Once on the fake site, users see a list of Tamil movies from 1992 (e.g., Roja, Thevar Magan) to 2020 (e.g., Master, Soorarai Pottru). However, instead of video files (MP4, MKV), the download buttons lead to:
The term "portable" is abused here—victims believe they are downloading a self-contained video player, but they are actually downloading malware. wwwtamilblastersws scam 1992 2020 tamil portable
TamilBlasters is categorized as a "Public Torrent Site." It operates outside the bounds of the Copyright Act, 1957 (India). Once on the fake site, users see a
Note: Perform all steps on a separate, isolated device (e.g., a spare laptop, a virtual machine, or a phone that isn’t your primary work device). Do not use the compromised system for this. The term "portable" is abused here—victims believe they
| Step | Tool / Method | Details |
|------|---------------|---------|
| Domain WHOIS lookup | whois wwwtamilblastersws.com (or .net/.org). Use free services like whois.domaintools.com or ICANN WHOIS. | Identify registrar, registration date, owner contact (often hidden). If registration is recent (e.g., 2020+), that’s suspicious for a “1992‑2020” claim. |
| Check Blacklists | Use VirusTotal (URL scanner), Google Safe Browsing, Sucuri SiteCheck, Spamhaus, Cisco Talos. | If the domain appears on any blacklist, it’s a confirmed malicious site. |
| Archive.org Wayback Machine | https://web.archive.org/web/*/www.tamilblastersws.com | See if the site existed earlier, what content it displayed, and whether it ever claimed legitimacy. |
| DNS & IP analysis | nslookup wwwtamilblastersws.com, dig +short www.tamilblastersws.com, whois <IP>. Use IPinfo.io, Shodan, or Censys to see host reputation. | Determine if the IP belongs to a data center known for hosting scams. |
| Inspect page source | Right‑click → “View Page Source”. Look for obfuscated JavaScript, <iframe> tags loading external domains, or suspicious file extensions (e.g., .exe, .scr). | Malicious scripts often hide behind base64‑encoded strings. |
| Download sandbox analysis | If a file was offered, upload it to Hybrid Analysis, Joe Sandbox, or ANY.RUN (free tier). | The sandbox will reveal if the file contains ransomware, keyloggers, or other payloads. |
| Collect screenshots & URLs | Take clear screenshots of the landing page, any error messages, and the full URL (including query strings). | Useful evidence when reporting to authorities or your ISP. |