I get a 503 service temporarily unaivalable here: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fprocedureconcorsuali.giustizia.it
See the extensive information Michael (alan1998) provided on one of the involved domains on that IP,
for the other one, there are also various glitches, flaws and immediate threats found up.
Quite some vulnerabilities on that hosting IP: https://www.shodan.io/host/89.119.251.145
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
But we can easily imagine the proxy vulnerabilities mentioned, seen to all the various DOM-XSS glitches in the code,
given further down.
Excessive server info proliferation, see: Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
Apache/2.2.3 (Red Hat)
X-Powered-By:
Servlet 2.5; JBoss-5.0/JBossWeb-2.1
IP Address:
89.119.251.145
Hosting Provider:
BT Italia S.p.A.
Shared Hosting:
2 sites found on 89.119.251.145
See the DOM-XSS flaws report: Results from scanning URL: -http://procedureconcorsuali.giustizia.it
Number of sources found: 10
Number of sinks found: 57
Re: Results from scanning URL: -https://procedureconcorsuali.giustizia.it/procedureconcorsuali-theme/js/main.js?browserId=other&minifierType=js&languageId=it_IT&b=6101&t=1454595524000
Number of sources found: 76
Number of sinks found: 49
Results from scanning URL: -https://procedureconcorsuali.giustizia.it/procedureconcorsuali-theme/js/main.js?browserId=other&minifierType=js&languageId=it_IT&b=6101&t=1454595524000
Number of sources found: 285
Number of sinks found: 51
Results from scanning URL: -https://procedureconcorsuali.giustizia.it/procedureconcorsuali-theme/js/main.js?browserId=other&minifierType=js&languageId=it_IT&b=6101&t=1454595524000
Number of sources found: 218
Number of sinks found: 72
2 vulnerable JQuery library scripts to be retired: https://retire.insecurity.today/#!/scan/c01ce8584a0940fa1a94ca65cb0af0eb3137c733789a386c11e285d41111f6f2
An omni scan for mixed content issue, the real threat here - preliminairy scan score = minus 6.
https://webcookies.org/cookies/procedureconcorsuali.giustizia.it/28567977?976439
Cookie can be read by client-side JavaScript which might increase chances of stealing it in case of a successful Cross-Side Scripting attack. It’s recommended that cookies storing authentication-related session token are protected by the flag »
The page loads 4 third-party JavaScript files and 5 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised
Resources insecurely loaded over plaintext HTTP, see inside scan report.
Immediate cyber security threats to that website 4: https://webscan.upguard.com/#/procedureconcorsuali.giustizia.it
Open to MiM atttacks, because of Insecure SSL/TLS versions available
HTTP still accessible
HTTP Strict Transport Security (HSTS) not enforced
Vulnerable to cross-site attacks, because HttpOnly cookies not used
Wait for a final verdict from an avast team member, as they are the only ones to come and unblock.
We are just volunteers here with relative knowledge in the field of website security, we can only advise
and pinpoint out weaknesses found via public available 3rd party cold reconnaissance scanning.
Be aware the website security of this website is definitely “under par”.
Checked the page for Cloaking, and this has been detected. Checking for cloaking
There is a difference of 13 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page, see http://www.isithacked.com/check/http%3A%2F%2Fprocedureconcorsuali.giustizia.it *
We find a return-true turned up shown to google and a return-false shown to googlebot,
suspicious to say the least. (something with the API). This * could now been cleansed - site under maintance.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)