Dormant

Dormant Section

This section highlights inactive or abandoned subdomains linked to the main domain. These are assets that no longer respond or have not been active for a long time, yet they still exist in DNS records. Dormant subdomains can be a serious security risk because attackers often target them for takeover.

🔹 Main Table Breakdown (Center Panel)

  • Subdomain

    • Lists the exact dormant subdomain detected by the system.

    • Example: lyncdiscover.example.com, sip.example.com, webmail.example.com.

    • For the domain example.com, it could include inactive assets like oldpanel.example.com.

  • IP Address

    • In the Dormant section, the IP column is always shown as N/A.

    • This is because these subdomains do not currently resolve to any active IP address.

    • Unlike active subdomains, the platform does not retain or display the “last seen” IP here the purpose is to highlight that the subdomain is unlinked and potentially forgotten.

  • ASN Ownership

    • Normally indicates which organization owns the IP (e.g., Cloudflare, AWS).

    • For dormant subdomains, this also appears as N/A, since no live IP is present to resolve ownership.

  • Status

    • Always marked as Inactive (red label).

    • Confirms that the system could not detect recent responses or activity from the subdomain.

  • Last Scan

    • Displays the last time the subdomain was checked.

    • Example: 1 year ago for lyncdiscover.example.com or 5 months ago for campaigns.example.com.

🔹 Filters (Top of Section)

  • Subdomain Filter → lets you narrow results to a specific subdomain (e.g., sip.example.com).

  • ASN Ownership Filter → filters dormant assets by the organization that previously owned the IP.

  • Search Bar → keyword search to find a dormant asset quickly.

  • Export Button → downloads a list of dormant assets for reporting or further analysis.

⚠️ Why It Matters

Dormant assets are often forgotten by IT teams, but:

  • They may still point to external providers.

  • If attackers register expired services, they can hijack the subdomain.

  • They can be used for phishing, malware distribution, or bypassing security controls.

PreviousIPsNextPorts

Last updated

Was this helpful?