Torry.io website blocked by avast webshield

[polonus]

Also found malicious here: https://www.virustotal.com/gui/url/7da76c0b50861229fbccd8b1ebf53d82ceb972b15f7604ce973d4270ee5d0682/links
See also: https://sitecheck.sucuri.net/results/https/torry.io

Outgoing links: Outgoing links
-https://play.google.com/store/apps/details?id=com.torry
-https://chrome.google.com/webstore/detail/torry/amgdmokmcgdoodpfegebpahngimkafin

See redirects: -https://torry.io redirects to -http://www.torry.io/

-http://www.torry.io/ redirects to -https://www.torry.io/

Re: https://urlscan.io/result/1d597b89-a4f9-443b-b24c-91bf3fe43fe4/

polonus

[polonus]

Also consider: https://www.joesandbox.com/analysis/459019/0/html

polonus

[polonus]

L.S.

Still being flagged by avast, and still found to be with quite some retirable code:

Retire.js
bootstrap   3.3.7   Found in -https://www.torry.io/external/bootstrap.min.js _____Vulnerability info:
Medium   28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331   1
Medium   20184 XSS in data-target property of scrollspy CVE-2018-14041   
Medium   20184 XSS in collapse data-parent attribute CVE-2018-14040   
Medium   20184 XSS in data-container property of tooltip CVE-2018-14042   
Medium   XSS is possible in the data-target attribute. CVE-2016-10735   
jquery-ui-dialog   1.11.4   Found in -https://www.torry.io/external/jquery-ui.min.js _____Vulnerability info:
Medium   CVE-2016-7103 281 XSS Vulnerability on closeText option   
jquery-ui   1.11.4   Found in -https://www.torry.io/external/jquery-ui.min.js _____Vulnerability info:
Low   XSS when refreshing checkboxes if usercontrolled data in labels 2101 CVE-2022-31160   
Medium   CVE-2021-41184 XSS in the `of` option of the `.position()` util   
Medium   CVE-2021-41183 15284 XSS Vulnerability on text options of jQuery UI datepicker   
Medium   CVE-2021-41182 XSS in the `altField` option of the Datepicker widget
Medium   CVE-2022-31160 XSS when refreshing a checkboxradio with an HTML-like initial text label   
jquery   1.11.1   Found in -https://www.torry.io/external/jquery.min.js _____Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Medium   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
Medium   CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS   
jquery-ui-autocomplete   1.11.4   Found in -https://www.torry.io/external/jquery-ui.min.js

Some more background information:

Torry.io is an anonimizing scheme started by Torch capital, a New York crunch-base early stage fund investor,
torry is meant to bring onion-tor searching to a wider public, resides under Google Trust Services,
also with a Google Chrome extension.

Use of tor browser and abuse has caused some parties to frown upon that service,
that was originally developed by United States Navy white hats, who started the service.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)