« previous next »
Pages: [1]   Go Down

Author Topic: Page does not send any data..[SOLVED]  (Read 4650 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Page does not send any data..[SOLVED]
« on: March 08, 2019, 01:39:49 PM »
Try to open: https://urlquery.net/report/e7bd086c-a3ee-4996-bc36-ffa227b53f89
and will get: This page isn’t working urlquery.net didn’t send any data.
ERR_EMPTY_RESPONSE Connection also seems not to be secure.

Re: https://observatory.mozilla.org/analyze/urlquery.net
See: https://observatory.mozilla.org/analyze/urlquery.net#third-party

Is this on my, e.g. client side or on their server side?
This makes me think it is the latter:
Quote
   
HSTS header missing the "includeSubDomains" attribute.
HSTS header missing the "preload" attribute.
HTTP page does not redirect to an HTTPS page.
Unknown error.
Also get this looking up on Netcraft:
Quote
An internal error occurred while accessing the requested URL.

For further assistance, please contact the system administrator

Anyone?

polonus
« Last Edit: March 10, 2019, 03:09:29 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: Page does not send any data..
« Reply #1 on: March 08, 2019, 01:49:01 PM »
Hi Pol, I get this with Firefox.
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Page does not send any data..
« Reply #2 on: March 08, 2019, 02:37:22 PM »
Hallo der Asyn,

You make my day. Feel a lot better to be able to establish, that it is not on my side then
(in my client aka browser).
So urlquery dot net's IT staff have some issues to solve over the weekend then.

They could well do with this generator: https://sslmate.com/caa/  as it says "DNS CAA, No".
Moreover their website server software is outdated: https://sitecheck.sucuri.net/results/https/urlquery.net
see involved risks here: https://nginx.org/en/security_advisories.html
And there is more: Security Checks for -https://urlquery.net
(3) Susceptible to man-in-the-middle attacks
Domain at risk of being hijacked
Vulnerabilities can be uncovered more easily
(2) Emails can be fraudulently sent
DNS is susceptible to man-in-the-middle attacks

Have a nice day, my avast forum friend,  ;)

S.G.

Damian aka polonus
« Last Edit: March 08, 2019, 05:20:37 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>> Avast Forum - Deutschsprachiger Bereich <<<
Re: Page does not send any data..
« Reply #3 on: March 08, 2019, 02:44:11 PM »
Hi Damian,

you're welcome and have a nice day as well. Groetjes :)
Logged
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Page does not send any data..
« Reply #4 on: March 08, 2019, 03:34:17 PM »
When going to the developer's page in the browser under the heading network for that particular uri request, I get

Quote
Provisional headers are shown
Referer: -https://urlquery.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 [/url]

Background read: https://stackoverflow.com/questions/31950470/what-is-the-upgrade-insecure-requests-http-header#32003517

This again stresses the importance of and also Google's mission to get https everywhere,
which drive we all should support :)

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Page does not send any data..
« Reply #5 on: March 08, 2019, 03:53:56 PM »
You can work around it while opening up the links on VT, like this one:
https://www.virustotal.com/#/url/5148d1839f139720d0f45d7fe4d8dbe939f6fd94db24052b3497ed91f45328fd/detection
and https://www.virustotal.com/#/file/55eabee0934606e5692f1a7cc16f6919df3c3405ed0ba0dcc1323b8bdcd11d9a/detection
which are the results for Blacklisted -xzc.197746.com/mogegegexx.apk for instance.
See for instance fortinet's detection of linux malware - https://www.virustotal.com/#/file/5e17944f8b7fcd194a5ee69ed97336937bbd155225865407975f29dadf7a2c17/details
Quote
PUP.HighConfidence

ESET-NOD32

a variant of Android/Packed.Jiagu.D potentially unsafe

Fortinet

Riskware/Jiagu!Android

K7GW

Trojan ( 005259891 )

Symantec Mobile Insight

AdLibrary:Generisk

polonus
« Last Edit: March 08, 2019, 04:08:30 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Page does not send any data..[SOLVED}
« Reply #6 on: March 08, 2019, 05:46:49 PM »
Connection back, and is secure again, but, critical issue is that certificate needs an urgent updating. :(
Conclusion service is up and running again.  :)

Tested here: https://urlquery.net/report/ada71612-fa44-49c6-99ff-6859f243a019
Solved back on,
Consider also:  https://www.virustotal.com/#/domain/logistic.3go.company , that does not have the alert!
Quote
URL   logistic.3go.company/   
IP   213.202.252.206
ASN   AS13301 United Gameserver GmbH
Location   Germany Germany
Report completed   2019-03-08 17:20:38 CET
Status   Report complete.
urlquery Alerts   Detected suspicious URL pattern
Missed at VT and Dr Web's: https://www.virustotal.com/#/domain/logistic.3go.company

Suspicious url pattern caused a blacklisting: https://sitecheck.sucuri.net/results/logistic.3go.company
See vulnerabilities on IP: https://www.shodan.io/host/213.202.252.206

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Page does not send any data..[SOLVED]
« Reply #7 on: March 10, 2019, 03:25:48 PM »
However, I went over the script hick-ups on that urlquery dot net, and there is certainly some room for improvement.
Some errors found:
Quote
SyntaxError: Unexpected token &
 /scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Invalid or unexpected token
 /scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Unexpected identifier
 /scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

DOM-XSS scan results in:
Results from scanning URL: -//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Number of sources found: 117
Number of sinks found: 92

SyntaxError: Unexpected token <
 /scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Unexpected strict mode reserved word
 /scan?url=-https%3A%2F%2Furlquery.net%2F%3F:64

SyntaxError: Unexpected token <
 /scan?url=-https%3A%2F%2Furlquery.net%2F%3F:6
  See attached validation report with parsing errors etc.

Also consider retirable libraries: https://retire.insecurity.today/#!/scan/2b6b934a9af05415e034bdc846b8b4b16b6a6095d9fd03bc81f7abaf9cad1a9a
Re:
Quote
jquery-ui-dialog   1.9.2   Found in -https://urlquery.net/static/org/javascript/jquery-ui-1.9.2.custom.min.js
Vulnerability info:
Medium   CVE-2010-5312 6016 Title cross-site scripting vulnerability   
High   CVE-2016-7103 281 XSS Vulnerability on closeText option   
jquery-ui-tooltip   1.9.2   Found in -https://urlquery.net/static/org/javascript/jquery-ui-1.9.2.custom.min.js
Vulnerability info:
High   CVE-2012-6662 8859 Autocomplete cross-site scripting vulnerability   
jquery   1.8.3   Found in -https://urlquery.net/static/org/javascript/jquery-1.8.3.js
Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
jquery-ui-autocomplete   1.9.2   Found in -https://urlquery.net/static/org/javascript/jquery-ui-1.9.2.custom.min.js

Next 133 recommendations for website improvement (safe TypeError: Cannot read property 'status' of undefined
 /static/scripts/scanner-4ad21c9ca8.js:1): https://webhint.io/scanner/80808e41-095e-44e7-a661-4ca5c3306854

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: March 10, 2019, 03:28:45 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »