Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Suspicious websites opening on opensubtitles.org

  • Please log in to reply
No replies to this topic

#1 jokeman


  • Members
  • 1 posts
  • Local time:02:10 PM

Posted 26 May 2017 - 05:07 AM



I'm observing some dodgy behaviour on the opensubtitles.org site. I have written to their forums but did not get the answer.


The issue I'm dealing with is opening of third party sites. All of them are scam.They appear when clicking on the top link bar (i.e. Request, Upload....). There's also word, some users got duped and got stolen money when entering credit card details, since the sites were posing as a user verification service when registering an opensubtitles.org account. Obviously the sites were informing them this is a free opensubtitles subscription user verification and their credit card will never be charged.


I would like to get to the bottom of this. What is the mechanic behind this kind of redirections. Are they merely a byproduct of advertising companies they are using? If this kind of activity is happening with their knowledge I think it's a very dirty practice for a community based site or every site for that matter.


So some analysis so far.


I have tried on different machines (windows 7, windows 10) and different browsers (Edge, Chrome). I even set up a clean windows 10 machine and even Chrome on Android. The result is the same, so I presume it's not a client side infection.


The redirection happens the first time you click the link. Subsequent attempts result in getting to a correct opensubtitles site.


When a link is clicked, I first got redirected through an intermediate site - paclitor.com



Then an automatic redirect takes me to various malicious sites.





And these are screenshots from android





The sites mentioned are usualy linked to companies stationed in Cyprus.


These are the links to various sites describing some of the domains I get redirected to:






So, what is your opinion? What can be done to alleviate this problem. Can a user do anything to avoid getting these redirections or are we at mercy of the site admins? I do have adblock+ installed but it seems it does not help in this case.


If anyone is interested, you can try it yourself. I can also provide pcap's or other debug info if needed.


best regards


Edited by jokeman, 26 May 2017 - 05:11 AM.

BC AdBot (Login to Remove)



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users