Hello Avast Team
I managed a Government Site (http:/www.ditjenmiltun.net/) ALIAS [i]https://ditjenmiltun.mahkamahagung.go.id/[/i]
When my friend tried to access that Site, Avast Web Shield always detect Phising. Can you give me a proof that my site is a phish site?
http://i66.tinypic.com/14wwpl4.jpg
As a comparison, I check that site on Virustotal
http://i63.tinypic.com/30arvnm.png
I’ve downloaded whole public_html files & folders and ran Anti-Virus scanning with Kaspersky End Point Security.
After scanning finished, My Kaspersky not found any malicious files.
Hi steeveen,
Redirects found: URLs that redirect found in: https://ditjenmiltun.mahkamahagung.go.id/
1: http://ditjenmiltun.net/images/stories/banner1.jpg → https://www.ditjenmiltun.net/images/stories/banner1.jpg
2: http://www.siteja.com.br/arquivos/tiptopsom/wphone.gif → https://siteja.com.br/arquivos/tiptopsom/wphone.gif
DOM_XSS issues Results from scanning URL: -https://ditjenmiltun.mahkamahagung.go.id
Number of sources found: 3
Number of sinks found: 479
OK given the all green: https://sitecheck.sucuri.net/results/https/ditjenmiltun.mahkamahagung.go.id/plugins/content/jkefel/jtabs.js
TLS Recommendations
No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the “Not Secure” browser warning.
HTTPS mixed content found. Your HTTPS website is referring to an HTTP resource:
-http://ditjenmiltun.net/images/stories/banner1.jpg on -https://ditjenmiltun.mahkamahagung.go.id/404testpage4525d2fdc
-http://fonts.googleapis.com/css?family=Neuton&subset=latin on -https://ditjenmiltun.mahkamahagung.go.id/404testpage4525d2fdc
-http://www.siteja.com.br/arquivos/tiptopsom/wphone.gif on -https://ditjenmiltun.mahkamahagung.go.id/404testpage4525d2fdc
Immediate potential threats: https://app.upguard.com/#/https://ditjenmiltun.mahkamahagung.go.id
Security Checks for https://ditjenmiltun.mahkamahagung.go.id
(6) Susceptible to man-in-the-middle attacks
Vulnerabilities can be uncovered more easily
Vulnerable to cross-site attacks
(4) Unnecessary open ports
- http://67.20.88.101/Index of /
Name Last modified Size Description
Apache Server at -40.theitbloke.com.au Port 80
Joomla seems OK
Seems not responding here: https://urlquery.net/report/be6c16f5-db3e-4c54-bba1-9478af2f702c
get an error there.- because of avast blacklisting…
Wait fo a final verdict from an avast team member. Besides your not alone on that IP address:
https://dnstable.com/ip/101.50.1.57 v http://101.50.1.57/cgi-sys/defaultwebpage.cgi
berharap yang terbaik untukmu,
polonus (volunteer website security analyst and website error hunter)
Hi steeveen, thanks for reporting this. This detection was disabled yesterday (Jun/10/2019) and this URL is not detected by Avast anymore.
