https://pst.giustizia.it blacklist

Dear sirs;

The internet site https://pst.giustizia.it, that is the site of the italian court of justice, is no more available due to the disconnection for "url: blacklist. As a consequence it is no more possible to see the files of the lawsuites. We kindly request to solve the balcklist issue.

gentilissimi, il sito https://pst.giustizia.it che è il portale dei servizi per il processo telematico dei tribunali italiani, si disconnette a causa dell’errore URL: Blacklist. non è quindi possibile agli operatori accedere ai fascicoli. Si prega di risolvere il problema.

Cordialmente

curl requests reveal SSL/TLS has been stripped?!

302 Found

Found

The document has moved here.


Apache/2.2.3 (Red Hat) Server at pst.giustizia.it Port 443

XFE returns Government ownership >> https://exchange.xforce.ibmcloud.com/url/http:~2F~2Fpst.giustizia.it~2FPST~2F
URLScan >> https://urlscan.io/result/da2ad75e-fecd-4e77-bbcc-223c688a5c6f
URLVoid >> https://www.urlvoid.com/scan/pst.giustizia.it/
CheckPhish >. https://checkphish.ai/insights/url/1571941764245/83e09ce4586122e65bdd6efc6b44d82323f64ba2def0b68f57a88979a6f36cba
Zulu >> https://zulu.zscaler.com/submission/33e79cf1-f395-41e5-952c-688e7214c9e5
VT >> https://www.virustotal.com/gui/url/be9c067ee605375826bb0f7e432ac519d4c1cad8472a21871e7b951318525ede/detection
Aw-SnaP >> https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=cHN0LmdbdXN0W3pbfC5bdGBQU1Rg~enc

What’s what all the bloody blank lines? Makes source really hard to read. Apache is out of date.

See Sucuri report here >> https://sitecheck.sucuri.net/results/https/pst.giustizia.it

Milos, an avast! team member has been notified.

I get a 503 service temporarily unaivalable here: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fprocedureconcorsuali.giustizia.it

See the extensive information Michael (alan1998) provided on one of the involved domains on that IP,
for the other one, there are also various glitches, flaws and immediate threats found up.

Quite some vulnerabilities on that hosting IP: https://www.shodan.io/host/89.119.251.145
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
But we can easily imagine the proxy vulnerabilities mentioned, seen to all the various DOM-XSS glitches in the code,
given further down.

Excessive server info proliferation, see: Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
Apache/2.2.3 (Red Hat)
X-Powered-By:
Servlet 2.5; JBoss-5.0/JBossWeb-2.1
IP Address:
89.119.251.145
Hosting Provider:
BT Italia S.p.A.
Shared Hosting:
2 sites found on 89.119.251.145

See the DOM-XSS flaws report: Results from scanning URL: -http://procedureconcorsuali.giustizia.it
Number of sources found: 10
Number of sinks found: 57

Re: Results from scanning URL: -https://procedureconcorsuali.giustizia.it/procedureconcorsuali-theme/js/main.js?browserId=other&minifierType=js&languageId=it_IT&b=6101&t=1454595524000
Number of sources found: 76
Number of sinks found: 49

Results from scanning URL: -https://procedureconcorsuali.giustizia.it/procedureconcorsuali-theme/js/main.js?browserId=other&minifierType=js&languageId=it_IT&b=6101&t=1454595524000
Number of sources found: 285
Number of sinks found: 51

Results from scanning URL: -https://procedureconcorsuali.giustizia.it/procedureconcorsuali-theme/js/main.js?browserId=other&minifierType=js&languageId=it_IT&b=6101&t=1454595524000
Number of sources found: 218
Number of sinks found: 72

2 vulnerable JQuery library scripts to be retired: https://retire.insecurity.today/#!/scan/c01ce8584a0940fa1a94ca65cb0af0eb3137c733789a386c11e285d41111f6f2

An omni scan for mixed content issue, the real threat here - preliminairy scan score = minus 6.
https://webcookies.org/cookies/procedureconcorsuali.giustizia.it/28567977?976439

Cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It’s recommended that cookies storing authentication-related session token are protected by the flag »

The page loads 4 third-party JavaScript files and 5 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised

Resources insecurely loaded over plaintext HTTP, see inside scan report.

Immediate cyber security threats to that website 4: https://webscan.upguard.com/#/procedureconcorsuali.giustizia.it
Open to MiM atttacks, because of Insecure SSL/TLS versions available
HTTP still accessible
HTTP Strict Transport Security (HSTS) not enforced

Vulnerable to cross-site attacks, because HttpOnly cookies not used

Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.
We are just volunteers here with relative knowledge in the field of website security, we can only advise
and pinpoint out weaknesses found via public available 3rd party cold reconnaissance scanning.

Be aware the website security of this website is definitely “under par”.

Checked the page for Cloaking, and this has been detected. Checking for cloaking
There is a difference of 13 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page, see http://www.isithacked.com/check/http%3A%2F%2Fprocedureconcorsuali.giustizia.it *

We find a return-true turned up shown to google and a return-false shown to googlebot,
suspicious to say the least. (something with the API). This * could now been cleansed - site under maintance.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Milos (Avast! Team) reports no detection. Can you upload a screenshot?

Site opens up normally inside browser,

pol

Detection was removed on the same date by member (Avast Labs).

The provided URL doesn't seem to be detected by Avast. Could you please send us a screenshot of the detection message you're getting? https://support.avast.com/en-ww/article/Create-screenshot