This is what many of the compromised subdomain homepages look like — “coming soon” type pages in different languages…

Continued from Twitter… please read this thread before engaging… Crowdsourcing research project ahead!

Please be extremely careful with the subdomains listed below — many of these are still compromised. If you find a compromised subdomain, please consider reaching out to anyone at that organization who could take down the subdomain.

Ping me @thezedwards on Twitter and i’ll help with whatever I can. If you are an organization who doesn’t want to be on this list, ping me and i’ll see what I can do.

Please consider this a public service — I’m trying to get get these subdomains fixed as soon as possible, provide a resource for security organizations to find and report more of these compromises, and as of publishing time, many of the organizations who have compromised subdomains listed below, haven’t taken action, which puts their users at risk for compromises.

Here’s a solid article on the technical realities that exist when a subdomain is compromised via this type of CNAME mapping…

All organizations should make it a top priority to clean up these compromised subdomains!

Current List of July 2020 Compromised PaF Subdomains

360stage.stahls.com

analytics.glamst.com

b2btdc.pandora.net

beta-invited.slh.com

ccc.blockshipping.io

champions-d-content.generalmills.com

chat.celcom.com.my

cine.naturgy.es

cloudpilotsg.cloudatlasinc.com

costwell.chevron.com

demo.booktrack.com

drweb.commscope.com

elevate17.bittitan.com

eperfectlaunchdev.optum.com

farmtoschoolmap.georgiaorganics.org

findyourstyle.fisherpaykel.com

game.autoshow.ca

gifts-uat.unrefugees.org.au

greathallcontacts.flydenver.com

hippotalk.total.com

devagileblog.acuitybrandslighting.net

devoddsapi.wallstreetenglish.com

dvsm-uat.gsk.com

es-stgics-avm.jll.com

returns.americas.pandora.net

www.iknow.dr.cch.com.au

m.macaronigrill.com

map.carlgross.com

mobile-beacons.clearchannel.co.uk

mobile.hullcitytigers.com

mobile.stratasys.com

old.deleteagency.com

oneanalytics.capita-one.co.uk

partners.honeygroup.co.uk

pay.willassociates.co.uk

peerwatch.complianceweek.com

portfolio.theglobalfund.org

ppkpi.cbre.com

prdmarep.udtrucks.com

prod.vallen.ca

production.go-dove.com

pwcs-grants.pwcs.edu

recommendations.govx.com

secure.openenergymarket.com

sfgateway-prod-east-api.carmax.com

sportsfirstaid.redcross.org.uk

sso-api-poc.mybswhealth.com

stage.cleanwithkeystone.com

staging.auth.idahopower.com

stagingcms.johnsoncontrols.com

storetool.albertsons.com

storetool2.albertsons.com

ticari.mercedes-benz.com.tr

voar-tracking.volvo.com

wiki.gibson.com

wine.mydexrewards.com

wisent.mitt.ru

wisent.mosbuild.com

www.app.ahvoila.com

www.sensformer.cloud.siemens.com

xlcatlin.leopard-np.swissre.com

trace.accenthealth.com

linode.hki.org

advanced.core.freeflow.xerox.com

nucleus.robomateplus.com

quantumleap.pason.com

un1cdp01.uno.adt.bms.com

booking.ramadadowntowndubai.com

login.ec.co

b2b.absoluteboardco.com

pfp-int.az-bots-gre-projets.viseo.com

dashboard.adsninja.com

scm.ordermanagement-test.maersk.com

maps.foundationcenter.org

www.thevillagesatpinevalley.com

itpolicies.ycp.edu

www.summary.batransfer.com

chat.fnv.nl

dev-cd-infocenter.ryder.com

myob-multi-dc-sit-singapo-cfs-v1.myob.com

www.loveisajourney.proflowers.com

www.satisfaction.darty.com

internationalservicesstage.rrd.com

detectionapp.3m.com

pspapimgmt-test.premera.com

b2bapi-service-acc.snelstart.nl

aem.herbalife.com

v2.basic.net

usersapipre.vertele.eldiario.es

onespie.spie.de

applications.wirralccg.nhs.uk

beta.pksinvest.com

site.chopup.me

tevatogostgrw.tevapharm.com

thweb-azure.teknikhuset.se

