Fantastic escrow.com using lets encrypt to scam

LOL escrow.com to scam ~~ ! wtf

Untitled|690x362

Their domain is probably being hijacked…

P.S. April 1st isn’t today right?

Update:
I have no idea what’s going on but it seems like the authoritative DNS server should be the ones in Route53, not cloudns

Nameservers from WHOIS:

Nameservers:
NS-1497.AWSDNS-59.ORG
NS-159.AWSDNS-19.COM
NS-1656.AWSDNS-15.CO.UK
NS-882.AWSDNS-46.NET

Nameserver from nslookup:

ns31.cloudns.net
ns32.cloudns.net

From historical data, their NS only changed once (From Godaddy to Amazon Route53).

A record lookup showed two sets of IP addresses, one set for AWS EC2 machines and the other is Malaysia IP which already on some blacklist.

https://db-ip.com/111.90.149.49

https://db-ip.com/34.216.250.228
https://db-ip.com/52.25.161.57

Four certificates were issued today and hasn’t been revoked yet: https://crt.sh/?q=Escrow.com&iCAID=16418
Their regular certificates were issued from Globalsign and Amazon…

Tagging @lestaff for further information…

Thank you

2 Likes

Can you email details to cert-prob-reports@letsencrypt.org and we’ll have someone take a look?

2 Likes

i not sure how to gather up the details ? what kind of details need

If you don’t have other ideas maybe you could just send in a narrative of your observations and a link to @stevenzhu’s data from this thread at

That would be a good start!

Thank you all for bringing this to our attention and for gathering helpful information. We have @stevenzhu’s cert-prob-report, and we have additionally received a cert-prob-report from someone @escrow.com , so we should now have everything we need to determine an appropriate path. Thank You!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.