potential malicious redirect? I'm unsure.

[Snowden]

Some background: I use Sandboxie, Chrome w/ https everywhere, adblock plus and ghostery

AV: Avast free

It's late, a buddy of mine posted a shortened link on twitter...being bored I clicked on it and it was a redirect to google. That seemed odd.

The URL he pasted: (don't click) hxxp://t.co/FXqVa21T

I used LongURL to expand it:


Title:Google
Short URL: hxxp://t.co/FXqVa21T
Redirects:
3 (hide details)

hxxp://goo.gl/x0zuW
hxxp://shoppingcorp.info/
hxxp://www.google.com/

Long URL: http://www.google.com/

Did a whois on the domain..

Domain Name:SHOPPINGCORP.INFO
Created On:29-Aug-2012 09:37:24 UTC
Last Updated On:25-Sep-2012 11:00:07 UTC

But, to be safe, I changed the password of all logged in accounts....any suggestions/guidance?

[Snowden]

Sorry for posting the link. Can someone remove that please? I can't edit the post.

[Get]

Ask the buddy what the link was which he shortened? Maybe it was something on ShoppingCorp.com which is now for sale.

[Snowden]

I sent a message but haven't heard back from him... it was also about 0400 when it was posted.

[TheWindBringeth]

I see hxxp://t.co/FXqVa21T doing a meta refresh/location.replace to hxxp://goo.gl/x0zuW which 301s to hxxp://shoppingcorp.info/ which 302s to hxxp://www.google.com/. Nothing in those exchanges worth noting. Used FF.

[Snowden]

Thanks

but, still.. it's just weird