A subdomain takeover occurs when an organization has a DNS record (typically a CNAME record) pointing to an external service provider (such as GitHub Pages, AWS S3, Heroku, or Zendesk) that has been deleted or unclaimed. An attacker can register an account with that provider and claim the subdomain, enabling them to host malicious code under your official brand name.
To resolve this vulnerability, follow these config changes or developer practices:
After applying the remediation, run an external attack-surface scan to verify that the vulnerability is no longer detected by WebScanify.
Run a free security scan now to identify missing headers, outdated JS, and other deployment vulnerabilities.