Let´s Encrypt certificate used for phishing domain name, what to do?

bias · April 23, 2023, 7:18am

Not my domain, domain name used for phishing: deutschepost-tracking.de:
This domain has a valid letsencrypt certificate and is used for phishing.
I received an SMS with the link to this website and and parcel tracking number

When visiting this website in a sanitized browser, it looks identical to the official website, asks for customer information then a page for payment with credit card.

What to do ?

JamesLE · April 23, 2023, 7:20am

Please see: The CA's Role in Fighting Phishing and Malware - Let's Encrypt

bias · April 23, 2023, 10:54am

OK I get the point.

So, I notified safebrowsing.google.com about this website / domain
There is not much else to do if I get it right.

griffin · April 23, 2023, 4:38pm

Bruce5051 · April 23, 2023, 6:16pm

See Is there a way to report bad actors? - #2 by Nummer378 as this answer the question

Bruce5051 · April 23, 2023, 9:17pm

Here is WHOIS Service for the domain name deutschepost-tracking.de; that may help as a starting point for filling reports and stopping them.

I got this information:

% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.denic.de

domain:       DE

organisation: DENIC eG
address:      Theodor-Stern-Kai 1
address:      Frankfurt am Main 60596
address:      Germany

contact:      administrative
name:         Vorstand DENIC eG
organisation: DENIC eG
address:      Theodor-Stern-Kai 1
address:      Frankfurt am Main 60596
address:      Germany
phone:        +49 69 27235 0
fax-no:       +49 69 27235 235
e-mail:       ianacontact@denic.de

contact:      technical
name:         Business Services
organisation: DENIC eG
address:      Theodor-Stern-Kai 1
address:      Frankfurt am Main 60596
address:      Germany
phone:        +49 69 27235 272
fax-no:       +49 69 27235 234
e-mail:       dbs@denic.de

nserver:      A.NIC.DE 194.0.0.53 2001:678:2:0:0:0:0:53
nserver:      F.NIC.DE 2a02:568:0:2:0:0:0:53 81.91.164.5
nserver:      L.DE.NET 2001:668:1f:11:0:0:0:105 77.67.63.105
nserver:      N.DE.NET 194.146.107.6 2001:67c:1011:1:0:0:0:53
nserver:      S.DE.NET 195.243.137.26 2003:8:14:0:0:0:0:53
nserver:      Z.NIC.DE 194.246.96.1 2a02:568:fe02:0:0:0:0:de
ds-rdata:     26755 8 2 f341357809a5954311ccb82ade114c6c1d724a75c0395137aa3978035425e78d

whois:        whois.denic.de

status:       ACTIVE
remarks:      Registration information: http://www.denic.de/

created:      1986-11-05
changed:      2023-04-04
source:       IANA

schoen · April 24, 2023, 7:23am

You can search for it at

https://www.denic.de/webwhois/?lang=en

This yields the following contact form to submit a complaint (I don't know if the registrar is DENIC and they'll investigate the complaint directly, or if only the registry is DENIC and they'll forward the complaint to the registrar).

Abuse Contact

system · May 24, 2023, 7:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.