Post 9w0denUk0SrEDRirZ2 by bcl@infosec.exchange
 (DIR) More posts by bcl@infosec.exchange
 (DIR) Post #9w0TJtKu5uYKi3VvUW by leip4Ier@infosec.exchange
       2020-06-12T12:22:53Z
       
       0 likes, 0 repeats
       
       will phishing domain notification tools work if someone sets up a wildcard dns domain and a wildcard letsencrypt certificate? is it common for scammers to do that? sounds like it'd be super easy to just use nginx to show a webpage for apple/google/microsoft subdomains and 500 for everything else to avoid early detection through dns/ct logs.do antivirus labs pay more attention to newly registered wildcard domains?
       
 (DIR) Post #9w0d5dTzEuw71obTjE by bcl@infosec.exchange
       2020-06-12T14:12:19Z
       
       0 likes, 0 repeats
       
       @leip4Ier how would that work? To get letsencrypt to issue the domain you’d have to compromise the TLD dns first
       
 (DIR) Post #9w0dQdRWaAamzDStea by leip4Ier@infosec.exchange
       2020-06-12T14:16:08Z
       
       0 likes, 0 repeats
       
       @bcl oh, i meant subdomains. like you often see something similar to microsoft.com.company.xjsad12.net. people notice them quickly bc they appear in ct and dns logs. but if scammers register xjsad12.net first, then make com.company.xjsad1.net wildcard, the microsoft subdomain shouldn't get in logs!
       
 (DIR) Post #9w0denUk0SrEDRirZ2 by bcl@infosec.exchange
       2020-06-12T14:18:42Z
       
       0 likes, 0 repeats
       
       @leip4Ier Ah! I see.