In our talk, we evaluate the impact of registering domain suffixes that are defined in various network and router configurations, yet still available for public registration. We also explore the feasibility of performing man-in-the-middle attacks against users, and present our findings on the observed widespread behaviour of default domain suffixes (hundreds of suffix-domains observed and possibly more), as well as redacted capture d traffic containing sensitive data from different companies. Data seen include user credentials, NTLM hashes, internal file paths, and assorted HTTP requests. Thousands of affected entities range from educational institutions, to public infrastructure, to private firms, and hardware manufacturers. Several Fortune 100 companies have also accepted our reports and have mitigated the risks. We will share threat hunting plans for companies to detect information leakage arising from this, along with remediation plans to prevent internal traffic from being leaked.