Only Fortinet's to flag? Misused or abused server on IP?

Viruses and worms
1

Consider the following scan reults - 16 instances of malware here: https://urlquery.net/report/1fc750b2-22ef-435a-b1ad-ac62db98a60a
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fthe-rocket.ru%2F
Re: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.the-rocket.ru%2F&useragent=Fetch+useragent&accept_encoding=
Just only Fortinet’s to flag: https://www.virustotal.com/en/url/0cc74908348e09d062f7e68dd108eec052d651b5598cc4c4547d3a1f2ba98712/analysis/#additional-info
Quttera does not have it: https://quttera.com/detailed_report/www.the-rocket.ru
nor has Sucuri’s: https://sitecheck.sucuri.net/results/www.the-rocket.ru#blacklist-status
2 vulnerable retirable libraries: http://retire.insecurity.today/#!/scan/39e01c6d4c95884adbe7dfe3c7def58d0cd6d65b0711ab12e13f3f741734be20
F-Grade status and recommendation: https://observatory.mozilla.org/analyze.html?host=www.the-rocket.ru
Set-Cookie The ‘httpOnly’ flag is not set on this cookie.

Abuse reported for IP: https://www.abuseipdb.com/check/62.213.75.4

Javascript api issue on: assets/5bc9acfa/jquery.yiiactiveform.js
When one runs the code, it works correctly, in that changing the drop-down causes the form to be loaded, but client validation is not happening in the form, and jquery.yiiactiveform.js is not loaded. (report credits go to Paul T.)

polonus (volunteer website security analyst and website error-hunter)

2

This restricted by McAfee’s browser extension: http://www.siteadvisor.com/restricted.html?domain=http:%2F%2Fwww.the-rocket.ru%2Fassets%2F5bc9acfa%2Fjquery.yiiactiveform.js&originalURL=-1434340421&pip=false&premium=false&client_uid=1241509284&client_ver=4.0.6.161&client_type=IEPlugin&suite=false&aff_id=662-187&locale=nl_nl&ui=1&os_ver=6.3.0.0

With a 28% score this site does not run latest technology neither has best policies: https://en.internet.nl/domain/www.the-rocket.ru/95431/ unlike reported SSL certificate wS not found. The trust chain of your website certificate is not complete and/or not signed by a trusted root certificate authority. see security rating for the plesk default server page for that ip: http://toolbar.netcraft.com/site_report?url=http://62.213.75.4

pol

3

Update on IP: https://urlquery.net/report/e18b0c24-4169-4eff-8f14-5df6637ab74a
found 52% to be suspicious: https://zulu.zscaler.com/report/5ce283b9-abc3-4372-ac39-63290d4592a1
More on IP: https://www.abuseipdb.com/check/62.213.75.4
Re: https://www.virustotal.com/#/url/66aecd0b825e585b4cdaee6ee08405f7b6588bc9e20c8291860682a438fd11ad/detection
line:8: Bootstrap’s JavaScript requires jQuery

polonus

4

update: https://urlquery.net/report/fd89c6ec-7c7d-47fc-b877-ff3f69c3efbe
also: https://zulu.zscaler.com/report/5ce283b9-abc3-4372-ac39-63290d4592a1
on domain default page report → http://toolbar.netcraft.com/site_report?url=http://62.213.75.4
= htxp://node-62-213-75-4.it-virtualization.ru/
MySQL (3306) 3306 Port open. Server response: R 5.5.56-MariaDBn˜ )=7
http://as-rank.caida.org/?mode0=as-info&mode1=as-table&as=205952&data-selected-id=30
Sitevet has no data on AS 205952
on certificate on the nameserver - You have 2 errors
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
The certificate has expired.
The certificate has expired. This server is not secure.
Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.

Plesk root certificate on root for -node-62-213-75-4.it-virtualization.ru
Background read: http://blog.passivetotal.org/know-your-foe-all-the-networks-subnets-and-as/

polonus

5

Update: https://urlquery.net/report/f89cac57-94a8-4810-b785-c14b2684a70a

pol