What is urlQuery
urlQuery is a free online service for testing and analyzing URLs, helping with identification of malicious content on websites. The main focus of urlQuery is to find and detect suspicious and malicious content on webpages, to help improve the security industry and make the internet a safer place.
Currently no service or security solution provide 100% detection of malicious content. The data provided is to help give a second opinion and should not be taken as facts. As with other sandbox technologies it can be detected which can scew or make the results inaccurate, other issues might include browser incompatabilities with settings/configurations within the browser or sandbox.
For feedback, requests or other inquiries please contact us at: contact at urlquery.net
There is an API towards the service, which provides the ability to: submit URLs, query for reputation of an URL and get back basic report information provided in the public reports. The API is provided over JSON. The full extent and limitation around the public API is currently being determind. There is also a private API provided to security companies which gives full access to data like urlfeeds, report data and other non-public data.
The API is currently in closed beta testing. The development of this has taken longer than expected, as the current backend rolled out in v0.9 had to be completed before further extension was possible. More info on this is coming.
urlQuery and Intrusion Detection Systems
urlQuery was not designed to perform comparative analyses of Intrusion Detection Systems, but as a services that checks websites for malicious or suspicious behavior. The alerts are provided to give an analyst guidence in what to look for.
All signatures of the Intrusion Detection Systems are left at their default configuration. Some subcategories of the signature sets has been disabled as they are outside the focus of urlQuery's service. This includes signatures on policy, unrelated services (smtp, ftp, etc.) and protocols outside scope (scada, icmp).
With the limited scope of urlQuery it only uses a small set of what Intrusion Detection Systems provides detection for. Leaving out several crucial areas when looking at the overall effectiveness and performance of a Intrusion Detection System.
The signature sets are updated daily.
An internal detection engine is also provided by urlQuery. This has access to data gathered from within the browser which can be hard for an Intrusion Detection System to reach or correctly determind. This gives it a uniqe opportunity to alert on malicious content along with suspicious behavior other system might miss. The detection engine is tailored to the environment which the service runs in, making it able to take several assumptions other systems is unable to do. The detection engine is provided to detect key points of intrest for an analyst to focus on and not full and complete detection.
Current version: 0.9-beta
Last update: 2012-11-09