I think it heavily depends on what az.mastercard.com actually is or does.
Receiving email directed to x@mastercard.com doesn't sound right, since this is only a subdomain of unknown(to me) use. TLS? Probably, but again, the risk depends on what it is, and wouldn't affect users visiting 'mastercard.com.'
Without saying too much, I can tell you that this is no obscure subdomain. That traffic he showed represents the gateways for almost all web traffic into Mastercard solutions that run on Azure.
Also, if you knew the culture in there, you would appreciate the extreme irony of them making a mistake like this.
loading story #42821322
I think the idea was that because this typod domain was being used behind the CDN, you could trick mastercard.com (that uses the CDN) somehow to serve from the hijacked domain that was misconfigured at the CDN.
At least that's my guess, but it's not super clear what attacks would be possible here.
loading story #42796711
{"deleted":true,"id":42803537,"parent":42795295,"time":1737637166,"type":"comment"}