Dev Depot: urlQuery, Detects Potential Malware

A free online service for testing and analyzing URLs, urlQuery (www.urlquery.net) helps identify malicious and suspicious content on websites as a means of improving the safety and security of the Internet. It’s also a great tool for auditing your own websites. According to its publisher, while no current service or security solution can guarantee 100 percent detection of malicious content, urlQuery provides detailed information about the activities a web browser engages in when visiting a specific site, and then presents the results for further analysis; delivering a second opinion about the state of a site’s security.

“As with other sandbox technologies it can be detected, which can skew or make the results inaccurate,” states a urlQuery spokesperson. “Other issues might include browser incompatibilities with settings or configurations within the browser or sandbox.”

The limited scope of urlQuery uses a small set of features commonly employed by Intrusion Detection Systems, omitting several crucial areas when evaluating the overall effectiveness and performance of a site’s security systems.

It doesn’t get any easier than using urlQuery: just enter a profile URL in the input box and then click “go.” Optional advanced settings allow users to specify a User Agent and Referer plus Adobe Reader and Java versions, along with a VM Template, for those users needing more targeted testing.

Advanced users may also be interested in the urlQuery API, which offers the ability to submit URLs, query for a URL’s reputation and receive basic report information from public reports over JSON. A private API is provided to security companies, giving them full access to data such as URL feeds and other nonpublic information. Currently in closed beta testing, development of the API has taken longer than expected, due to the roll out of a new backend, which was required before any further extension was possible.

Daily updates to the signature sets help keep up with the latest threats, while certain subcategories of these signatures have been disabled, such as those governing policy and unrelated services (i.e. FTP, SMTP, etc.) plus protocols such as ICMP and SCADA, since they fall outside of the focus of the urlQuery service.

The limited scope of urlQuery uses a small set of features commonly employed by Intrusion Detection Systems, omitting several crucial areas when evaluating the overall effectiveness and performance of a site’s security systems. An internal detection engine has access to data gathered from within the browser which can be hard for other systems to reach or correctly determine; giving urlQuery a unique opportunity to alert on items that other system might miss.

In addition to the analysis it provides to your specified URL, the urlQuery.net website features an interesting statistics page, which reveals data such as the number of processed URLs vs. those that were flagged as being suspicious, as well as the relative incidences of Neutrino, Nice Pack, Private, ProPack, RedKit, Sakura, SofosFO, SPL, STFO Pack, Styx, Sweet Orange and unknown exploit kits that urlQuery has detected. Also listed are the Top 5 Alerts for the last 30 days, revealing the scope of malicious iframe injections, CookieBomb and other suspicious JavaScript code, plus Dynamic DNS and RedKit URL patterns that urlQuery identified, providing a guide to security staff.

If you’re responsible for protecting a site or analyzing others, then urlQuery should find a place in your toolbox. Try it and see the results for yourself.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Account-to-Account Payments: The New Banking Disruptor?

So much of our industry relies upon Visa and Mastercard to support consumer payments — and with that reliance comes increased scrutiny by both brands. From a compliance perspective, the bar keeps getting raised until it feels like we end up spending half our time making sure we are compliant rather than growing our business.

Cathy Beardsley ·
profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
Show More