There was recently a data breach of Credit Card numbers on VisionDirect.co.uk - see here https://twitter.com/troyhunt/status/1064069833967337472
The attack vector appears to be a faked google analytics plugin that was hosted on the
g-analytics.com domain and contained a keylogger.
The domain has since been suspended, but part of why this worked appears to be that Comodo issued a HTTPS certificate - https://crt.sh/?q=g-analytics.com
I know LetsEncrypt has a blacklist of domains that are not allowed. Most are brands and financial institutions. I wanted to open this thread to suggest that popular plugins and their name variants be included as well.