Domain using Lets Encrypt certificate for phishing
This domain host a lot of phishing bank sites like

Thank you for your attention.

Let’s Encrypt has a dedicated email address used for these kinds of reports (it’s referenced in a post in the linked thread below), but please note that Let’s Encrypt’s policy is not to revoke certificates reported for phishing:

This post also links to a blog post explaining the reasons behind that policy

I went ahead and reported the domain to a number of services that block phishing sites (Google Safe Browsing, etc.)


For what it’s worth, an active phishing site on Google’s SafeBrowsing list won’t be able to issue a new certificate, but it’s not like phishing domains last 90 days anyway…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.