The website itself uses whois protection
Registrant Name: WHOISGUARD PROTECTED
Registrant Organization: WHOISGUARD, INC.
Registrant Street: P.O. BOX 0823-03411
Registrant City: PANAMA
Registrant State/Province: PANAMA
Registrant Postal Code: 00000
Registrant Country: PA
And you simply never ask for people’s FTP credentials, ever. That’s not just unprofessional, that’s outright shady. No matter how much you want to be helpful, it’s just a no-go. Together with the complete lack of any information on who is running this site, all you can say about it remains: STAY AWAY.
Behold the paradox: You want to drive forward encryption while teaching people that it’s OK to generate private keys in a browser and enter your hosting credentials on some random website.
It would have been better to show people how to generate keys and create a CSR, then accept only the CSR and have them complete the challenge manually. If they can’t do that, they probably should let someone else run the server in the first place. What are the chances that it’s a well-maintained server, anyway?
To me, this service is a good example how good intentions can be disastrous for the general robustness.