Hosts & Infrastructure
The Hosts section displays all subdomains and infrastructure discovered through BleedWatch's asset discovery scans. It provides visibility into your public-facing attack surface.
What BleedWatch Discovers
For each domain asset you configure, BleedWatch performs subdomain enumeration and service fingerprinting. Each discovered host record includes:
| Field | Description |
|---|---|
| Subdomain | The fully qualified domain name (e.g., api.yourcompany.com) |
| Root Domain | The parent domain (e.g., yourcompany.com) |
| HTTP Status | The HTTP response code from probing the host |
| HTTP Title | The page title returned by the web server |
| Tech Stack | Technologies detected (e.g., Nginx, React, Node.js) |
| Resolved IPs | IP addresses the hostname resolves to |
| CNAME | Canonical name record, if any |
| TLS Status | Certificate validity, expiry, and issuer |
| First Seen | When BleedWatch first discovered this host |
| Last Seen | When the host was last confirmed active |
TLS Certificate Monitoring
BleedWatch tracks TLS certificate status for every discovered host:
| Status | Color | Meaning |
|---|---|---|
| Valid | Green | Certificate is valid with more than 30 days until expiry |
| Expiring | Yellow | Certificate expires within 30 days |
| Expired | Red | Certificate has already expired |
| Self-signed | Yellow | Certificate is not issued by a trusted CA |
Expired or self-signed certificates on public-facing hosts are security findings that can erode customer trust and indicate potential misconfigurations. Address these promptly.
Disappeared Hosts
When a previously discovered host no longer resolves or responds, BleedWatch marks it as Disappeared with a red "Gone" indicator. This can indicate:
- A subdomain was decommissioned
- DNS records were removed
- A potential subdomain takeover opportunity (if the CNAME still points to an unregistered service)
Pay close attention to disappeared hosts that still have CNAME records pointing to external services (e.g., cloud platforms, CDNs). These may be vulnerable to subdomain takeover attacks.
Filtering Hosts
Use the root domain filter to narrow the host list to a specific parent domain. This is useful when you monitor multiple domains and want to focus on one at a time.
Host Detail Page
Click any subdomain to open the detail page, which provides:
- Full DNS resolution details (IPs, CNAME chain)
- Complete technology stack fingerprint
- TLS certificate details (issuer, expiry date, chain)
- Historical scan timeline (first seen, last seen, disappeared)
- Associated vulnerabilities for this host
How to Get Started
- Navigate to Assets and add a Domain asset (e.g.,
yourcompany.com) - Set the scan frequency (hourly, daily, or weekly)
- Wait for the first discovery scan to complete
- Return to Hosts to see discovered subdomains
Troubleshooting
No Hosts Discovered
If the hosts list is empty:
- Verify you have added at least one Domain type asset in Assets
- Check that the asset is set to Active monitoring
- Allow time for the first discovery scan to complete
- Some domains with restrictive DNS configurations may yield fewer results
Host Shows Wrong Tech Stack
Technology fingerprinting is based on HTTP response headers, HTML content, and JavaScript signatures. It may not detect backend technologies that are not exposed in responses. Results improve with each scan cycle.