LOL escrow.com to scam ~~ ! wtf
Their domain is probably being hijacked…
P.S. April 1st isn’t today right?
I have no idea what’s going on but it seems like the authoritative DNS server should be the ones in Route53, not cloudns
Nameservers from WHOIS:
Nameservers: NS-1497.AWSDNS-59.ORG NS-159.AWSDNS-19.COM NS-1656.AWSDNS-15.CO.UK NS-882.AWSDNS-46.NET
Nameserver from nslookup:
From historical data, their NS only changed once (From Godaddy to Amazon Route53).
A record lookup showed two sets of IP addresses, one set for AWS EC2 machines and the other is Malaysia IP which already on some blacklist.
Four certificates were issued today and hasn’t been revoked yet: https://crt.sh/?q=Escrow.com&iCAID=16418
Their regular certificates were issued from Globalsign and Amazon…
Tagging @lestaff for further information…
Can you email details to firstname.lastname@example.org and we’ll have someone take a look?
i not sure how to gather up the details ? what kind of details need
If you don’t have other ideas maybe you could just send in a narrative of your observations and a link to @stevenzhu’s data from this thread at
That would be a good start!
Thank you all for bringing this to our attention and for gathering helpful information. We have @stevenzhu’s cert-prob-report, and we have additionally received a cert-prob-report from someone @escrow.com , so we should now have everything we need to determine an appropriate path. Thank You!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.