I went here: -http://www.cs.put.poznan.pl/ddwornikowski/sieci/sieci2/dns.html
Then visited a specially code page written with a special DNS-code - xn–w-uga1v8h.pl.
Re: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fxn--w-uga1v8h.pl%2F
Global Sign Certificated but wrongly installed: xn–w-uga1v8h.pl
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
SSLv3
Your server’s encryption settings are vulnerable. This server uses the SSLv3 protocol, which is not secure.
TLS1.2
This server is vulnerable to a TLS renegotiation attack.
This server is vulnerable to:
SSL/TLS Compression
This server is vulnerable to a CRIME attack.
Poodle (SSLv3 protocol)
This server is vulnerable to a Poodle (SSLv3) attack.
Re: http://whois.domaintools.com/xn--w-uga1v8h.pl See code with adblockkey: -https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=xn--w-uga1v8h.pl&ref_sel=GSP2&ua_sel=ff&fs=1
So we check whether it pays to be whitelisted through ABP? No match for that domain or premium.pl
Do not forget either the IP is flagged for locky ransomeware: https://ransomwaretracker.abuse.ch/ip/72.52.4.120/
Akamai abuse: https://otx.alienvault.com/indicator/ip/72.52.4.120/
Previously malicious IP: http://cyberwarzone.com/malicious-history-of-72-52-4-120/
Re: https://www.virustotal.com/en/url/b3dd258492c1452fca124371ad8572ccedb59550bcdf2ff3754a5992b13ed4d6/analysis/1491304435/
polonus