potential malicious redirect? I'm unsure.

Snowden · Oct 19, 2012

Some background: I use Sandboxie, Chrome w/ https everywhere, adblock plus and ghostery

AV: Avast free

It's late, a buddy of mine posted a shortened link on twitter...being bored I clicked on it and it was a redirect to google. That seemed odd.

The URL he pasted: (don't click) hxxp://t.co/FXqVa21T

I used LongURL to expand it:

Title:Google
Short URL: hxxp://t.co/FXqVa21T
Redirects:
3 (hide details)

hxxp://goo.gl/x0zuW
hxxp://shoppingcorp.info/
hxxp://www.google.com/

Long URL: http://www.google.com/

Did a whois on the domain..

Domain Name:SHOPPINGCORP.INFO
Created On:29-Aug-2012 09:37:24 UTC
Last Updated On:25-Sep-2012 11:00:07 UTC

But, to be safe, I changed the password of all logged in accounts....any suggestions/guidance?

Snowden · Oct 19, 2012

Sorry for posting the link. Can someone remove that please? I can't edit the post.

Get · Oct 19, 2012

Ask the buddy what the link was which he shortened? Maybe it was something on ShoppingCorp.com which is now for sale.

Snowden · Oct 19, 2012

I sent a message but haven't heard back from him... it was also about 0400 when it was posted.

TheWindBringeth · Oct 19, 2012

I see hxxp://t.co/FXqVa21T doing a meta refresh/location.replace to hxxp://goo.gl/x0zuW which 301s to hxxp://shoppingcorp.info/ which 302s to hxxp://www.google.com/. Nothing in those exchanges worth noting. Used FF.

Snowden · Oct 19, 2012

Thanks

but, still.. it's just weird

Log in or Sign up

potential malicious redirect? I'm unsure.

Snowden Registered Member

Snowden Registered Member

Get Registered Member

Snowden Registered Member

TheWindBringeth Registered Member

Snowden Registered Member

Log in or Sign up

potential malicious redirect? I'm unsure.

Snowden Registered Member

Snowden Registered Member

Get Registered Member

Snowden Registered Member

TheWindBringeth Registered Member

Snowden Registered Member

Useful Searches