Skip to main content


Home Domain shadowing

Domain shadowing

Domain shadowing definition

Domain shadowing is a subcategory of DNS hijacking that involves the stealthy creation of malicious subdomains under already-compromised domain names. After the malicious subdomains are created, attackers use them to conduct malicious activity, like creating malicious web pages on the attackers’ servers.

During domain shadowing, the domain owner’s DNS records and web pages don’t get changed, which is why most victims of domain shadowing don’t even realize that they have been breached at all.

To conduct domain shadowing, hackers first get access to a domain owner’s account via dictionary, phishing, or other type of cyberattack.

Then they create as many subdomains as they want without changing the domain owner’s DNS records to avoid detection.

Hackers can use the malicious subdomains they created to host phishing websites, distribute malware, engage in cryptojacking, and redirect users to other malicious websites.

See also: DNS hijacking, DNS record

Domain shadowing protection

  • Regularly perform domain checks.
  • Use strong, unique passwords on domain accounts.
  • Enable two-factor authentication (2FA) on domain accounts.
  • Be careful about which links are clicked because they can lead to phishing attacks that give hackers access to a domain owner’s account.
  • Avoid websites that don’t start with “https” because they aren’t secured and may contain viruses or malware.
  • Avoid clicking on pop-ups.