Subdomain Takeover
A vulnerability where an attacker gains control of a subdomain by claiming an unconfigured or abandoned external service it points to.
What is Subdomain Takeover?
What is Subdomain Takeover?
Subdomain takeover occurs when a DNS record (usually a CNAME) points to an external service (cloud hosting, CDN, SaaS platform) that has been decommissioned but the DNS record remains. An attacker can register the abandoned service endpoint and serve their own content on the victim's subdomain. This can be used for phishing (the URL looks legitimate), cookie theft, or credential harvesting. Prevention requires regular DNS audits to remove stale records pointing to decommissioned services.
Ready to secure your stack?
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.