It seems the traffic has something to do with the shared hosting and may be completely normal
Yes, it was the shared hosting site
In the logs, I noticed cron jobs running, and an IP address I didn’t recognize. I got worried and immediately took the site back down, but had to go to sleep.
Now I found the said IP on abuse databases and got really worried, but now I have understood what is going on.
The IP was the IP of the shared hosting and part of the normal routine (probably backing up or whatever they do to maintain shared hosting). Proof of that is easy: if you go to the IP address, you will find GoDaddy “something cool will be made here” a.k.a. the startup page.
The abuses were registered to that IP address yes, but they had not originated (9 months ago) from Pokitto.com. In shared hosting tens / hundreds of sites use the same IP, and Pokitto.com is a subip that changes over time. When abuses are reported, they only list the IP of the shared hosting server - not the site.
In short, I was a bit jumpy, but maybe it’s just good to have learned this also.
I will now have to go sort the website out, because I blacklisted the shared hosting server