That website is actually malware and loading the certificate does involve making a connection to it.
I personally recommend using a DNS like Quad9 or DNS0 at a minimum for some protection against these known sites. Both have it already blocked. Cloudflare’s security variant doesn’t.
A layered approach to this is best, eg.:
- blocking known bad IP addresses
- DNS blocking some known ads/malware with a service like Quad9 as the upstream. doing both here is critical, using some malware blocklists that only update daily from few sources is useless
- content blocker in browser also blocking more ads/malware
- using the safe browsing feature in the browser
- enforcing https
- as a user, not clicking ads, not clicking links that are raw IP addresses
- having eg. Windows Defender enabled/enforcing/updated if you’re on Windows
- keeping all software updated
(Yes that is all “badness enumeration”, except in many cases such as this one such badness was already known.)
Please also if you do post links to malware, defang it: replace . with [.] and replace http with hxxp
re safe browsing:
- Chrome, Vanadium, and Mulch only have Safe Browsing if you have real Google Play Services installed.
- Bromite, Cromite, Mull, and Fennec F-Droid do not support Safe Browsing.
- Official Firefox on Android doesn’t depend on Google Play Services for Safe Browsing.