See: https://urlquery.net/report/baf4df6c-d5c8-45ea-9d5a-afaa63d150a8
see IDs alerts.
Kaspersky and Sophos detect: https://www.virustotal.com/#/url/4e92f61b279743d558e1dc42f7948cd7c3fd0440a35d7d974259ce654b5b89b0/detection
See: https://webcache.googleusercontent.com/search?q=cache:eLHXWvJMkVAJ:https://www.hybrid-analysis.com/sample/2747932c56b816aae80ace812975e868b3227ab651903c1dc01e987231cccc96%3FenvironmentId%3D100+&cd=1&hl=nl&ct=clnk&gl=pl
See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=wieleba.pl%2FOVERDUE-ACCOUNT&ref_sel=GSP2&ua_sel=ff&fs=1

Certificate is not installed correctly
wieleba.pl
This is not a Symantec certificate.
Please contact the Certificate Authority for further verification.
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
RC4
Your server’s encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure. More information.
Info Certum Extended Validation CA SHA2

On hoster: https://observatory.mozilla.org/analyze.html?host=www.lh.pl

polonus