What's wrong with keepshare.net ?

Viruses and worms
1

Hello,
I download lot of files on the net and today, I go to keepshare.net . Avast said that is an URL:MAL . Except Fortinet, no Antivirus says that is a malware : https://virustotal.com/fr/url/0ea7cd825e6d57c67ef4cddda68c8e86450c999a5150c99d0edefb07e02ea08f/analysis/

I try with a proxy (miniProxy) and the page looks safe. Is this website a false positive or not ?

Thank you :wink:

2

URL:Mal(2) = IP and/or domain is blacklisted

VirusTotal does not scan websites.

Blacklisted :
http://zulu.zscaler.com/submission/show/b1388ae98587809c0b029f6159d5119b-1470466228
http://urlquery.net/report.php?id=1470463805204
http://urlquery.net/report.php?id=1470463950693

Malware, phishing, malicious
Reporting sources: quttera.com, virustotal.com, urlquery.net, google safebrowsing, cleanmx-phishing :
https://cymon.io/94.23.27.207

Server error :
https://sitecheck.sucuri.net/results/keepshare.net

Suspicious redirect :
https://quttera.com/detailed_report/keepshare.net

Bad IP history :
https://www.virustotal.com/en/ip-address/94.23.27.207/information/

3

Thanks for reply so it’s not so safe.

4

If you want to download software, only download legal software from respected developers (official websites).

5

The only source that alerts it as a risk is McAfee’s.
Retirable: -http://keepshare.net
Detected libraries:
jquery - 1.9.1 : (active1) -http://keepshare.net/js/jquery-1.9.1.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-ui-dialog - 1.11.2 : (active1) -http://keepshare.net/js/jquery-ui.js
jquery-ui-autocomplete - 1.11.2 : (active1) -http://keepshare.net/js/jquery-ui.js
jquery-ui-tooltip - 1.11.2 : (active1) -http://keepshare.net/js/jquery-ui.js
(active) - the library was also found to be active by running code
1 vulnerable library detected

This link should be blocked: -http://s10.histats.com/js15.js It is in Peter Lowe’s ad server list.
McAfee flags where it is hosted as risky: -http://ns346277.ip-94-23-27.eu/

polonus

6

There is a little more to this than meets the eye at first glance. For the unaware, the general user and the not all too advanced user it is a better advice not to install Peter Lowe’s ad server list, because you never know when you need some breaking of those blocks, when it hinders the right functionality of certain sites.

But balancing between unwanted and dangerous is a very delicate one and the advanced users that know how to tweak their adblocker’s break list (it resides at the filters) can do so for the sites where they prefer functionality over privacy risks.

Alas a general tool cannot please everyone. A gamer is another animal that the privacy aware and the malad blocker yet another person. For instance what is a PUp risk that is tolerated by some, that go their willingly there or a PUP risk brought upon a victim unintentionally are two quite different things.

Best would be that every user (within limits) of course could decide to have the best of both worlds. Often the choice made for you is an arbitrary one. For uBlock original the break list will reside in filters, go to options and learn how to write your personal filter.

Indeed that is not for everyone, so in that case we have to agree what avast blocks has been done after ample consideration. There I fully and utterly may trust the Avast Team Members’ decisons.

polonus (volunteer website security analyst and website error hunter)