How do I fix a GitHub Pages dangling CNAME?
Delete the DNS CNAME record. If you need the subdomain, recreate the GitHub Pages site first.
Can I prevent this from happening again?
Always delete DNS records when decommissioning services. Run Dangling Records scans quarterly.