Only Kaspersky to flag this website? Abuse going on from IP!

Kaspersky found some abuse going on here. Read on.

Vulnerable server header: Outdated Web Server Nginx Found: nginx/1.2.3
Server vuln: http://www.cvedetails.com/version/148772/Igor-Sysoev-Nginx-1.2.3.html

Same IP domains: http://sameid.net/ip/91.202.63.43/
IP badness history: https://www.virustotal.com/nl/ip-address/91.202.63.43/information/
DrWeb JS.Loadpays.2 launched from that IP and latest found: Adware.Downware.2095
htxp://myfiler.anchih.pp.ua/ is in Dr.Web malicious sites list!
My connnection is flagged to be not private here: htxps://www.urlquery.net/report.php?id=1409069061211 (Privacy error given by Chrome)
Site may be down: https://urlquery.net/report.php?id=1415455779074
See all the IDS alerts in “Recent reports on same IP/ASN/Domain”
like IDS alert: ET INFO HTTP Request to a *.ru.tf domain, ET INFO DYNAMIC_DNS HTTP Request to Abused Domain *.mooo.com, ET POLICY HTTP Request to a *.tk domain.
Kraken Virus Tracker confirms: myfiler.anchih.pp dot ua,91.202.63.43, ns1.lp-dns dot com, Criminals,
This only means to say there is up and active malcode there, no more no less.

DNS Inspection Report: http://www.dnsinspect.com/myfiler.anchih.pp.ua/1415455988
→ htxp://ns1.lp-dns.com/ is present in the Dr.Web database of unwanted sites!

XSS vuln: Results from scanning URL: htxp://myfiler.anchih.pp.ua
Number of sources found: 0
Number of sinks found: 123

Results from scanning URL: htxp://myfiler.anchih.pp.ua/js/jquery.min.js
Number of sources found: 38
Number of sinks found: 21 → document,cm.write (as source)

Javascript check: http://jsunpack.jeek.org/?report=3896f0ad1b2f9738374efa8d44b16040a8e48d6e
For security research only, open link with NoScript active in the browser and inside a VM/sandbox.

Code hick-up:
myfiler.anchih.pp dort ua/js/jquery.jcarousel.min.js benign
[nothing detected] (script) myfiler.anchih.pp dot ua/js/jquery.jcarousel.min.js
status: (referer=myfiler.anchih.pp.ua/)saved 17461 bytes 7f39276f2b5c4d00f2041df89290b1665b6aa577
info: [decodingLevel=0] found JavaScript
suspicious:
And undefined function q.getElementsByTagName
error: undefined variable q
In main.js: undefined variable $ -XSS vuln, see resultsfrom scanning URL: htxp://s0.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1414003384j
Number of sources found: 38
Number of sinks found: 12 via Java Lexer using javax annotations

Possibly remote inclusion vulnerability in code link htxp://sorgalla.com/jcarousel (Zend/PHP) - wrap circular 'loop
in myfiler.anchih.pp dot ua/js/jquery.jcarousel.min.js

polonus

Update for this domain on IP only flagged by Kaspersky’s: https://www.virustotal.com/nl/url/e1e0bc0dd39a08987daf08d9933995dcc21da9996fc98ad59e11368ab8980ef1/analysis/1420476299/
System Details:
Running on: nginx/1.2.3
Powered by: PHP/5.4.6
Outdated Web Server Nginx Found: nginx/1.2.3
Server configuration and FW warnings for -minecrraftfourus.hackerok.pp.ua - http://www.dnsinspect.com/minecrraftfourus.hackerok.pp.ua/1420476551
Browser Diff. so-called Cloaking alert: http://www.isithacked.com/check/minecrraftfourus.hackerok.pp.ua
Not equal
Google: 29511 bytes Firefox: 28754 bytes
Diff: 757 bytes
http://browsershots.org/http://minecrraftfourus.hackerok.pp.ua/

IP badness history: https://www.virustotal.com/nl/ip-address/91.202.63.43/information/
App downloader issues! PHISH and spam IP listed here: http://comments.gmane.org/gmane.comp.security.phishings/31693

polonus