Subdomain rotation is a technique used to frequently change the subdomains (the part before the main domain name) of a website or online service. This approach is often employed to evade detection, blocking, or filtering by security systems such as firewalls, web filters, or anti-abuse tools. By rotating subdomains, malicious actors can make it harder for defenders to blacklist or track their activities, as each new subdomain may appear as a fresh, unrecognized address. While subdomain rotation is commonly associated with cyberattacks, it can also be used for legitimate purposes, such as load balancing or distributing network traffic.