Advice Request Is getting redirected once any cause for concern?

Please provide comments and solutions that are helpful to the author of this topic.

Gogeta

Level 1
Thread author
Jun 9, 2018
3
Greetings,

If you go to a website from a google search, and get redirected once, is that cause for concern if it only happened once?

I had this happen recently but I went to the website again and didn't get redirected the second time I visited. I can't remember if the second time was from the same google search or not, I can't seem to find the exact search from my history to test this :/
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,782
Greetings,

If you go to a website from a google search, and get redirected once, is that cause for concern if it only happened once?

I had this happen recently but I went to the website again and didn't get redirected the second time I visited. I can't remember if the second time was from the same google search or not, I can't seem to find the exact search from my history to test this :/

Does the redirected site dropped any files at all? Exploit? Javascript payload? Any threat behaviors?
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,153
If you are using Chrome browser you can enable a flag to prevent redirection

1) Load chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture in the browser's address bar.

2) Switch the status of the "Framebusting requires same-origin or a user gesture" experimental flag from default to enabled.

3) Restart the Chrome browser.

NO need of any redirect extension to be added

Enable unwanted redirection protection in Google Chrome - gHacks Tech News

For FF Quantum you can add Skip Redirect extension. Unfortunately, FF Quantum does not come with any built-in redirect protection. This was removed in FF Quantum.

Test your redirect at Third Party Redirection Test

title

Note that purely using Skip Redirect will not pass the the above redirection test. Your AV should also protect you against redirect.
 
Last edited:

Gogeta

Level 1
Thread author
Jun 9, 2018
3
I had uBlock origin on and it is setup to disallow all by default and I don't remember enabling it on either the site I went to or the site it redirected to, so there shouldn't be anything bad at least script wise. The site I was redirected to was just a fake survey. So I don't think there was any dropped files or exploit or threat behaviours that I know of.

On my to do list is to clear the browser cache and see if I get redirected again.... although after the below results maybe not.

So it was a website with a forum. I put the exact thread link into urlscan.io and urlquery.net and nothing came up on the latter but the former said couldn't parse. However, I changed urlscan.io to just the www domain and that had some stuff come up, which unsure how to read. It has 48/48 on the urlscan.io list. Some say redirected from and one says PTR. and is the left and right arrows, that column near the right hand side, is that number of redirects or something else?

urlquery.net after changing that to http www domain, it came up with 30 results, some of them porn sites.

So, these results, are they redirects from the site I visited, to where I would get redirected to, or are these results where you get redirected from not where you get redirected to?

Is the 3p-redirect link in the post above mine, is that to test if a browser anti redirect plugin works?
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Usually click stuff from social media (eg facebook, twitter) would cause a redirect cause basically they are tracking your clicks. This might be what's happening when you click with google results.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,153
I had uBlock origin on and it is setup to disallow all by default and I don't remember enabling it on either the site I went to or the site it redirected to, so there shouldn't be anything bad at least script wise. The site I was redirected to was just a fake survey. So I don't think there was any dropped files or exploit or threat behaviours that I know of.

On my to do list is to clear the browser cache and see if I get redirected again.... although after the below results maybe not.

So it was a website with a forum. I put the exact thread link into urlscan.io and urlquery.net and nothing came up on the latter but the former said couldn't parse. However, I changed urlscan.io to just the www domain and that had some stuff come up, which unsure how to read. It has 48/48 on the urlscan.io list. Some say redirected from and one says PTR. and is the left and right arrows, that column near the right hand side, is that number of redirects or something else?

urlquery.net after changing that to http www domain, it came up with 30 results, some of them porn sites.

So, these results, are they redirects from the site I visited, to where I would get redirected to, or are these results where you get redirected from not where you get redirected to?

Is the 3p-redirect link in the post above mine, is that to test if a browser anti redirect plugin works?
Yes, the 3P Redirection Test will test your browser/extension effectiveness against redirects. For complete test you should see 3 rectangles

You should also add IDN Safe to FF Quantum against punycode redirects. One of the tests in the 3P Redirection Test has a punycode redirect

Chrome has built-in protection against punycode so IDN Safe is not required

Chrome, Firefox & Opera Are Vulnerable to This Phishing Attack
 
Last edited:

Gogeta

Level 1
Thread author
Jun 9, 2018
3
So hang-on, is a redirect caused by google click tracking, or is it just a dodgy website to begin with considering what came up on urlquery.net?
Or it can be both, just with what came up on urlquery.... those are websites you may get redirected to after when visitng the main site?

So I put siteA into urlquery.net.... and some of the urls were porn sites :/ my redirect was not to a porn site it was to a fake survey. But still, doesn't that mean that, siteA should be avoided, regardless of whether my particular redirect was from the site itself or click track thing?
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,153
So hang-on, is a redirect caused by google click tracking, or is it just a dodgy website to begin with considering what came up on urlquery.net?
Or it can be both, just with what came up on urlquery.... those are websites you may get redirected to after when visitng the main site?

So I put siteA into urlquery.net.... and some of the urls were porn sites :/ my redirect was not to a porn site it was to a fake survey. But still, doesn't that mean that, siteA should be avoided, regardless of whether my particular redirect was from the site itself or click track thing?

Redirection can be caused by many factors like a malware infection of the site, an overlay over the whole website or just the intended link in the page, url redirect (punycode) etc

The aim of redirection is to direct you to a non-intended site be it malicious(e.g. phishing) or just some nuisance gambling or porn sites
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top