Certificate abuse report: Active phishing domains using LE certs

Help
1

Hello Let's Encrypt team,

I am reporting the following domains that are using Let's Encrypt certificates to conduct phishing and trademark infringement against the legitimate Indian logistics company "DTDC Packers and Movers":

FRAUDULENT DOMAINS:

- dtdcpackermovers.com
- online.dtdcqatar.com  
- dtdcpackersmovers.com
- dtdcpackernmovers.com
- dtdcmovers.com

ABUSE TYPE:
These domains use typosquatting to deceive customers into submitting personal and payment information. The SSL certificates provide false security indicators (padlock icon) facilitating the fraud.

EVIDENCE:

  • Screenshot evidence available
  • WHOIS records show recent registration dates (Jan-Oct 2025/2026)
  • Active collection of PII confirmed

REQUESTED ACTION:
Please review these certificates for revocation under CPS Section 4.9.1.1 regarding high-risk/fraudulent use.

Thank you.

2

Thanks for the report. Our current policy does not allow us to revoke certificates based on the content of websites, including for suspected phishing, malware, fraud, abuse, or otherwise objectionable content.

We recommend reporting such sites to Google Safe Browsing and the Microsoft Smart Screen program, which are able to more effectively protect users. Here are some reporting URLs:

https://safebrowsing.google.com/safebrowsing/report_badware/
https://safebrowsing.google.com/safebrowsing/report_phish/
https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site-guest

If you’d like to read more about our policies and rationale, you can do so here:

5 Likes