What is lurking behind this URL - PHISHING & mirrored website 0-day exploitable!

We detect new insecurity every day and all of the time all the time, so time to report here :o

Confirmed PHISHING alert via phishcheck dot me: {“sid”: 95312, “is_success”: true}
as here is alerted for “ET INFO Possible Phish - Mirrored Website Comment Observed” →
In code: < !-- Mirrored from -roesterei.com/ by HTTrack Website Copier/3.x [XR&CO’2010], Wed, 30 Jun 2010 09:11:28 GMT →
on that server’s default Plesklin webpage → This website is log-in insecure found with Tracker SSL:
66% of the trackers on this site could be protecting you from NSA snooping. Tell to fix it.

All trackers
At least 3 third parties know you are on this webpage.

- - hosted on: -mnemosyne.3w-hosting.de DNS:sg1706.3w-hosting.de
1 red out of 10 on Netcraft Risk Rating: https://toolbar.netcraft.com/site_report?url=mnemosyne.3w-hosting.de
Let’s Encrypt Authority X3 and intermediate certificate, while Strict Transport Security (HSTS): Not Enabled
SSL/TLS compression: Not Enabled.

Einstein.Kaffee offline: certification key problems → https://www.shodan.io/host/

5 security errors established at webhint sonarwahl scan: https://webhint.io/scanner/f2b9bcf8-3ee9-4266-ab61-68c9481d43ee
Response should not include disallowed ‘x-powered-by’ header, 2 instances.
‘strict-transport-security’ header was not specified, 2 instances
‘hxtp://kosher-coffee.com/’ does not support HTTPS.
htxp://kosher-coffee.com/ (checked on Qualys).

HTTrack exploitable → https://0day.today/exploit/16396
exploit found with zero-day credits go to “kalashinkov3” member from Inj3ct0r Team via vuln. extension: - .whtt

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Update, another one of these: https://urlquery.net/report/5ae91b6a-3277-44bd-a57c-7a18bada6336
Flagged as by Suricata’s as with ET INFO Possible Phish - Mirrored Website Comment Observed.
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bXxbc1t8bS5eXW1g~enc
27 security recommendations: https://webhint.io/scanner/876296c0-aad9-4f56-b349-f7b8e6801fe8

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)