Subdomain takeover or subdomain hijacking refers to a technique by which “unused” subdomains can be made to point to a location of the attacker’s choice.

Technically, you could call it "domain hijacking," but that term has a broader meaning with the default connotation being a domain name’s registration being overtaken by an attacker.

Now, this is clearly problematic. If an attacker could show their webpage in lieu of

subdomain.yoursite.comthis can both affect your site’s reputation, and enable phishing attacks leveraging the legitimacy of your domain.

But how could this be?

If you own

example.com, you naturally have control over the domain and all of its subdomains.

Subdomain hijacking has to do with domains not currently in use. In other words, you created a subdomain and set its DNS record to point to a shared hosting account (which, by the way, includes services like, Amazon AWS, Azure, Tumblr, GitHub Gist pages, blogs, and other hosting platforms).

Later on, you deleted the hosted set up on the shared hosting end, but forgot to remove the DNS entry pointing to the shared hosting account.

Under normal circumstances, your subdomain would be unreachable and won’t show up anything. No harm done:

#domains #network-security #web-hosting #phishing-attacks #phishing #security