At the beginning of the week, Google and Mozilla began to block the YTS.mx website , one of the most used to download movies in torrent. The reason for the blockage was simple: the antivirus shows an alert when entering, and the safe navigation systems of the browsers blocked it instantly. However, the web has managed to bypass the blockade.
When entering the YTS.mx main page, the browser does not block, but antivirus does detect a JS / Adware.Velocity.A , a type of adware that executes or installs an extension or content in the user’s browser without your permission to display ads without permission.
YTS bypasses the lock by changing a letter in the URL
However, as soon as we clicked on a link, browsers did go on to block those domains that linked to torrent movies. The blocking is done with Chrome’s Safe Browsing system , which protects us from phishing pages and the like. However, it is rare to see a download page crash, but in this case YTS has crossed the line trying to get malware into its visitors’ computers.
And the web, instead of eliminating it, has done a simple change of domain. As the root is not blocked, we can continue entering YTS.mx as before. However, if we click on a movie, we can now enter without problem to see the links, despite the fact that the antivirus alert continues to appear.
To do this, what they have done is to add a / movies / to the URL, so that where we used to enter https://yts.mx/movie/sonic-the-hedgehog-2020 , now we enter https: // yts.mx/movies/sonic-the-hedgehog-2020 . The only thing they have done is add an “s” to “movie”, and the domain is already different and browsers do not block it, even though the malicious behavior is exactly the same.
Google should improve Safe Browsing
The website has millions of visits a day, since its ripping is one of the most popular on the net due to its small size, which makes it ideal for quickly obtaining a movie or taking it on mobile and watching it anywhere. The web, for the moment, continues to rank correctly in Google despite multiple security alerts. It is curious that skipping the Google block is so easy, and we will see if in the next few hours the web will not be blocked again. Google launched a few weeks ago the improved Safe Browsing to make detections in shorter periods of time, but it seems that here it is not serving much.
Therefore, what we recommend is that, if you enter the web, you do so with a browser that you use normally, where you can have a version of Chrome Canary installed to avoid failures, as well as you can enter using Tor Browser.