Phishing site use your certificate

What should I do if your certificate is used on a phishing site?
serial number of the certificate 04e71d1f501bf303636b65a665da1a1e1132
Original site belpost.by
Phishing site belpost.xyz

Can you revoke the certificate and no longer issue it to this person?

1 Like

I’m seeing that previous posts state a policy on this matter, but I’m not sure if this is still the case. https://letsencrypt.org/2015/10/29/phishing-and-malware.html

Another options is at the bottom of this page. https://letsencrypt.org/repository/

You can also report it as a Phishing site at https://www.phishing.org/how-to-report-phishing (several links) and https://safebrowsing.google.com/safebrowsing/report_phish/

Revoking the cert will do little to stop this malicious actor.

Additionally, you would do better to lookup the IP, find the hosting provider and contact them or use their abuse email address. Keep in mind that some hosting providers are fronted or directly run by cyber-criminals or criminally minded nation states so you may not get any help at all. It’s a game of whack a mole but we all have to attempt to make the Internet a better place. Best of luck!

5 Likes

You should also contact the abuse@ address for the domain being spoofed. Most domains which are impersonated in phishing scams have security teams who have dedicated or hotline contacts with the web-browser vendors and hosting/infrastructure providers, and will be able to quickly escalate the concern to appropriate channels and deplatform the bad actors.

2 Likes