nexarc1service.kemin.com

ohmy.disneylatino.com

sccmclouddp.providence.org

sitgbapi.globalblue.com

qcsampler.genpact.com

geaux.lsufoundation.org

apps.technologydev.ihs.com

storelocator.dtc.newbalance.com

football.swisslife.ch

inflightentertainment.sas.no

connected.virginaustralia.com

inhabit-portal.arkadium.com

beta.auic.org

iot-accelerator-dev2.ddm.iot-accelerator.ericsson.net

api.elfcosmetics.com

accessderm.aad.org

cmclouddpsgsin.autodesk.com

search.us.epg.toshiba.com

uoncmgtst.newcastle.edu.au

blog.codercamps.com

members.i.playboy.com

zew-api.travelport.com

aicpasccm.aicpa.org

smartusw-sts.gep.com

hatchery.entrepreneurial-spark.com

bmsazure.elas.uk.com

referencement.levio.ca

iq.aecom.com

a.eage.org

poc9.icertis.com

uat.ovhq.msc.com

tibco-service-dev.usga.org

icqa.skillsinsight.honeywell.com

members.ussvi.org

associate.myfortisonline.com

acdadmin-tng.aia.org

demo06.mediusflow.com

myaccount.scottish-enterprise.com

nw-b.ecolab.com

members.dotnetfoundation.org

automation.pg.com

mclambda-devtest.cpsextsandbox.mayo.edu

dev.forsyteit.com

testazure.drivetime.com

ve-service.genecards.org

ahbeardweb.microsoftcrmportals.com

wordpress-itec.azurewebsites.net

qa.api.sapaccess.warnerbros.com

stpaul.partnerinhousing.com

dashboard.boostup.com

docs.cms.orckestra.com

ecmcmg.broadinstitute.org

cms.facilitiessurvey.com

dev1.mdlive.com

aauw-ampostdoc.scholarsapply.org

tge.tradeglobal.com

mobile.apply4housing.com

my.disciplesmade.com

quote.model.healthmarkets.com

dev.connectedservices.emerson.com

connect.atslab.com

training.trin.net

stgwww.ispeedyloans.com

mossupport.mcd.com

prepd-sitecore.solr.arm.com

spaspera.cloud.jci.com

uopxcmg2.phoenix.edu

staging-consulting-covid19.euromonitor.com

mail.somersetcm.com

dev.salesforce.integration.plex.com

https:full-service-suite.ch

cart.perseusacademic.com

testwebservices.hawaiianairlines.com

timesheets.cfed.org

library.inthehand.com

www.rmspecialstamps.com

sessions.digitalwpc.com

staging.ecofastensolar.com

innovapulse.innovasi.com

uk.ziraat.turkline.com

rldp.redlobster.com

test-cbreitp.intrepid.cbre.com

go.daymarksi.com

test.lark-it.com

dynamicsac.perficient.com

voyager-dev.kindred.com

acsdonateadmintrain.cancer.org

prixmnbawards.musicnb.org

nlgsccmconnect1.nationallife.com

create.cakesbyron.com

www.mitanorifusa.com

dev-oms-logistics.pvh.com

sts.hgem.com

gettyclouddp1.gettyimages.com

training.iverson.com.my

secure.web.powerapps.com

cb.us.stg.cloud.im

press.desigual.com

architectuur.cibg.nl

myusa.veinteractive.com

qa.boh.com

xlcatlin.leopard-np.swissre.com

blog.washingtonstem.org

apps.invictusgames2017.com

test.scandichotels.de

sccm-dp.acuitybrands.com

fnmaxcmgdp.fanniemae.com

survive.infocomm.org

op.elfcosmetics.com

leprdsccmdistpteuwest.lincolnelectric.com

cms.answersmediainc.com

cloudsolvportal.synnex.com

uatstandby-www.cushmanwakefield.com

emergencyresponse.bristowgroup.com

thor.mdlive.com

clouddp01.lamresearch.com

autoattendantservicesqa.incontact.com

microsoft.icertis.com

devpmforecaster.cbre.com

tastings.neudesic.com

b2bws.julian-fashion.com

apimcustomapi-dev.azure.chevron.com

analytics.donorperfect.net

ecom-qa-nl.bambonature.com

s-sccmdp-cloud01.loandepot.com

tra.g4s.com

remote.packtech.dk

qaappcenterng.deloitteresources.com

apps.fullertonhealth.com

smoke1.remix3d.com

onesiteportal-stage.rrd.com

cdn02.empiretoday.com

easishare.bruker.com

football.swisslife.ch

seminario.iipe.unesco.org

cityofcalgarycmg.calgary.ca

dailysales.brownjordan.com

staging.capturetech.com

media.antenna.gr

doc.bootes.co

am.us.rothschildandco.com

candidate.responsivehr.com

lti.intelequia.com

api.longbow.bonusxp.com

tuap.teamusa.org

rss-prototype.bd.com