not-a-virus:HEUR:AdWare.Script.Redirect.gen on torrent sites

[rounakr94]

Hi,
I am facing the above detection on some torrent sites like 1337x(.)to and yts(.)mx
My windows installation is 11 latest version and Kaspersky version is 21.21.7.384(a), I am seeing that many people with Kaspersky are seeing the above detection and it seems like some common banner advertisement that might be the cause. 
I had downloaded a file from the same website before the detection occurred, am I at any risk?
ADWCleaner, Sophos Scan&Clean and Kaspersky Quick Scan came back as clean.

[harlan4096]

Welcome to Kaspersky Community.

 

Can you go to Your K. Reports -> Safe Surfing, and copy/paste here the full details of the detection?

[harlan4096]

Also, can You post the link of the file You downloaded?

 

[rounakr94]

4 minutes ago, harlan4096 said:

Also, can You post the link of the file You downloaded?

 

Link: https://1337x(dot)to/torrent/6429220/Panchayat-S04-2025-Hin-1080p-WEBRip-x265-DD-5-1-ESub/

 

19 minutes ago, harlan4096 said:

Welcome to Kaspersky Community.

 

Can you go to Your K. Reports -> Safe Surfing, and copy/paste here the full details of the detection?

Event: We found an application that can be used by intruders to damage your computer or personal data
User: DEMON-SLAYER\rouna
User type: Initiator
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result description: Detected
Type: Contains adware, auto-dialers, legitimate software that can be used by intruders to damage your computer or personal data
Name: not-a-virus:HEUR:AdWare.Script.Redirect.gen
Precision: Partially
Threat level: Medium
Object type: File
Object path: https://1337x(dot)to/torrent/6429220/Panchayat-S04-2025-Hin-1080p-WEBRip-x265-DD-5-1-ESub
MD5 of an object: 5557F9580E13A8B4F3FFBA2D8240A986
Reason: Expert analysis
Databases release date: Today, 26-06-2025 08:25:00 AM

 

Event: Download denied
User: DEMON-SLAYER\rouna
User type: Initiator
Application name: chrome.exe
Application path: C:\Program Files\Google\Chrome\Application
Component: Safe Browsing
Result description: Blocked
Type: Contains adware, auto-dialers, legitimate software that can be used by intruders to damage your computer or personal data
Name: not-a-virus:HEUR:AdWare.Script.Redirect.gen
Precision: Partially
Threat level: Medium
Object type: File
Object path: https://1337x(dot)to/torrent/6429220/Panchayat-S04-2025-Hin-1080p-WEBRip-x265-DD-5-1-ESub
MD5 of an object: 5557F9580E13A8B4F3FFBA2D8240A986
Reason: Expert analysis
Databases release date: Today, 26-06-2025 08:25:00 AM

Also, this detection is site wide on all pages except the homepage so not file specific. Happens in all browsers.

[harlan4096]

Ok, that’s the URL detection for the torrent site, but did You download any executable and ran it in Your system?

[rounakr94]

1 minute ago, harlan4096 said:

Ok, that’s the URL detection for the torrent site, but did You download any executable and ran it in Your system?

Nope, just MP4 files not any executable.

Edited 3 hours ago by rounakr94

[harlan4096]

So, You only get that detection if You open the browser and visits that "suspicious torrents sites" or even without visiting them?

[rounakr94]

22 minutes ago, harlan4096 said:

So, You only get that detection if You open the browser and visits that "suspicious torrents sites" or even without visiting them?

Yes

[harlan4096]

Ok, I reproduced the detection in a Virtual Machine, visited that site, but I only get that detection if I try to download a .torrent file, when I click in the link, then got that warning:

 

 

And the notification warns that probably there is a suspicious behavior (redirection) in that link.

[rounakr94]

2 minutes ago, harlan4096 said:

Ok, I reproduced the detection in a Virtual Machine, visited that site, but I only get that detection if I try to download a .torrent file, when I click in the link, then got that warning:

 

 

And the notification warns that probably there is a suspicious behavior (redirection) in that link.

I think that it maybe because of some advertisement or banner which is common on both websites. 

[werty]

same for many website , firefox +noscript and ublock orign . just visit or search 

Edited 9 minutes ago by werty