LOL escrow.com to scam ~~ ! wtf
Their domain is probably being hijacked…
P.S. April 1st isn’t today right?
Update:
I have no idea what’s going on but it seems like the authoritative DNS server should be the ones in Route53, not cloudns
Nameservers from WHOIS:
Nameservers:
NS-1497.AWSDNS-59.ORG
NS-159.AWSDNS-19.COM
NS-1656.AWSDNS-15.CO.UK
NS-882.AWSDNS-46.NET
Nameserver from nslookup:
ns31.cloudns.net
ns32.cloudns.net
From historical data, their NS only changed once (From Godaddy to Amazon Route53).
A record lookup showed two sets of IP addresses, one set for AWS EC2 machines and the other is Malaysia IP which already on some blacklist.
https://db-ip.com/111.90.149.49
https://db-ip.com/34.216.250.228
https://db-ip.com/52.25.161.57
Four certificates were issued today and hasn’t been revoked yet: https://crt.sh/?q=Escrow.com&iCAID=16418
Their regular certificates were issued from Globalsign and Amazon…
Tagging @lestaff for further information…
Thank you
Can you email details to cert-prob-reports@letsencrypt.org and we’ll have someone take a look?
i not sure how to gather up the details ? what kind of details need
If you don't have other ideas maybe you could just send in a narrative of your observations and a link to @stevenzhu's data from this thread at
That would be a good start!
Thank you all for bringing this to our attention and for gathering helpful information. We have @stevenzhu’s cert-prob-report, and we have additionally received a cert-prob-report from someone @escrow.com , so we should now have everything we need to determine an appropriate path. Thank You!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.