Certificates issued to persons or entities on the U.S. Treasury Department’s Specially Designated Nationals list

These 47 domains, present on the SDN list, seams to have unexpired unrevoked certificates issued by Let’s Encrypt:

https://crt.sh/?q=%.oboronlogistika.ru
https://crt.sh/?q=%.acidsazan.ir
https://crt.sh/?q=%.al-nour.net
https://crt.sh/?q=%.almaz-antey.ru
https://crt.sh/?q=%.aqsatv.ps
https://crt.sh/?q=%.baikalinc.ru
https://crt.sh/?q=%.banksepah.ir
https://crt.sh/?q=%.burgaz.ru
https://crt.sh/?q=%.consolstroy.ru
https://crt.sh/?q=%.daybankbroker.com
https://crt.sh/?q=%.diarioamanecer.com.mx
https://crt.sh/?q=%.dorstroycom.ru
https://crt.sh/?q=%.fiib.com.my
https://crt.sh/?q=%.gbpc.net
https://crt.sh/?q=%.goldenstar-co.com
https://crt.sh/?q=%.imsengco.com
https://crt.sh/?q=%.internet.ir
https://crt.sh/?q=%.investcapitalbank.ru
https://crt.sh/?q=%.irib.ir
https://crt.sh/?q=%.isleasingco.com
https://crt.sh/?q=%.khazarshipping.ir
https://crt.sh/?q=%.kk-pu.com
https://crt.sh/?q=%.kps-co.com
https://crt.sh/?q=moreship.ru
https://crt.sh/?q=%.morganme.com
https://crt.sh/?q=%.niip.ru
https://crt.sh/?q=%.omidrey.com
https://crt.sh/?q=%.ooosgm.ru
https://crt.sh/?q=%.ovlas-trading.com
https://crt.sh/?q=parsisotope.com
https://crt.sh/?q=%.phiolent.com
https://crt.sh/?q=%.pulseniru.com
https://crt.sh/?q=%.ramor.com.tr
https://crt.sh/?q=%.rncb.ru
https://crt.sh/?q=%.sharif.edu
https://crt.sh/?q=%.sinabank.ir
https://crt.sh/?q=%.sniperafrica.com
https://crt.sh/?q=%.star.ru
https://crt.sh/?q=%.sudocompozit.ru
https://crt.sh/?q=tadbirenergy.com
https://crt.sh/?q=%.tajco-ltd.com
https://crt.sh/?q=%.tidewaterco.com
https://crt.sh/?q=%.tmico.ir
https://crt.sh/?q=%.trans-flot.ru
https://crt.sh/?q=%.ukrport.org.ua
https://crt.sh/?q=%.unomasuno.com.mx
https://crt.sh/?q=%.zalivkerch.com

For completeness, those 20 seams to have recently expired certificates issued by Let’s Encrypt:

https://crt.sh/?q=%.ansarbank.com
https://crt.sh/?q=%.arian-bank.com.af
https://crt.sh/?q=%.atlassarafi.com
https://crt.sh/?q=%.bmi.ir
https://crt.sh/?q=%.cyberpolice.ir
https://crt.sh/?q=%.damavandpg.co.ir
https://crt.sh/?q=%.tmgic.ir
https://crt.sh/?q=%.kerchport.com
https://crt.sh/?q=%.genbank.ru
https://crt.sh/?q=%.gosbank.su
https://crt.sh/?q=%.ihu.ac.ir
https://crt.sh/?q=%.lolalolita.com
https://crt.sh/?q=%.mahantravel.com.my
https://crt.sh/?q=%.mbbru.com
https://crt.sh/?q=%.miguelleone.com
https://crt.sh/?q=%.nioc.ir
https://crt.sh/?q=%.rixointernational.com
https://crt.sh/?q=%.royalpearlchem.com
https://crt.sh/?q=%.transoil.com
https://crt.sh/?q=%.usareally.com

Related: https://community.letsencrypt.org/t/according-to-mcclatchydc-com-lets-encrypt-revoqued-and-banned-usareally-com/81517/10

Hi @josh, I think it’s your domain, if you have an opinion about it?..

This thread was just brought to my attention. We will look into this today. Thanks.

In the future please email security@ with SDN reports so we can respond more quickly.

2 Likes

Sorry, I didn’t think it could be an urgent matter, I will be careful next time!

Will you post an update once all these domains are checked and the certificates revoked if necessary? (I saw some were revoked since but not all)

All certificates for the domains you reported were revoked on the day of my initial comment here. Those domains are also banned from further issuance. This is standard procedure for SDN entity domains, once they are brought to our attention.

I confirm that all certificates related to reported domains are now revoked.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.