Random domains in my crt.sh search

I have had a never ending nightmare with my domain, (originally registered with freeola)website was originally set up by a web designer who then apparently transferred site over to us (wix)

We have never had full control of the website, when we were logged into dashboard it would keep saying its been updated in a nother browser etc, basically an absolute nitemare

we then discovered subdomains were created that we didnt create (we have also checked other domains and have found the same problem-same registrar)

Long story short we found crt.sh and checked our certificate history and found loads of randoms that we have never heard of including en.

we did recognise that en.thebeautynurse.co.uk had had that subdomain added, but wix blamed freeola and freeola blamed wix, it wasnt in my dns records at freeola (but a lot of things that we have found externally, havent appeared in freeola dns records on other domains we have with them)

We are really just hoping if someone can tell us if this could be related to our security issues, it seems we have never been in control of this domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: thebeautynurse.co.uk

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: unsure at this point

I can login to a root shell on my machine (yes or no, or I don't know): dont know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I only see two lineage for your domain: one wildcard certificate from an ecdsa-allowed account and one that just cover www.and base domain(which you uses) wildcard catch any subdomain of base domain, so any new subdomain added from wix will use that domain

1 Like

thanks for your response, whats an ecdsa allowed account?
I have no idea who created the wildcard certificate
I am no longer with wix, we deleted the site with wix in October last year, we are now with weebly/squareup

regards the random domains I have seen

autodiscover.ukart.com
autodiscover.christianhospitalquetta.org
autodiscover.dentalia.org.uk
autodiscover.bazookaarts.co.uk and more

I have no idea how they match my domain

1 Like
Name:    thebeautynurse.co.uk
Address: 199.34.228.164

Name:    cms5.weebly.com     <<<<<<<<<<<<<<<<<<<<<<<<<
Address: 199.34.228.164
2 Likes

newest certificate that has autodiscover certificate is from 2022,(crt.sh show all historical certificate, not just unexpired) when (i guess) you were using Wix back then. don't think you have any problem now

2 Likes

but due to the major problems we have with this domain, including hacked accounts, we ideally need to know if it was normal that thiose domains were in our historical certifiactes

its worth mentioning we didnt set up any mail accounts with wix or any other host for this domain, the only mail we had set up was proton customised email and email pro via freeola (for a few months) freeola claim they use their own mail servers for that mail service

grabed a random autodiscover subdomain you listed and they are CNAMEed to autodiscover.freeolamail.net

1 Like

Some web hosting companies combine names from separate customers on the same certificate. That is not unusual. Is this what you are concerned about?

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.