Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious websites opening on opensubtitles.org


  • Please log in to reply
No replies to this topic

#1 jokeman

jokeman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:39 AM

Posted 26 May 2017 - 05:07 AM

Hi

 

I'm observing some dodgy behaviour on the opensubtitles.org site. I have written to their forums but did not get the answer.

 

The issue I'm dealing with is opening of third party sites. All of them are scam.They appear when clicking on the top link bar (i.e. Request, Upload....). There's also word, some users got duped and got stolen money when entering credit card details, since the sites were posing as a user verification service when registering an opensubtitles.org account. Obviously the sites were informing them this is a free opensubtitles subscription user verification and their credit card will never be charged.

 

I would like to get to the bottom of this. What is the mechanic behind this kind of redirections. Are they merely a byproduct of advertising companies they are using? If this kind of activity is happening with their knowledge I think it's a very dirty practice for a community based site or every site for that matter.

 

So some analysis so far.

 

I have tried on different machines (windows 7, windows 10) and different browsers (Edge, Chrome). I even set up a clean windows 10 machine and even Chrome on Android. The result is the same, so I presume it's not a client side infection.

 

The redirection happens the first time you click the link. Subsequent attempts result in getting to a correct opensubtitles site.

 

When a link is clicked, I first got redirected through an intermediate site - paclitor.com

 

paclitor.png

Then an automatic redirect takes me to various malicious sites.

 

gomediaz.jpg

 

videostripe.jpg

And these are screenshots from android

Screenshot_2017_05_19_10_07_02.png

 

Screenshot_2017_05_19_10_07_53.png

 

The sites mentioned are usualy linked to companies stationed in Cyprus.

 

These are the links to various sites describing some of the domains I get redirected to:

https://www.onlinethreatalerts.com/article/2017/2/19/beware-of-www-coreplays-com-it-is-a-fraudulent-website/

http://www.scamadviser.com/check-website/paclitor.com

http://www.scamadviser.com/check-website/videostripe.com

http://www.scamadviser.com/check-website/gamezjet.com

 

So, what is your opinion? What can be done to alleviate this problem. Can a user do anything to avoid getting these redirections or are we at mercy of the site admins? I do have adblock+ installed but it seems it does not help in this case.

 

If anyone is interested, you can try it yourself. I can also provide pcap's or other debug info if needed.

 

best regards

 


Edited by jokeman, 26 May 2017 - 05:11 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users