urlquery dot net site has been down for over 3 days now.

What is going on there?

PORT STATE SERVICE VERSION 80/tcp open http nginx 1.10.3 (Ubuntu) |_http-server-header: nginx/1.10.3 (Ubuntu) |_http-title: [b]502 Bad Gateway[/b] 443/tcp open ssl |_http-server-header: nginx/1.10.3 (Ubuntu) |_http-title: 400 The plain HTTP request was sent to HTTPS port |_ssl-date: TLS randomness does not represent time | tls-alpn: |_ http/1.1 | tls-nextprotoneg: |_ http/1.1 Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
See: https://www.shodan.io/host/109.189.131.172 & https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Furlquery.net%2F -> https://observatory.mozilla.org/analyze/urlquery.net

polonus

Well, there is the possibility that the site is down due to internal network router/server issues. Doesn’t help that some major modem/router manufacturers don’t fix known active router exploitation in a timely manner either, some taking over two years to fix, and one is now offering that fix only if you contact tech support. In that case, if you go to that site you can’t find the firmware update needed even though it is published elsewhere on the internet. You have to contact IT help there for access to that critical file.

UrlQuery is a webscanning vulnerability/malware site and thus is a white hat site. Attacks are bound to happen. Active router attacks are now happening as we speak.

Hi mchain,

You are right, just remember what happened to the clean-mx repositories,
this because they came under continuous (Ddos- & other) attack,
you can now only query their repositories being registered and through an account.

Through beacons responding to them, bad guys will find out where the good guys (researchers, anti-malware folks) are,
and often will be able to identify them, even when researchers visit anonymously (via tails, tor, VPN, proxy, whonix, pi-hole etc.)

That is why malcreants are spreading so many documents around, because these documents (pdf etc.),
when opened up call back home to the cybercriminal base, and tell about you, maybe your printer info, etc.)

This all makes it easier for the bad folks to identify you, when you aren’t in their darkweb familiar circle,
you are standing out like a shining angel of sorts.

You even have to alter your wordings and comment style, the linguistics that sets you out to them,
so many ways that prevent you to go under the radar of cybercrime & Co.

This because they want to do their ill deeds silently and privately and not hindered,
still they, the bad guys, now also switch to one on one contacts on hardened encrypted messengers.
It is much more secure for them than being on the dark web,
where loads of servers are being brought down now every now and again.

They even use AI now to hunt us good guys down.

Keeping the Interwebz a bit more secure isn’t an easy task these days, not by far it is.

polonus (volunteer 3rd party cold reconnaissance wbesite security analyst and website error-hunter)

See: https://urlscan.io/domain/urlquery.net
and also from there: https://urlscan.io/result/d3b1d34b-3d6e-4412-a362-c6587df0b63c
also: https://securitytrails.com/list/apex_domain/urlquery.net
and
https://www.ip-tracker.org/locator/ip-lookup.php?ip=Urlquery.net
The bad gateway scan: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=dX1scXV7fXkubnt0YH17cF19dGAwZjB8ezg1MC04ZjI3LTQ4MzMtfF40Ni0zZjcyMXw5MWJ8ezU%3D~enc

Probably server errors “from hell”, mostly back-end service related, read:
https://bobcares.com/blog/502-bad-gateway-nginx/

polonus

Why a secure internet will probably stay a myth forever?

Read: https://ideas.ted.com/why-an-insecure-internet-is-actually-in-tech-companies-best-interests/

Hard to face these facts, as it is the truth why we have the insecure Interwebz we have.
So we as end-users are left out on our own to cope with this situation as best we can,
or cooperate to even do this a bit better.

You can vote with your clicks, steer away from Google towards duckduckgo.
Block trackers with blokada and pi-hole for instance, use open software over proriety software.

And do not believe all that you are being told via propagandistic ads from Big IT money grabbers.

polonus

I am glad to experience that urlquery dot net is up again and functioning again as a great resource,

polonus

That joy did not last long, again urlquery dot net is under attack and down again.

We all know this here at avast’s forum

We are in a constant cybersecurity battle and the open communication and collaboration between the security community, enterprise and government is necessary for us to continue defending against our adversaries.
I get a "LWP::Protocol::https::Socket:·connect:·timeout·at·/home/rexswa5/perl5/lib/perl5/LWP/Protocol/http.pm·line·50.".

polonus

I wonder what underlying protection they have installed, I know one site Stop Forum Spam has DDoS protection to stop it getting swamped.

Hi DavidR,

Haven´t a clue at what protection they have up or not.

Now see they are being under attack of some “pagamento_.html”,
which means that attack comes associated with certain paypal card service crooks.

If attacks are persistent enough urlquery dot net may be left no other escape than to be only available to users with an account,
that can be checked and monitored.

See: https://www.shodan.io/host/109.189.131.172 and
https://toolbar.netcraft.com/site_report?url=ti0182q160-0424.bb.online.no

Sometimes we loose such very fine resources, like with this online scanner: http://jsunpack.jeek.org/
that never came back after being under continuous malware attack.

Sorry to see such very important resources being “forced” from the Internet by dark forces
that shun the light to shine on their malcreating activities.

polonus

Online now :wink:

Thank you, Pondus, for reporting.
A good Norwegian service :wink:

your avast forum friend,

polonus

And again down for everybody, again that site came under attack.

polonus

Until back up one could read here: https://twitter.com/urlquery

Read about recent gigantic dDos campaigns from China:
https://en.greatfire.org/blog/2015/mar/chinese-authorities-compromise-millions-cyberattacks

pol