A subdomain takeover vulnerability occurs when a malicious attacker is able to claim a subdomain from a legitimate site. Once the attacker controls the subdomain, they either serve their own content or intercept traffic.
To understand how a subdomain takeover vulnerability works, we’ll first need to look at how you register and use domain names. Domains are the URLs that access websites, and they’re mapped to IP addresses by Domain Name Servers (DNS). Domains are organized as a hierarchy, and each part is separated by a period. The final part of a domain—the rightmost part—is a top-level domain