Strange behavior of Google Search results for Highscreen in Google Chrome browser
A strange thing happened in the world. Using the Google Chrome feature described in the Not Closable tab article in Chrome (November 23 at 2:00 pm) - zhovner , the attackers, through Google’s search query, brought to the website Highscreen.org, a not unknown company Vobis, opened their page with money requirements.
Through Google.com search in the Chrome browser you get to the scam site .
Tested on the Beeline network, MTS and Rostelecom, on Chrome under Windows and under Android. Everywhere in the Google Search and Chrome bundle, the attackers website opens . The link from Wikipedia.org leads to the correct version of the site.
The answer from HighScreen:
A check on the same day gave the following picture :
Those. The problem is clearly not resolved.
Waiting for an answer to the second letter.
Links for experiments:
Experimental conditions:
Checking for IE, Opera and Firefox with the latest updates did not give this result and the transition to the site was carried out normally.
The test involved Windows Chrome, Android chrome (Boost and Nexus4 , 7 2013 )
Reason for publication: I did not find information on this phenomenon on the Internet.
The letter with reference to the post sent to Vobis, so that they also understood.
UPD1
Through Google.com search in the Chrome browser you get to the scam site .
Tested on the Beeline network, MTS and Rostelecom, on Chrome under Windows and under Android. Everywhere in the Google Search and Chrome bundle, the attackers website opens . The link from Wikipedia.org leads to the correct version of the site.
The answer from HighScreen:
Hello.
Yes, there was such a problem a couple of days. At the moment, programmers have eliminated everything. If you suddenly encounter this problem again - write.
')
Thank you for contacting.
Marina.
A check on the same day gave the following picture :
Those. The problem is clearly not resolved.
Waiting for an answer to the second letter.
Links for experiments:
- Wikipedia - en.wikipedia.org/wiki/Highscreen
- Google - www.google.com/search?q=hiscreen&oq=hiscreen&aqs=chrome..69i57.3895j0j1&sourceid=chrome&ie=UTF-8#newwindow=1&q=Highscreen&spell=1
Experimental conditions:
- Chrome browser.
- Search Google for Highscreen or Highscreen.org.
- Better to do in the browser without important tabs.
- Please check for other phishing options on
Chromiumand other browsers. - To close the tab, turn off the Internet and update and then close the tab - @ trilodi - @ imnement
- To launch Chrome Task Manager, press SHIFT + Esc
Checking for IE, Opera and Firefox with the latest updates did not give this result and the transition to the site was carried out normally.
The test involved Windows Chrome, Android chrome (Boost and Nexus4 , 7 2013 )
Reason for publication: I did not find information on this phenomenon on the Internet.
The letter with reference to the post sent to Vobis, so that they also understood.
UPD:
UPD1
- Focus reproduced on Linux - Disasm
- It's not about HOST under Windows
- The problem is observed in the transition from the search results Google on the link to the site Highscreen.org in the Google Chrome browser and has not yet been confirmed for other browsers with the same engine.
(What's up with Chromium?) - The server itself is highscreen.org who makes a 302 redirect. Works in chrome forks, does not work in FF. - nikitasius
- Manifested in Chromium - larrabee
UPD2
Thanks nikitasius
Request URL: http: //highscreen.org/ Request Method: GET Status Code: 302 Found Request Headersview parsed GET / HTTP / 1.1 Host: highscreen.org Connection: keep-alive Accept: text / html, application / xhtml + xml, application / xml; q = 0.9, * / *; q = 0.8 User-Agent: Mozilla / 5.0 (Windows NT 6.1; WOW64) AppleWebKit / 537.36 (KHTML, like Gecko) Iron / 29.0.1600.1 Chrome / 29.0.1600.1 Safari / 537.36 DNT: 1 Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, sdch Accept-Language: ru-RU, ru; q = 0.8, en-US; q = 0.6, en; q = 0.4 Response Headersview parsed
HTTP / 1.1 302 Found Server: nginx / 0.8.53 Date: Sun, 07 Dec 2014 22:33:06 GMT Content-Type: text / html; charset = windows-1251 Connection: keep-alive X-Powered-By: PHP / 5.3.18 Location: http://oplata-shtrafa.org/n/?v=highscreen.org Content-Length: 0
Thanks nikitasius
Related Links
Source: https://habr.com/ru/post/245229/
All Articles