A free online service for testing and analyzing URLs, urlQuery (www.urlquery.net) helps identify malicious and suspicious content on websites as a means of improving the safety and security of the Internet. It’s also a great tool for auditing your own websites. According to its publisher, while no current service or security solution can guarantee 100 percent detection of malicious content, urlQuery provides detailed information about the activities a web browser engages in when visiting a specific site, and then presents the results for further analysis; delivering a second opinion about the state of a site’s security.
“As with other sandbox technologies it can be detected, which can skew or make the results inaccurate,” states a urlQuery spokesperson. “Other issues might include browser incompatibilities with settings or configurations within the browser or sandbox.”
The limited scope of urlQuery uses a small set of features commonly employed by Intrusion Detection Systems, omitting several crucial areas when evaluating the overall effectiveness and performance of a site’s security systems.
It doesn’t get any easier than using urlQuery: just enter a profile URL in the input box and then click “go.” Optional advanced settings allow users to specify a User Agent and Referer plus Adobe Reader and Java versions, along with a VM Template, for those users needing more targeted testing.
Advanced users may also be interested in the urlQuery API, which offers the ability to submit URLs, query for a URL’s reputation and receive basic report information from public reports over JSON. A private API is provided to security companies, giving them full access to data such as URL feeds and other nonpublic information. Currently in closed beta testing, development of the API has taken longer than expected, due to the roll out of a new backend, which was required before any further extension was possible.
Daily updates to the signature sets help keep up with the latest threats, while certain subcategories of these signatures have been disabled, such as those governing policy and unrelated services (i.e. FTP, SMTP, etc.) plus protocols such as ICMP and SCADA, since they fall outside of the focus of the urlQuery service.
The limited scope of urlQuery uses a small set of features commonly employed by Intrusion Detection Systems, omitting several crucial areas when evaluating the overall effectiveness and performance of a site’s security systems. An internal detection engine has access to data gathered from within the browser which can be hard for other systems to reach or correctly determine; giving urlQuery a unique opportunity to alert on items that other system might miss.
In addition to the analysis it provides to your specified URL, the urlQuery.net website features an interesting statistics page, which reveals data such as the number of processed URLs vs. those that were flagged as being suspicious, as well as the relative incidences of Neutrino, Nice Pack, Private, ProPack, RedKit, Sakura, SofosFO, SPL, STFO Pack, Styx, Sweet Orange and unknown exploit kits that urlQuery has detected. Also listed are the Top 5 Alerts for the last 30 days, revealing the scope of malicious iframe injections, CookieBomb and other suspicious JavaScript code, plus Dynamic DNS and RedKit URL patterns that urlQuery identified, providing a guide to security staff.
If you’re responsible for protecting a site or analyzing others, then urlQuery should find a place in your toolbox. Try it and see the results for yourself.
