With the recent findings by Google’s Project Zero with regard to sites hosted at Cloudflare being vulnerable to an attack dubbed Cloudbleed, there has been a lot of talk about which sites might be in scope for this attack and which users of those sites should be concerned. This has widespread implications for passwords, secret questions/answers, credit cards, API keys, etc.

People have been helpfully attempting to find the total list of domains that are in scope since it wouldn’t behoove Cloudflare to out their customer list. For instance this Github page lists 4,288,852 Cloudflare sites that are potentially in scope.

Using OutsideIntel I was able to uncover that same number plus an additional 1,030,501 sites that are potentially in scope. In total that comes to 5,319,353 domains (about a 24% increase).

You can download the master list here (27M gzip compressed format). It contains both lists de-duped into one master list. If you are running a Linux derivative you can check the sites you are interested in by doing something like:

$ egrep -Z "\.tanium\.com$" cloudflare-list.txt.gz
content.tanium.com
forums.tanium.com
kb.tanium.com
www.tanium.com
$

I hope that’s helpful! Please change your passwords, secret questions and answers, API keys, etc. for any sites you deal with within this list, just to be safe.

Want to learn more about your IT assets, or those of your competitors, customers, vendors, partners, etc? Click here to get access to OutsideIntel.