Strange search results for Highscreen on Google Chrome
A strange incident has happened in the world. Using the Google Chrome feature described in the article Do not close tab in Chrome (November 23 at 2:00 p.m. ) - zhovner , cybercriminals via Google’s search query leading to the notorious company Vobis Highscreen.org opened their page demanding money.
Through a Google.com search in the Chrome browser, you get to the scam site .
Tested on the Beeline network, MTS and Rostelecom, on Chrome for Windows and for Android. Everywhere in the Google search and Chrome bunch, an intruder site opens . A link from Wikipedia.org leads to the correct version of the site.
Reply from HighScreen:
A check on the same day gave the following picture : i.e. the problem is clearly not resolved. I am waiting for an answer to the second letter. Links for experiments:
The conditions of the experiment:
Check under IE, Opera and Firefox with the latest updates did not give a similar result and the transition to the site was carried out normally.
The test involved Windows Chrome, Android chrome (Boost and Nexus4 , 7 2013 ).
Reason for publication: I did not find information on this phenomenon on the Internet.
I sent a letter with a link to the post to Vobis, so that they would also understand.
UPD1
Through a Google.com search in the Chrome browser, you get to the scam site .
Tested on the Beeline network, MTS and Rostelecom, on Chrome for Windows and for Android. Everywhere in the Google search and Chrome bunch, an intruder site opens . A link from Wikipedia.org leads to the correct version of the site.
Reply from HighScreen:
Hello.
Yes, there was such a problem for a couple of days. At the moment, programmers have eliminated everything. If you suddenly encounter this problem again - write.
Thanks for contacting.
Marina.
A check on the same day gave the following picture : i.e. the problem is clearly not resolved. I am waiting for an answer to the second letter. Links for experiments:
- Wikipedia - en.wikipedia.org/wiki/Highscreen
- Google - www.google.com/search?q=hiscreen&oq=hiscreen&aqs=chrome..69i57.3895j0j1&sourceid=chrome&ie=UTF-8#newwindow=1&q=Highscreen&spell=1
The conditions of the experiment:
- Chrome browser.
- Search Google for Highscreen or Highscreen.org.
- Better done in a browser without important tabs.
- Please check out other phishing options on
Chromeiumand other browsers. - To close the tab, turn off the Internet and update and then close the tab - @ trilodi - @ imnement
- To launch the Chrome Task Manager, press SHIFT + Esc
Check under IE, Opera and Firefox with the latest updates did not give a similar result and the transition to the site was carried out normally.
The test involved Windows Chrome, Android chrome (Boost and Nexus4 , 7 2013 ).
Reason for publication: I did not find information on this phenomenon on the Internet.
I sent a letter with a link to the post to Vobis, so that they would also understand.
UPD:
UPD1
- Focus plays on Linux - Disasm
- It's not about HOST under Windows
- The problem is observed when switching from Google search results via the link to Highscreen.org in the Google Chrome browser and has not yet been confirmed for other browsers with the same engine.
(What about Chromium?) - The server itself is highscreen.org who makes a 302 redirect. Works in chrome forks, doesn't work in FF. - nikitasius
- Manifested in Chromium - larrabee
UPD2
Спасибо nikitasius
Request URL: http: //highscreen.org/ Request Method: GET Status Code: 302 Found Request Headersview parsed GET / HTTP / 1.1 Host: highscreen.org Connection: keep-alive Accept: text / html, application / xhtml + xml, application / xml; q = 0.9, * / *; q = 0.8 User-Agent: Mozilla / 5.0 (Windows NT 6.1; WOW64) AppleWebKit / 537.36 (KHTML, like Gecko) Iron / 29.0.1600.1 Chrome / 29.0.1600.1 Safari / 537.36 DNT: 1 Referer: https://www.google.ru/ Accept-Encoding: gzip, deflate, sdch Accept-Language: ru-RU, ru; q = 0.8, en-US; q = 0.6, en; q = 0.4 Response Headersview parsed
HTTP / 1.1 302 Found Server: nginx / 0.8.53 Date: Sun, 07 Dec 2014 22:33:06 GMT Content-Type: text/html; charset=windows-1251 Connection: keep-alive X-Powered-By: PHP/5.3.18 Location: http://oplata-shtrafa.org/n/?v=highscreen.org Content-Length: 0
Спасибо nikitasius