$loading...
Check subdomains against a fingerprint database of 40+ cloud services for CNAME-based takeover vulnerabilities. Batch analyze, explore DNS recon techniques, get step-by-step claim instructions, and generate subdomain wordlists. All processing is client-side — no DNS queries are made.
For authorized security testing only. Only test subdomains you own or have explicit written permission to test. Unauthorized subdomain takeover attempts may violate the CFAA and equivalent laws.
Paste raw subdomains (e.g. app.example.com) or CNAME values (e.g. app.example.github.io). The tool checks each line against the fingerprint database using string matching — no DNS queries are made.
This is not a list of vulnerable websites. These are cloud services that host customer content via CNAME records. When a company deletes their resource (e.g. an S3 bucket or Heroku app) but forgets to remove the DNS record, the subdomain "dangles" — and an attacker may be able to claim that resource and serve content on the company's subdomain. Takeover possible means the service allows re-registration of unclaimed resources. Patched means the service has deployed protections that block or severely limit takeover. Source: can-i-take-over-xyz (2024).
| Service | CNAME Pattern | Error Fingerprint | Takeover Risk |
|---|---|---|---|
| AWS S3 | .s3.amazonaws.com | The specified bucket does not exist | Takeover possible |
| Azure | .azurewebsites.net | The page cannot be displayed because an internal server error has occurred | Takeover possible |
| Azure | .cloudapp.azure.com | Not Found | Takeover possible |
| Azure | .blob.core.windows.net | The specified container does not exist | Takeover possible |
| Surge.sh | .surge.sh | project not found | Takeover possible |
| Bitbucket | .bitbucket.io | Repository not found | Takeover possible |
| Pantheon | .pantheonsite.io | The gods are wise | Takeover possible |
| WordPress | .wordpress.com | Do you want to register | Takeover possible |
| Ghost | .ghost.io | The thing you were looking for is no longer here | Takeover possible |
| Cargo | .cargocollective.com | 404 Not Found | Takeover possible |
| Strikingly | .strikingly.com | But if you're looking to build your own website | Takeover possible |
| Help Scout | .helpscoutdocs.com | No settings were found for this company | Takeover possible |
| Campaign Monitor | .createsend.com | Sending in progress | Takeover possible |
| Acquia | .acquia-sites.com | If you are an Acquia Cloud customer | Takeover possible |
| ReadTheDocs | .readthedocs.io | unknown to Read the Docs | Takeover possible |
| LaunchRock | .launchrock.com | It looks like you may have taken a wrong turn somewhere | Takeover possible |
| Fly.io | .fly.dev | Application Not Found | Takeover possible |
| Render | .onrender.com | not found | Takeover possible |
| GitHub Pages | .github.io | There isn't a GitHub Pages site here | Patched |
| Heroku | .herokudns.com | No such app | Patched |
| Heroku | .herokuapp.com | No such app | Patched |
| Fastly | .fastly.net | Fastly error: unknown domain | Patched |
| Shopify | .myshopify.com | Sorry, this shop is currently unavailable | Patched |
| Tumblr | .tumblr.com | Whatever you were looking for doesn't currently exist at this address | Patched |
| Feedpress | .feedpress.me | The feed has not been found | Patched |
| Desk | .desk.com | Please try again or try Desk.com free for 14 days | Patched |
| Zendesk | .zendesk.com | Help Center Closed | Patched |
| UserVoice | .uservoice.com | This UserVoice subdomain is currently available | Patched |
| Unbounce | .unbounce.com | The requested URL was not found on this server | Patched |
| HubSpot | .hubspot.net | Domain not found | Patched |
| Webflow | .webflow.io | The page you are looking for doesn't exist | Patched |
| Netlify | .netlify.app | Not Found | Patched |
| Vercel | .vercel.app | not found | Patched |
| Firebase | .firebaseapp.com | The requested URL was not found on this server | Patched |
| Smartling | .smartling.com | Domain is not configured | Patched |
| Intercom | .custom.intercom.help | This page doesn't exist | Patched |
| AWS CloudFront | .cloudfront.net | The request could not be satisfied | Patched |
| Wix | .wixsite.com | Error ConnectYourDomain | Patched |