Just this evening got the following message trying to visit that scanning site:
malicious site blocked by avast Networkshield
Object -http://urlquery.net
Infection URL:Mal
Process C:\Users\polonus\AppData..\ChromePrivacyGuard.exe
What is/was out there?
Was this the cause: Domain blacklisted on the Opera browser (via AVG): -urlquery.net
and what was the reason?
The only thing I find on this is: 2011/04/14_13:20 -urlquery.net/download.php? id=21116 95.34.53.130 Rogue (via -http://www.malwareblacklist.com/searchClearingHouse.php ??)
If they blacklisted the site because of the FakeAV there (like avira did), according to Clean MX the response for that malware access query is dead (closed 011-04-24 17:44:4)
so the Paretologic blacklisting is no longer actual, and if the avast Networkshield has been based on the threat it is flagging Paretologic’s daily dirt, even Sucuri took this blacklisting from Opera’s blacklisting. Unmasked parasites has an all clean. This is also not showing anything:
-http://jsunpack.jeek.org/?report=87db452f461223c8cc6e75c2e6943d250c1d7e6f
Also see: http://siteinspector.comodo.com/public/reports/754769 green
I have no idea if the report went through, sent it twice as I didn’t see any confirmation page. Whilst it never used to have a confirmation page, the last time I used it it did, so I don’t know if they have abandoned that (I mistake for sure if they have).
Quote from a user comment on WOT (quote author = detro)
This is a great site for running malicious URL's through and having them analyzed. It detects multiple types of Exploit Packs which may be serving malicious content. It essentially runs these in a sandbox and provides results. The reason AV and Malware sites may have this site flagged is because URLQuery.net actually supplies the raw code from the exploit kits for you to view and most AV is not smart enough to differentiate viewing the raw code in your browser and the code being RUN by your browser. Extremely useful site for security analysts or anyone tasked with investigating malware sites.
You will also see an email relating to this one also. As mentioned there is no confirmation when using the above Contact form, so you are never sure if it has been sent. Perhaps you could have a word with the website guys to instigate/reinstate this confirmation page after submitting a report.
I did likewise and reported through the contact form, where I gave the latest Clean MX status report for that Norwegian scan site. Site has to be used with care and is meant for the more security savvy, like when visiting sites like jsunpack to analyze malscript and malware domains, etc. So watch your clicks as always,
polonus
P.S. Became available again, thanks avast team, status now [SOLVED]
Well it is a pain when you lose a valuable tool for checking out sites (without having to actually visit), so lots of us will have been reporting that loss of use.
