Subdomain Takeover via GitHub Pages - dev.example.com

A subdomain takeover risk was detected on dev.example.com. The subdomain points to a GitHub Pages CNAME (github.io) that may be claimable if the target repository or GitHub Pages site has been removed.

The subdomain currently resolves to:

• •username.github.io (or similar *.github.io CNAME)

If an attacker claims the orphaned GitHub Pages site:

• •Host malicious content on your subdomain (dev.example.com)
• •Phishing and credential theft — attackers can serve fake login pages on a trusted hostname
• •Reputation damage and loss of user trust
• •Bypass security policies that allowlist your domain
• •Intercept sensitive data if users submit forms or credentials on the subdomain

This is a high-severity finding because it allows an attacker to fully control content served on a subdomain under your domain.

Check CNAME record:

dig dev.example.com CNAME +short

If the result points to *.github.io, verify in GitHub whether the target Pages repository exists and is controlled by your organization. If the repo or Pages site has been deleted, the subdomain is vulnerable to takeover.

• •Remove the CNAME (if subdomain is not needed): Delete the dev.example.com DNS record or point it to a valid destination.
• •Reclaim the subdomain (if needed): Create or restore the corresponding GitHub Pages repository under your GitHub organization, or migrate the subdomain to a service you control and configure the correct CNAME.