potential malicious redirect? I'm unsure.

Discussion in 'malware problems & news' started by Snowden, Oct 19, 2012.

Thread Status:
Not open for further replies.
  1. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    Some background: I use Sandboxie, Chrome w/ https everywhere, adblock plus and ghostery

    AV: Avast free

    It's late, a buddy of mine posted a shortened link on twitter...being bored I clicked on it and it was a redirect to google. That seemed odd.

    The URL he pasted: (don't click) hxxp://t.co/FXqVa21T

    I used LongURL to expand it:


    Title:Google
    Short URL: hxxp://t.co/FXqVa21T
    Redirects:
    3 (hide details)

    hxxp://goo.gl/x0zuW
    hxxp://shoppingcorp.info/
    hxxp://www.google.com/

    Long URL: http://www.google.com/

    Did a whois on the domain..

    Domain Name:SHOPPINGCORP.INFO
    Created On:29-Aug-2012 09:37:24 UTC
    Last Updated On:25-Sep-2012 11:00:07 UTC

    But, to be safe, I changed the password of all logged in accounts....any suggestions/guidance?
     
  2. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    Sorry for posting the link. Can someone remove that please? I can't edit the post.
     
  3. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    Ask the buddy what the link was which he shortened? Maybe it was something on ShoppingCorp.com which is now for sale.
     
  4. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    I sent a message but haven't heard back from him... it was also about 0400 when it was posted.
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    I see hxxp://t.co/FXqVa21T doing a meta refresh/location.replace to hxxp://goo.gl/x0zuW which 301s to hxxp://shoppingcorp.info/ which 302s to hxxp://www.google.com/. Nothing in those exchanges worth noting. Used FF.
     
  6. Snowden

    Snowden Registered Member

    Joined:
    May 2, 2012
    Posts:
    68
    Thanks

    but, still.. it's just weird
     
Loading...
Thread Status:
Not open for further replies.