New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Detect subdomain takeover vulnerabilities and domain registration security issues.
Overview
Domain hijacking and subdomain takeover occur when DNS records point to deprovisioned services. Our scanner checks for dangling DNS records, subdomain takeover vectors across common cloud providers, and domain registration security settings.
What this scanner does
Enumerates subdomains and checks CNAME records for dangling pointers to deprovisioned services (AWS S3, Azure, GitHub Pages, Heroku, etc.). Checks domain registration for transfer lock status and registrar security settings.
Why it matters
Subdomain takeover lets attackers host content on your subdomain, which they can use for phishing, cookie theft (same-origin), or serving malware with your brand's trust. It is surprisingly common in organizations that spin up and decommission cloud services frequently.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Infrastructure Check
Verify DNS configuration, SPF, DKIM, DMARC records, and domain security.
Configuration Audit
Verify your SSL/TLS configuration, certificate validity, and encryption strength.
Monitoring & Intel
Check if your domain or IP appears on blocklists, malware databases, or threat feeds.
