False Alarm on My Website

[steeveen]

Hello Avast Team
I managed a Government Site (http:/www.ditjenmiltun.net/) ALIAS https://ditjenmiltun.mahkamahagung.go.id/
When my friend tried to access that Site, Avast Web Shield always detect Phising. Can you give me a proof that my site is a phish site?
 

As a comparison, I check that site on Virustotal


I've downloaded whole public_html files & folders and ran Anti-Virus scanning with Kaspersky End Point Security.
After scanning finished, My Kaspersky not found any malicious files.

[Pondus]

https://www.virustotal.com/gui/url/9c74ea41f088b9cff7864341e0706eda724b4bb054a614e74493df66c06d79eb/detection


https://sitecheck.sucuri.net/results/www.ditjenmiltun.net



Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

[polonus]

Hi steeveen,

Redirects found: URLs that redirect found in: https://ditjenmiltun.mahkamahagung.go.id/

1: http://ditjenmiltun.net/images/stories/banner1.jpg -> https://www.ditjenmiltun.net/images/stories/banner1.jpg
2: http://www.siteja.com.br/arquivos/tiptopsom/wphone.gif -> https://siteja.com.br/arquivos/tiptopsom/wphone.gif
DOM_XSS issues Results from scanning URL: -https://ditjenmiltun.mahkamahagung.go.id
Number of sources found: 3
Number of sinks found: 479

OK given the all green: https://sitecheck.sucuri.net/results/https/ditjenmiltun.mahkamahagung.go.id/plugins/content/jkefel/jtabs.js
TLS Recommendations
No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the "Not Secure" browser warning.

HTTPS mixed content found. Your HTTPS website is referring to an HTTP resource:
-http://ditjenmiltun.net/images/stories/banner1.jpg on -https://ditjenmiltun.mahkamahagung.go.id/404testpage4525d2fdc
-http://fonts.googleapis.com/css?family=Neuton&subset=latin on -https://ditjenmiltun.mahkamahagung.go.id/404testpage4525d2fdc
-http://www.siteja.com.br/arquivos/tiptopsom/wphone.gif on -https://ditjenmiltun.mahkamahagung.go.id/404testpage4525d2fdc

Immediate potential threats: https://app.upguard.com/#/https://ditjenmiltun.mahkamahagung.go.id

Security Checks for https://ditjenmiltun.mahkamahagung.go.id
(6) Susceptible to man-in-the-middle attacks
Vulnerabilities can be uncovered more easily
Vulnerable to cross-site attacks
(4) Unnecessary open ports

- http://67.20.88.101/Index of /
    Name   Last modified   Size   Description
Apache Server at -40.theitbloke.com.au Port 80

Joomla seems OK

Seems not responding here: https://urlquery.net/report/be6c16f5-db3e-4c54-bba1-9478af2f702c
get an error there.- because of avast blacklisting...

Wait fo a final verdict from an avast team member. Besides your not alone on that IP address:
https://dnstable.com/ip/101.50.1.57  v http://101.50.1.57/cgi-sys/defaultwebpage.cgi

berharap yang terbaik untukmu,

polonus (volunteer website security analyst and website error hunter)

[prokopes_]

Hi steeveen, thanks for reporting this. This detection was disabled yesterday (Jun/10/2019) and this URL is not detected by Avast anymore.