Skip to main content
短.be

Subdomain Takeover

An attack where a third party hijacks a subdomain with orphaned CNAME records, exploiting the trust of the legitimate domain.

Jan 9, 2026 · About 1 min read

Security

Subdomain takeover occurs when a DNS subdomain points to a decommissioned external service (like a cloud platform or CDN), allowing an attacker to claim that service endpoint and serve malicious content under the victim's domain. Vulnerable configurations include CNAME records pointing to unclaimed cloud storage buckets, deleted Heroku apps, or expired CDN distributions. Attackers register the abandoned resource and gain control of content served on the subdomain. URL shortening services using custom domains must guard against subdomain takeover. If a customer cancels their custom short domain but leaves DNS records pointing to the shortener's infrastructure, the service must prevent other users from claiming that domain's namespace. Proper deprovisioning workflows and dangling DNS detection are essential security controls.

Share on XHatena

Was this article helpful?

Related Terms

Subdomain

A prefix added before the main domain name, used to organize different sections or services of a website.

CNAME Record

A DNS record that maps one domain name to another, commonly used to point custom domains to URL shortening services.

DNS Resolution

The process of translating a human-readable domain name into the IP address of the server hosting the website.

Custom Domain

A privately owned domain name used with a URL shortening service instead of the service's default domain.

Certificate Transparency

A framework for monitoring and auditing SSL/TLS certificates to detect misissued or fraudulent certificates.

Wildcard DNS

A DNS configuration that uses an asterisk (*) to point all subdomains to a single IP address with one record, enabling efficient management of large numbers of subdomains.

Related Articles

Short URL Security Guide - Best Practices for Safe Link Sharing

A comprehensive guide to short URL security best practices. Understand the risks and learn how to share links safely and responsibly.

How to Spot and Prevent Phishing Attacks Using Short URLs

Learn to identify phishing attempts that exploit short URLs. Practical tips for protecting yourself and your organization from link-based scams.

Self-Hosting a URL Shortener: Full Link Control

Explore the benefits and challenges of running your own URL shortening service. Covers open-source tools, serverless architecture, and cost-performance tips.

Ready to create a short URL?

Shorten a URL for Free