That report could not distinguish between ISP and Cloud provider, also between Alibaba as an e-commerce and Aliyun as Cloud provider. The report also complained about possible SQL injection, but the database it accessed is a local SQlite database. Who cares if you inject your own database?

Seems fishy.