Try to open: https://urlquery.net/report/e7bd086c-a3ee-4996-bc36-ffa227b53f89
and will get: This page isn’t working urlquery.net didn’t send any data.
ERR_EMPTY_RESPONSE Connection also seems not to be secure.

Re: https://observatory.mozilla.org/analyze/urlquery.net
See: https://observatory.mozilla.org/analyze/urlquery.net#third-party

Is this on my, e.g. client side or on their server side?
This makes me think it is the latter:

HSTS header missing the "includeSubDomains" attribute. HSTS header missing the "preload" attribute. HTTP page does not redirect to an HTTPS page. Unknown error.

An internal error occurred while accessing the requested URL.

For further assistance, please contact the system administrator

Anyone?

polonus

Hi Pol, I get this with Firefox.

Hallo der Asyn,

You make my day. Feel a lot better to be able to establish, that it is not on my side then
(in my client aka browser).
So urlquery dot net’s IT staff have some issues to solve over the weekend then.

They could well do with this generator: https://sslmate.com/caa/ as it says “DNS CAA, No”.
Moreover their website server software is outdated: https://sitecheck.sucuri.net/results/https/urlquery.net
see involved risks here: https://nginx.org/en/security_advisories.html
And there is more: Security Checks for -https://urlquery.net
(3) Susceptible to man-in-the-middle attacks
Domain at risk of being hijacked
Vulnerabilities can be uncovered more easily
(2) Emails can be fraudulently sent
DNS is susceptible to man-in-the-middle attacks

Have a nice day, my avast forum friend,

S.G.

Damian aka polonus

Hi Damian,

you’re welcome and have a nice day as well. Groetjes

When going to the developer’s page in the browser under the heading network for that particular uri request, I get

[quote] Provisional headers are shown
Referer: -https://urlquery.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 [/url]

Background read: https://stackoverflow.com/questions/31950470/what-is-the-upgrade-insecure-requests-http-header#32003517

This again stresses the importance of and also Google’s mission to get https everywhere,
which drive we all should support

polonus

You can work around it while opening up the links on VT, like this one:
https://www.virustotal.com/#/url/5148d1839f139720d0f45d7fe4d8dbe939f6fd94db24052b3497ed91f45328fd/detection
and https://www.virustotal.com/#/file/55eabee0934606e5692f1a7cc16f6919df3c3405ed0ba0dcc1323b8bdcd11d9a/detection
which are the results for Blacklisted -xzc.197746.com/mogegegexx.apk for instance.
See for instance fortinet’s detection of linux malware - https://www.virustotal.com/#/file/5e17944f8b7fcd194a5ee69ed97336937bbd155225865407975f29dadf7a2c17/details

PUP.HighConfidence

ESET-NOD32

a variant of Android/Packed.Jiagu.D potentially unsafe

[i][i][b]Fortinet

Riskware/Jiagu!Android[/b][/i][/i]

K7GW

Trojan ( 005259891 )

Symantec Mobile Insight

AdLibrary:Generisk

polonus

Connection back, and is secure again, but, critical issue is that certificate needs an urgent updating.
Conclusion service is up and running again.

Tested here: https://urlquery.net/report/ada71612-fa44-49c6-99ff-6859f243a019
Solved back on,
Consider also: https://www.virustotal.com/#/domain/logistic.3go.company , that does not have the alert!

URL logistic.3go.company/ IP 213.202.252.206 ASN AS13301 United Gameserver GmbH Location Germany Germany Report completed 2019-03-08 17:20:38 CET Status Report complete. urlquery Alerts Detected suspicious URL pattern

Suspicious url pattern caused a blacklisting: https://sitecheck.sucuri.net/results/logistic.3go.company
See vulnerabilities on IP: https://www.shodan.io/host/213.202.252.206

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

However, I went over the script hick-ups on that urlquery dot net, and there is certainly some room for improvement.
Some errors found:

SyntaxError: Unexpected token &
/scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Invalid or unexpected token
/scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Unexpected identifier
/scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

DOM-XSS scan results in:
Results from scanning URL: -//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Number of sources found: 117
Number of sinks found: 92

SyntaxError: Unexpected token <
/scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Unexpected strict mode reserved word
/scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Unexpected token <
/scan?url=-https%3A%2F%2Furlquery.net%2F%3F:6

Also consider retirable libraries: https://retire.insecurity.today/#!/scan/2b6b934a9af05415e034bdc846b8b4b16b6a6095d9fd03bc81f7abaf9cad1a9a
Re:

jquery-ui-dialog 1.9.2 Found in -https://urlquery.net/static/org/javascript/jquery-ui-1.9.2.custom.min.js
Vulnerability info:
Medium CVE-2010-5312 6016 Title cross-site scripting vulnerability
High CVE-2016-7103 281 XSS Vulnerability on closeText option
jquery-ui-tooltip 1.9.2 Found in -https://urlquery.net/static/org/javascript/jquery-ui-1.9.2.custom.min.js
Vulnerability info:
High CVE-2012-6662 8859 Autocomplete cross-site scripting vulnerability
jquery 1.8.3 Found in -https://urlquery.net/static/org/javascript/jquery-1.8.3.js
Vulnerability info:
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
jquery-ui-autocomplete 1.9.2 Found in -https://urlquery.net/static/org/javascript/jquery-ui-1.9.2.custom.min.js

Next 133 recommendations for website improvement (safe TypeError: Cannot read property ‘status’ of undefined
/static/scripts/scanner-4ad21c9ca8.js:1): https://webhint.io/scanner/80808e41-095e-44e7-a661-4ca5c3306854

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)