See: https://urlhaus.abuse.ch/url/216854/
4 flag: https://www.virustotal.com/gui/url/e7a3a3df5ec68f2fba2cd057e8de23d03fa1d8d333f73ca11bd492dc2baefbda/detectiSite Site blacklisted and with vulnerabilities in Apache 2.4.6, CentOS
See also abuse on -host172-36-211-80.serverdedicati.aruba.it
To see a file with the malware: -https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=ODAuMjExLjM2LjE3MmBiW25zYHx9bS5i~enc (link made non-clickable for those for which ELF malcode poses a risk, pol).
Also found to be 100% malicious here: https://zulu.zscaler.com/submission/7dd14e02-7150-4906-a36c-bdb232087563
On security of hoster:
Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell aruba.it to fix it.Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.-www.aruba.it asp.net_sessionid
-managehosting.aruba.it __cfduid
-v1%3a155187972176405573 Twitter guest_id
LegendTracking IDs could be sent safely if this site was secure.
Tracking IDs do not support secure transmission.
Retirable jQuery libraries:
Retire.jsbootstrap 3.4.0 Found in -https://mediacdn.aruba.it/MediaCDNRepository/files/90/905776a3-a892-496d-ad4a-12915ad3159c.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331
jquery 1.12.4 Found in -https://mediacdn.aruba.it/MediaCDNRepository/files/51/51233458-3474-4cd1-9a14-98ea4625900f.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Found by RECX Security Analyser v. 1.3.0.4 issues with ... content-security-policy in frame-ancestors 'self' -http://wa.aruba.it -https://wa.aruba.it (no best policy) No secure atttributes set for __cfduid-.aruba.it
Insecure
ASP.NET_Session Id-www.aruba.it
Insecure
CMSPreferredCulture-www.aruba.it
Insecure
OpenChatControl-www.aruba.it
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)