TMCnet Feature
February 22, 2021

What Is a Subdomain? A Look at the Good and Bad Use Cases

You might be wondering why you sometimes see blog[.]example[.]com and shop[.]example[.]com on your browser. These are examples of subdomains and, in this post, we explored what is a subdomain and their use cases—both the good and the bad.

What Is a Subdomain?

A subdomain is a child of a main or root domain that keeps websites organized. The subdomain store[.]yourwebsite[.]com, for instance, is a subdomain of yourwebsite[.]com. Subdomains are quite helpful, as they allow you to divide your websites into different sections, among other uses. In fact, you can create as many subdomains as you need.

However, threat actors are also known to ride on the functionalities of subdomains to launch cyber attacks.

Constructive Usage of Subdomains

Now that you know what is a subdomain, you may already have an idea on how it is used. Below are some of the positive ways subdomains help organizations.

Assign Aliases to Different Servers

Before the emergence of the World Wide Web, subdomains were used (and are still used) to help organizations identify the specific function of the Internet. For example, they use ftp[.]yourwebsite[.]com to point to a company’s File Transfer Protocol (FTP) server, and smtp[.]yourwebsite[.]com for its outbound email server.

When the World Wide Web was created in the early 1990s, the subdomain www[.]yourwebsite[.]com was used for the organization’s web server. These days, some websites have already dropped the www subdomain.

Allow Clients to Manage Services Independently

Web service providers assign subdomains to their clients so they can manage their accounts. The e-commerce provider Etsy (News - Alert) is a good example. When you create an account with Etsy, you will be assigned an Etsy subdomain (e.g., shopname[.]etsy[.]com). To further illustrate, let’s use the subdomain lookup tool by WhoisXML API to see some examples of Etsy subdomains.

Aside from Etsy, you would typically see Zendesk, WordPress, Netlify, and other web service providers assign subdomains to their clients.

Organize Websites

Among the most common uses of subdomains is to organize websites. Here are a few widely used subdomains for websites:

  • blog[.]yourwebsite[.]com to host blogs
  • shop[.]yourwebsite[.]com dedicated to a site’s online shop
  • help[.]yourwebsite[.]com for the company’s help center
  • login[.]yourwebsite[.]com where customers can log in

Target (News - Alert) Different Audiences

Subdomains can also provide targeted content to different audiences, which is specifically helpful to global companies that have non-English-speaking customers. Wikipedia, for instance, has subdomains for every language available on the site, such as the following:

  • en[.]wikipedia[.]org (English)
  • es[.]wikipedia[.]org (Spanish)
  • de[.]wikipedia[.]org (German)
  • id[.]wikipedia[.]org (Indonesian)

Malicious Uses of Subdomains

In a perfect world, subdomains can only be used to benefit an organization and its clients. But in reality, threat actors can abuse subdomains for their malicious campaigns. Here are some ways subdomains can be maliciously used.


Phishers have learned to use subdomains in their campaigns. In November 2020, for instance, they were seen using redirector websites with custom subdomains for the target. The subdomains would include the recipient’s username and the company’s domain name to make the email appear legitimate.

For example, if the target is someone named Bob who is working for Your Company, the subdomain would look something like this: bob[.]yourcompany[.]abc[.]com where “abc” is any domain name.

Domain Shadowing

In some instances, cybercriminals don’t need to use the target’s username and company domain name in the malicious subdomains. Instead, they would try to gain access to a legitimate domain and create random subdomains for use in malicious campaigns.

Here is an example: If threat actors can access weebly[.]com and create malicious subdomains, such as emalloffice[.]weebly[.]com (WARNING: this was found to be a valid phish on Phishtank so do not vist), they would often attempt to evade content filters since Weebly is a legitimate web hosting service.

Subdomain Takeovers

Threat actors can quickly take over a subdomain, especially those that are not adequately protected. What they can do to start with is look for subdomains that return a 404 error page, then they can add it to their repository. At this point, they can host their own content on the subdomain.


As you can see, subdomains are a double-edged sword. They can be used for the good of an organization, but threat actors can also use them for nefarious activities. For this reason, constant monitoring of subdomains is recommended to ensure that they are well-protected and updated.

» More TMCnet Feature Articles


» More TMCnet Feature Articles