About urlquery.net

urlquery.net is an project designed to assist security researchers, analysts, and professionals in investigating and understanding web-based threats. The platform provides a controlled environment to analyze URLs, capturing network behavior, redirects, downloads, and potential indicators of compromise.

The primary objective of urlquery.net is to support a service for analysis, research and education in web threat analysis.

Technical Overview

Scan Process

Submitted URLs are opened in a fully instrumented browser within a secure, isolated sandbox. All network activity, resources, and activity are recorded to provide accurate insights into website behavior in a realistic browsing context.

Data Collection

The system collects comprehensive data during each scan, including:

  • HTTP/HTTPS requests, responses and downloadedresources
  • Domain and IP resolutions
  • SSL/TLS certificate information
  • JavaScript and network activity
  • Screenshots of the rendered pages
  • Metadata from downloaded or embedded files

Artifact Extraction & Analysis

Collected files and artifacts are automatically processed and analyzed. This includes, but not limited to:

  • Archive extraction
  • PDF parsing and script extraction
  • Windows shortcut (LNK) analysis
  • YARA scanning patterns and indicators of compromise

Threat Intelligence Enrichment

Analysis is supplemented with publicly available and internal threat intelligence to highlight suspicious behavior, including:

  • Known phishing or malware domains
  • Leaked credentials or tokens (e.g., Telegram tokens)
  • Malicious network infrastructure indicators

Infrastructure & Security

All scans execute in isolated, containerized environments that are reset between sessions to ensure containment. The sandbox architecture prevents cross-scan contamination and safeguards external systems. Monitoring and logging are implemented to maintain performance, security, and operational stability.

Data Retention & Privacy

Scan results are retained for a limited time to support service delivery, operational stability and research. Data is not stored permanently and is automatically purged after exipiry of retention period.

Key principles:
  • Personally identifiable information (PII) is not intentionally collected or shared.
  • Public scans are accessible to all users; private scans remain visible only to the submitter.
  • Each public report includes a “Request Review” option, allowing users to request removal, redaction, or reclassification of scan data.

Requests for removal or privacy concerns can be submitted via the Request Review feature or by contacting abuse@urlquery.net.

Contact

For general questions, feedback, or technical inquiries:
📧 contact@urlquery.net

To report phishing:
📧 phishing@urlquery.net

For abuse reports or removal requests:
📧 abuse@urlquery.net