The obvious
So how about a list of relevant Autodiscover domains that don't belong to Guardicore, and some idea of who owns them?
This is one exploit that should be relatively easy to trace. At the very least it might shine some light on the practices of the domain registration industry.