Back to Glossary

Glossary Term

Zombie Subdomains

Forgotten subdomains that still exist in DNS invite takeover attempts.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Zombie Subdomains

1-minute read

What it is

Zombie Subdomains are inactive or forgotten subdomains that still point to decommissioned services, third-party apps, or cloud resources.

Why it matters

They are prime targets for subdomain takeover attacks, letting adversaries host malicious content or harvest credentials under a trusted domain.

How to reduce risk

Continuously scan DNS records and certificate transparency logs for stale subdomains
Remove unused subdomains or update DNS when services are retired
Automate checks whenever infrastructure or SaaS resources are decommissioned

Related Terms: Subdomain Takeover, Dangling DNS Record, Attack Surface Discovery

External Resources:

OWASP – Subdomain Takeover Overview: https://owasp.org/www-community/attacks/Subdomain_takeover