The DST root certificate is stored on your computer because it's part of Microsoft's set of trusted root certificates. That's normal. You're seeing the Let's Encrypt certificate on b-bam.com because they obtained a certificate from Let's Encrypt, presumably legitimately because they control that domain. There has been plenty of discussion about a Certificate Authority's role in fighting phishing and malware on this forum already, see the topic linked below. If you believe b-bam.com to be malicious, please submit it to Google SafeBrowsing for inclusion on their blacklist. There's nothing Let's Encrypt or any other CA could reasonably do in this instance. It's up to your server and host to manage.