My hijacked subdomain

My dormant subdomain was recently hijacked, redirecting it to a online gamble registration page. Subdomain hijacking or subdomain takeover refers to redirecting unused subdomains to the attacker’s chosen location.

So when opening my subdomain, for example, it shows content from the attacker, which is online gambling registration.

To address this, I must update my DNS settings. The original setting had my subdomain pointing to a broken Github Pages, so I needed to point it to a valid target.


Target: <github pages url>


Target: <other valid URL>

DNS Mapping Tool

To prevent subdomain hijacking, in addition to checking the DNS from your registrar, you can use a tool called DNS Dumpster. DNS Dumpster is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from the attacker’s perspective is an important part of the security assessment process.

Remember to monitor your subdomain targets or delete unused ones.