Dear BlueCloudy,
Good find, and I will explain to you why. Abused at iodc.dk hoster in Denmark.
See how they wrought it with a free self signed letsencrypt certificate and a nameserver with a self signed one!
and for unknown AS (actually AS8502) and unknown location (Denmark),
see :
http://urlquery.net/report.php?id=1497114416143alerted as PHISHING from an abusing iodc.dk_Apache server on a provider in Denmark at Hvidovre, Hovedstaden:
http://toolbar.netcraft.com/site_report?url=185.121.173.199Nameserver brought us this info:
commonName=server.kamubisaja.info & ISC BIND 9.9.4 & DNS:cpanel.dataupdated.me &
Service Info: OS: Red Hat Enterprise Linux 7; CPE: cpe:/o:redhat:enterprise_linux:7
For that nameserver:
http://toolbar.netcraft.com/site_report?url=server.kamubisaja.infoNemeserver has a self-signed certificate installed, which is a big no-no security-wise and otherwise also.
No best practices: Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
Evasive organisation working here, because Certificate status:
Unknown
Revocation check method:
Not available
Certificate Transparency:
Not embedded in certificate Only a serial number given and key size and Algoritm Type.
That's all folks, and it is not cheering us up, name of the game a PHISH and a FRAUD.
polonus (volunteer website security analyst and website error-hunter)
