Suspicious link starting with google.com

C

CoherentCrayon

Level 4
Thread author
Verified
Jun 23, 2017
183
510
268
Sweden
Hello MT

Recently I received this link in a message from a friend (as a joke - he did not know where it originated from either. Stupid of him.) As it started with google.com and had the title "Gmail - Apps on Google Play" I thought it was legit so I opened it (https instead of hxxps) (it was on Snapchat, which doesn't display the full URL without copying it)
hxxps://www.google.com/appserve/mkt/p/ALvTkbZzgARQ0GH-qtAQ3Wv0JNGkslzUq2qvuuYUWJS2MLh5rXw4BtchrHmbBxOSyYQ-zP_4Z_bxjhV6BMl0D9U-xDkyRSHzo-_0y4eFDKDkgSh4JbmexSa_t2zCyhz5D9vYLuvApQ3LRBs4jV-6OxvLpNe4fxplXIEPXGfcuN6slcT011H3r_69JELQ1zLeuhGlwMJslXrOIRvGNhWGFSQCKkkMQefJ2spmWt87xQ
It redirected me to Gmail, but when I looked at the link later on it seemed extremely suspicious, as the official link to the Gmail app is https://play.google.com/store/apps/details?id=com.google.android.gm&hl=en_US

My primary, but unlikely, suspicion is that this link executes some account action, and then redirects to Gmail. But hopefully, Google has prevented such things without getting a confirmation.
Should I be worried?
 
  • Like
Reactions: roger_m, AtlBo and oldschool
Don't know if this will help. FortiNet website lookup has this to say:

hxxps link is rated:
Category: Not Rated

Sites not yet analyzed/categorized are considered unrated.
Click to expand...

If the link you clicked is https, F-C rating is:
Category: Search Engines and Portals

Sites that support searching the Web, news groups, or indices/directories. Sites of search engines that provide info exclusively for shopping or comparing prices, however, fall in Shopping and Auction.
Click to expand...

This is interesting to look at at ietf.org whatever that is (looks very clean and legit and not blocked by FortiNet):

The "hxxp" and "hxxps" URI Schemes

Thought the page on obfuscation was cool to look at, even if the link you clicked was https. Don't think F-C would block the url on my system, because I don't block the category Search Engines and Portals. Since it's not malicious and not blocked automatically by F-C that way, it would probably work. If it's malicious, however, I think google Chrome would block the activity itself or Google mail. Happens here sometimes I have noticed on some sites. Anyway, since it wasn't meant for you, I wouldn't click on the link personally. Just me :)...
 
  • Like
Reactions: CoherentCrayon, oldschool and roger_m
LDogg said:
Quite interesting. Have you noticed anything on your computer which is out the ordinary since clicking the link?

~LDogg
Click to expand...
It was on my phone - so the link opened the Play Store app. Nope, I haven't noticed anything suspicious, and I scanned the phone with both Kaspersky and Malwarebytes which didn't detect anything
 
  • Like
Reactions: AtlBo and LDogg
steel9 said:
It was on my phone - so the link opened the Play Store app. Nope, I haven't noticed anything suspicious, and I scanned the phone with both Kaspersky and Malwarebytes which didn't detect anything
Click to expand...
Have you noticed any new files on your phone or SD card (if any)?

~LDogg
 
  • Like
Reactions: AtlBo

You may also like...