Advice Request Is getting redirected once any cause for concern?

Please provide comments and solutions that are helpful to the author of this topic.
G

Gogeta

Level 1
Thread author
Jun 9, 2018
3
12
24
Australia
Greetings,

If you go to a website from a google search, and get redirected once, is that cause for concern if it only happened once?

I had this happen recently but I went to the website again and didn't get redirected the second time I visited. I can't remember if the second time was from the same google search or not, I can't seem to find the exact search from my history to test this :/
 
  • Like
Reactions: spaceoctopus, frogboy, vtqhtr413 and 4 others
You maybe interested in this browser extension or not: sblask/webextension-skip-redirect

It maybe good or malicious, e.g. an authentication page redirect of a legit site, an authentication page redirect to a crafted malicious site.

There are many factors involved into the redirection happening or not, one of them maybe JavaScript enabled or not.
 
  • Like
Reactions: spaceoctopus, frogboy, vtqhtr413 and 1 other person
Gogeta said:
Greetings,

If you go to a website from a google search, and get redirected once, is that cause for concern if it only happened once?

I had this happen recently but I went to the website again and didn't get redirected the second time I visited. I can't remember if the second time was from the same google search or not, I can't seem to find the exact search from my history to test this :/
Click to expand...

Does the redirected site dropped any files at all? Exploit? Javascript payload? Any threat behaviors?
 
  • Like
Reactions: spaceoctopus, vtqhtr413 and lowdetection
If you are using Chrome browser you can enable a flag to prevent redirection

1) Load chrome://flags/#enable-framebusting-needs-sameorigin-or-usergesture in the browser's address bar.

2) Switch the status of the "Framebusting requires same-origin or a user gesture" experimental flag from default to enabled.

3) Restart the Chrome browser.

NO need of any redirect extension to be added

Enable unwanted redirection protection in Google Chrome - gHacks Tech News

For FF Quantum you can add Skip Redirect extension. Unfortunately, FF Quantum does not come with any built-in redirect protection. This was removed in FF Quantum.

Test your redirect at Third Party Redirection Test

title

Note that purely using Skip Redirect will not pass the the above redirection test. Your AV should also protect you against redirect.
 
Last edited:
  • Like
Reactions: CyberTech, spaceoctopus, SpratAttack and 3 others
I had uBlock origin on and it is setup to disallow all by default and I don't remember enabling it on either the site I went to or the site it redirected to, so there shouldn't be anything bad at least script wise. The site I was redirected to was just a fake survey. So I don't think there was any dropped files or exploit or threat behaviours that I know of.

On my to do list is to clear the browser cache and see if I get redirected again.... although after the below results maybe not.

So it was a website with a forum. I put the exact thread link into urlscan.io and urlquery.net and nothing came up on the latter but the former said couldn't parse. However, I changed urlscan.io to just the www domain and that had some stuff come up, which unsure how to read. It has 48/48 on the urlscan.io list. Some say redirected from and one says PTR. and is the left and right arrows, that column near the right hand side, is that number of redirects or something else?

urlquery.net after changing that to http www domain, it came up with 30 results, some of them porn sites.

So, these results, are they redirects from the site I visited, to where I would get redirected to, or are these results where you get redirected from not where you get redirected to?

Is the 3p-redirect link in the post above mine, is that to test if a browser anti redirect plugin works?
 
  • Like
Reactions: spaceoctopus, vtqhtr413 and lowdetection
Usually click stuff from social media (eg facebook, twitter) would cause a redirect cause basically they are tracking your clicks. This might be what's happening when you click with google results.
 
  • Like
Reactions: spaceoctopus, vtqhtr413 and lowdetection
Gogeta said:
I had uBlock origin on and it is setup to disallow all by default and I don't remember enabling it on either the site I went to or the site it redirected to, so there shouldn't be anything bad at least script wise. The site I was redirected to was just a fake survey. So I don't think there was any dropped files or exploit or threat behaviours that I know of.

On my to do list is to clear the browser cache and see if I get redirected again.... although after the below results maybe not.

So it was a website with a forum. I put the exact thread link into urlscan.io and urlquery.net and nothing came up on the latter but the former said couldn't parse. However, I changed urlscan.io to just the www domain and that had some stuff come up, which unsure how to read. It has 48/48 on the urlscan.io list. Some say redirected from and one says PTR. and is the left and right arrows, that column near the right hand side, is that number of redirects or something else?

urlquery.net after changing that to http www domain, it came up with 30 results, some of them porn sites.

So, these results, are they redirects from the site I visited, to where I would get redirected to, or are these results where you get redirected from not where you get redirected to?

Is the 3p-redirect link in the post above mine, is that to test if a browser anti redirect plugin works?
Click to expand...
Yes, the 3P Redirection Test will test your browser/extension effectiveness against redirects. For complete test you should see 3 rectangles

You should also add IDN Safe to FF Quantum against punycode redirects. One of the tests in the 3P Redirection Test has a punycode redirect

Chrome has built-in protection against punycode so IDN Safe is not required

Chrome, Firefox & Opera Are Vulnerable to This Phishing Attack
 
Last edited:
  • Like
Reactions: spaceoctopus, lowdetection and vtqhtr413
So hang-on, is a redirect caused by google click tracking, or is it just a dodgy website to begin with considering what came up on urlquery.net?
Or it can be both, just with what came up on urlquery.... those are websites you may get redirected to after when visitng the main site?

So I put siteA into urlquery.net.... and some of the urls were porn sites :/ my redirect was not to a porn site it was to a fake survey. But still, doesn't that mean that, siteA should be avoided, regardless of whether my particular redirect was from the site itself or click track thing?
 
  • Like
Reactions: spaceoctopus and lowdetection
Gogeta said:
So hang-on, is a redirect caused by google click tracking, or is it just a dodgy website to begin with considering what came up on urlquery.net?
Or it can be both, just with what came up on urlquery.... those are websites you may get redirected to after when visitng the main site?

So I put siteA into urlquery.net.... and some of the urls were porn sites :/ my redirect was not to a porn site it was to a fake survey. But still, doesn't that mean that, siteA should be avoided, regardless of whether my particular redirect was from the site itself or click track thing?
Click to expand...

Redirection can be caused by many factors like a malware infection of the site, an overlay over the whole website or just the intended link in the page, url redirect (punycode) etc

The aim of redirection is to direct you to a non-intended site be it malicious(e.g. phishing) or just some nuisance gambling or porn sites
 

You may also like...