Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


A Google image result resulted in a series of redirects. Should I be worried?

  • Please log in to reply
No replies to this topic

#1 XR482


  • Members
  • 1 posts
  • Local time:09:43 AM

Posted 12 August 2016 - 07:25 PM

I was browsing Google Images on my Mac (OS X 10.11.5. The firewall was turned on, if that helps) and I saw a result, and I ended up clicking on "Visit page" instead of "View image" by accident. After I clicked on the link, it resulted in a series of redirects through various websites that are either completely unrelated to the result in question or are almost completely empty, ending in an Amazon results page. I've no idea what was up with those sites in between Google and Amazon. Were they hacked or fake, or is this some sort of revenue-generating advertising program that I've never heard of? Because, after a bit of digging, if you look at the middle two URLs, neither of them seem to have anything to do with trailers or towing. And I also found out that the image itself was from a completely different (and presumably innocent) Photobucket user.


Anyways, the question is--and I'm going to sound paranoid, I know--should I be worried after all that? I've run scans using BitDefender and MalwareBytes and both say that my Mac's squeaky-clean, but I'm still not sure if this series of events is little more than annoying advertising or something serious that could or would have compromised my privacy and sent my data elsewhere.


This is what that the Redirect Path plugin on Chrome spat out:

Status Code	URL	IP	Page Type	Redirect Type	Redirect URL	
200	https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0ahUKEwj45_6H-rzOAhWBmx4KHTWVBKoQjhwIBQ&url=http%3A%2F%2Fwww.ourdailybreadalbany.com%2Fbf5447-anti-rattle-hitch-pin-quick-shopping&psig=AFQjCNE1L2hYEcX755kiIeBWZVPE7q9UQw&ust=1471128239443406	client_redirect	javascript	http://www.ourdailybreadalbany.com/bf5447-anti-rattle-hitch-pin-quick-shopping
200	http://www.ourdailybreadalbany.com/bf5447-anti-rattle-hitch-pin-quick-shopping	client_redirect	meta	data:text/html;base64,PGltZyBzcmM9Imh0dHA6Ly93d3cub3VyZGFpbHlicmVhZGFsYmFueS5jb20vc3RhdHMyLnBocD92cD1sT052WDVaRGp1dEJpNEI5ak9BRVc0TUJVckl1NjQ5cG11ZUMyLnQ4NzE5cGo0TmJqLl9DNi5lQlJ1dHNYMVFfVXJrR1VINnU1SDhGVkxrRlVMSS5VTDY4UnZWeDcuX2VVSHM4VzFKcFZPUnRVTzdyVXJNRlUxWnNVdU5zVUxScTYuTnQ3TDNwNjEydWsxOUpqdlp4UzlScGxQWkE3MEJRaTVacmlLQllpNF91Ni5lOWp2WkdtMlZEN08yZTYuTWYiIHdpZHRoPTAgaGVpZ2h0PTAgc3R5bGU9ImRpc3BsYXk6bm9uZTsiPjxtZXRhIGh0dHAtZXF1aXY9J3JlZnJlc2gnIGNvbnRlbnQ9JzA7IHVybD1odHRwOi8vd3d3Lm91cmRhaWx5YnJlYWRhbGJhbnkuY29tL3BhZ2Vfbm90X2ZvdW5kLmh0bWwnPg==
302	http://www.ourdailybreadalbany.com/page_not_found.html	server_redirect	temporary	http://tonimikulka.com/404.php?vp=lONvX5ZDjutBi4B9jOAEW4MBUrIu649pmueC2.t8719pj4Nbj._C6.eBRutsX1Q_UrkGUH6u5H8FVLkFULI.UL68RvVx7._eUHs8W1JpVORtUO7rUrMFU1ZsUuNsULRq6.Nt7L3p612uk19JjvZxS9RplPZA70BQi5ZriKBYi4_u6.e9jvZGm2VD7O2e6.Mf
302	http://tonimikulka.com/404.php?vp=lONvX5ZDjutBi4B9jOAEW4MBUrIu649pmueC2.t8719pj4Nbj._C6.eBRutsX1Q_UrkGUH6u5H8FVLkFULI.UL68RvVx7._eUHs8W1JpVORtUO7rUrMFU1ZsUuNsULRq6.Nt7L3p612uk19JjvZxS9RplPZA70BQi5ZriKBYi4_u6.e9jvZGm2VD7O2e6.Mf	server_redirect	temporary	http://tonimikulka.com/press/
200	http://tonimikulka.com/press/	client_redirect	meta	https://www.amazon.com/gp/search?tag=tonimikulk09a-20&ie=UTF8&keywords=Anti+Rattle+Hitch+Pin
200	https://www.amazon.com/gp/search?tag=tonimikulk09a-20&ie=UTF8&keywords=Anti+Rattle+Hitch+Pin	normal	none	none

EDIT: I forgot to mention that I also decoded the Base64 code on the second entry in the log. It turned out to be an HTML meta redirect:

<img src="http://www.ourdailybreadalbany.com/stats2.php?vp=lONvX5ZDjutBi4B9jOAEW4MBUrIu649pmueC2.t8719pj4Nbj._C6.eBRutsX1Q_UrkGUH6u5H8FVLkFULI.UL68RvVx7._eUHs8W1JpVORtUO7rUrMFU1ZsUuNsULRq6.Nt7L3p612uk19JjvZxS9RplPZA70BQi5ZriKBYi4_u6.e9jvZGm2VD7O2e6.Mf" width=0 height=0 style="display:none;"><meta http-equiv='refresh' content='0; url=http://www.ourdailybreadalbany.com/page_not_found.html'>

Edited by XR482, 12 August 2016 - 07:31 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users