False positive Yggtorrent.wtf

Hello!

Our community website Yggtorrent is flagged as “contains malicious code” even though the site contains absolutely no malicious code!

This is the first time in several years that it has been flagged.

This is the URL: hxtps://yggtorrent.wtf/
Which is the official address of the site, as indicated on the Wikipedia page: https://fr.wikipedia.org/wiki/YggTorrent

Here are some reports:
https://www.virustotal.com/gui/url/36454dd323670124e1bddd6ce3b66c314cf188d627e3067657851a51820f44fd/details
https://transparencyreport.google.com/safe-browsing/search?url=yggtorrent.wtf

Thanks in advance

If you think it is wrong, then report it to avast lab

See here how to do it > https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

We already did that, any idea of what causes this problem?

No, avast lab should tell you when/if they reply

Always check scan date on virustotal and refresh if old
https://www.virustotal.com/gui/url/36454dd323670124e1bddd6ce3b66c314cf188d627e3067657851a51820f44fd

Pondus and I are Avast users so we can’t really say why only the Avast Virus Labs team can do that and why Pondus gave the link.

You should get a response in a day or two.

However VT isn’t completely clear there are two hits and if you look at the Links rather than Details external links could also be the issue.
https://www.virustotal.com/gui/url/36454dd323670124e1bddd6ce3b66c314cf188d627e3067657851a51820f44fd/links

Some security issues reported here - https://en.internet.nl/site/yggtorrent.wtf/2252771/
Medium Security Risk reported here - https://sitecheck.sucuri.net/results/https/yggtorrent.wtf - with some hardening improvement suggestions.
Minimal Security Risk reported here - https://quttera.com/detailed_report/yggtorrent.wtf

We’ve already checked that, there are no external links that are blacklisted or malicious.

Also, as you say, the scanners report a few minor-medium problems, nothing too serious to justify this blacklisting…

An answer from Avast Lab would be appreciated.

Best regards

As I said - You should get a response in a day or two. - from the virus labs team.

Here it is being found to be clean - Dr.Web - website scan:

Checking: -https://js.hcaptcha.com/1/api.js?hl=fr File size: 313.26 KB File MD5: e44007583d40287d88fb0d7f12d9922b

-https://js.hcaptcha.com/1/api.js?hl=fr - Ok

Checking: -https://yggtorrent.wtf/assets/js/jquery.countdown.js
File size: 3432 bytes
File MD5: 0ce41898d0bb4024b1a8619b00eb60bb

-https://yggtorrent.wtf/assets/js/jquery.countdown.js - archive JS-HTML

-https://yggtorrent.wtf/assets/js/jquery.countdown.js/JSFile_1[0][d68] - Ok
-https://yggtorrent.wtf/assets/js/jquery.countdown.js - Ok

Checking: -https://yggtorrent.wtf/assets/js/select2.min.js
File size: 65.04 KB
File MD5: 26abb17f4b7260ea8c912313e2c80fef

-https://yggtorrent.wtf/assets/js/select2.min.js - Ok

Checking: -https://yggtorrent.wtf/assets/js/jquery.min.js
File size: 83.58 KB
File MD5: 710458dd559c957714ac4a8e95357eb5

-https://yggtorrent.wtf/assets/js/jquery.min.js - archive JS-HTML

-https://yggtorrent.wtf/assets/js/jquery.min.js/JSTag_1[abc7][a287] - Ok
-https://yggtorrent.wtf/assets/js/jquery.min.js/JSTag_2[13afe][1350] - Ok
-https://yggtorrent.wtf/assets/js/jquery.min.js - Ok

Checking: -https://yggtorrent.wtf/assets/js/jnotifier.min.js
File size: 2548 bytes
File MD5: 13e1a80ee6ee5e3f1c4dfea1e5bbff33

-https://yggtorrent.wtf/assets/js/jnotifier.min.js - Ok

Checking: -https://yggtorrent.wtf/assets/js/bootstrap-notify.min.js
File size: 8123 bytes
File MD5: f1500597494be6a0329fd1b1e055dcef

-https://yggtorrent.wtf/assets/js/bootstrap-notify.min.js - archive JS-HTML

-https://yggtorrent.wtf/assets/js/bootstrap-notify.min.js/JSTAG_1[1134][3a] - Ok
-https://yggtorrent.wtf/assets/js/bootstrap-notify.min.js - Ok

Checking: -https://yggtorrent.wtf/assets/js/bootstrap.min.js
File size: 49.85 KB
File MD5: e47a9d976663a4ce4db5961af909eb58

-https://yggtorrent.wtf/assets/js/bootstrap.min.js - Ok

Checking: -https://yggtorrent.wtf/
Engine version: 7.0.60.6220
Total virus-finding records: 11708120
File size: 59.45 KB
File MD5: d551375bd75045744c95951625d9e8d0

-https://yggtorrent.wtf/ - archive JS-HTML

-https://yggtorrent.wtf//JSTAG_1[18be][ce] - Ok
-https://yggtorrent.wtf//JSTAG_2[ce7f][1c5] - Ok
-https://yggtorrent.wtf//JSTAG_3[df37][168] - Ok
-https://yggtorrent.wtf//JSTAG_4[e3ac][7f3] - Ok
-https://yggtorrent.wtf//JSTAG_5[3810][6208] - archive BASE64

-https://yggtorrent.wtf//JSTAG_5[3810][6208]/0.part - Ok
-https://yggtorrent.wtf//JSTAG_5[3810][6208] - Ok
-https://yggtorrent.wtf/ - Ok


2 to flag: https://www.virustotal.com/gui/url/36454dd323670124e1bddd6ce3b66c314cf188d627e3067657851a51820f44fd?nocache=1

Benign: https://zulu.zscaler.com/submission/11a15945-3a58-4899-957d-9d8aae61d3f5

But wait for a final verdict from avast team. This link was not flagged by avast’s:
-https://mamot.fr/@YggTorrent (La Quadrature du Net),

polonus (volunteer 3rd-party cold recon website security analyst and website error-hunter)

We’re still waiting reply from them.
No member from the staff to answer us?

One as has been said it may take a day or two for an answer (and possible longer given it is a weekend) and this topic is only a day old (on less you sent an FP report before that).

The only people that can give a response are Avast Virus Labs members, not all Avast members can analyse this and answer.

Ok thank you for your reactivity.
I forgot we were Sunday :slight_smile:

You’re welcome.