You want to be warned when a link redirects you. Avoid accepting the link.
Any post found on the RottenTomatoes community forums is likely to be malicious. For example:
http://www.rottentomatoes.com/vine/showthread.php?t=1343424
The post includes a link to
http://www.redsol.cn/autodesk-inventor-student-download.html
This link redirected to traflab.cn
http://traflab.cn/in.cgi?10¶meter=autodesk+inventor+student+download&HTTP_REFERER=http%3A%2F%2Fwww.rottentomatoes.com%2Fvine%2Fshowthread.php%3Ft%3D1343424&ur=1&key=auth
Notice that the referrer information is passed. What happens next may depend upon the referrer. This link redirected to
http://www1.hobd56mg72.in/?uid=319&pid=3&ls=7&ttl=a1e45666932&key=autodesk inventor student download
Which shows “400 Bad Request” “nginx”.
An attempt to review the redsol.cn page:
wget http://www.redsol.cn/autodesk-inventor-student-download.html
Produced the following sequence of redirections:
--15:42:00-- http://www.redsol.cn/autodesk-inventor-student-download.html
=> `autodesk-inventor-student-download.html'
Resolving www.redsol.cn... 66.197.154.230
Connecting to www.redsol.cn|66.197.154.230|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://traflab.cn/in.cgi?10¶meter=autodesk+inventor+student+download&ur=1&key=auth [following]
--15:42:00-- http://traflab.cn/in.cgi?10¶meter=autodesk+inventor+student+download&ur=1&key=auth
=> `in.cgi@10¶meter=autodesk+inventor+student+download&ur=1&key=auth'
Resolving traflab.cn... 85.10.204.35
Connecting to traflab.cn|85.10.204.35|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www1.hobd56mg72.in/?uid=319&pid=3&ls=7&ttl=a1e45666932&key=autodesk inventor student download [following]
--15:42:01-- http://www1.hobd56mg72.in/?uid=319&pid=3&ls=7&ttl=a1e45666932&key=autodesk%20inventor%20student%20download
=> `index.html@uid=319&pid=3&ls=7&ttl=a1e45666932&key=autodesk inventor student download'
Resolving www1.hobd56mg72.in... 78.46.218.254
Connecting to www1.hobd56mg72.in|78.46.218.254|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://www1.pc-secure-shield.in/?p=p52dcWtlcV%2FCj8bYboNuilik12qZVp%2FZatrauJ%2BCoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG%2BZlZKWZWacY5yXlVeqppfZ1tZ2Y1qqcV6ooa3NkqGMl5mZmW9e2pbHp22MltOhlWVlY26Tk5VuYGVqal6mnZ%2BeU9jZbmFfamhxmmWXZGCModaWoGJpaGyel5tuZmRfl5txjYw%3D [following]
--15:42:01-- http://www1.pc-secure-shield.in/?p=p52dcWtlcV%2FCj8bYboNuilik12qZVp%2FZatrauJ%2BCoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG%2BZlZKWZWacY5yXlVeqppfZ1tZ2Y1qqcV6ooa3NkqGMl5mZmW9e2pbHp22MltOhlWVlY26Tk5VuYGVqal6mnZ%2BeU9jZbmFfamhxmmWXZGCModaWoGJpaGyel5tuZmRfl5txjYw%3D
=> `index.html@p=p52dcWtlcV%2FCj8bYboNuilik12qZVp%2FZatrauJ+CoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG+ZlZKWZWacY5yXlVeqppfZ1tZ2Y1qqcV6ooa3NkqGMl5mZmW9e2pbHp22MltOhlWVlY26Tk5VuYGVqal6mnZ+eU9jZbmFfamhxmmWXZGCModaWoGJpaGyel5tuZmRfl5txjYw='
Resolving www1.pc-secure-shield.in... 89.248.160.153
Connecting to www1.pc-secure-shield.in|89.248.160.153|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
index.html@p=p52dcWtlcV%2FCj8bYboNuilik12qZVp%2FZatrauJ+CoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG+ZlZKWZWacY5yXlVeqppfZ1tZ2Y1qqcV6ooa3NkqGMl5mZmW9e2pbHp22MltOhlWVlY26Tk5VuYGVqal6mnZ+eU9jZbmFfamhxmmWXZGCModaWoGJpaGyel5tuZmRfl5txjYw=: No such file or directory
Cannot write to `index.html@p=p52dcWtlcV%2FCj8bYboNuilik12qZVp%2FZatrauJ+CoKXcz4mbm5h2lpeJpqTPnNvUV6ShoG+ZlZKWZWacY5yXlVeqppfZ1tZ2Y1qqcV6ooa3NkqGMl5mZmW9e2pbHp22MltOhlWVlY26Tk5VuYGVqal6mnZ+eU9jZbmFfamhxmmWXZGCModaWoGJpaGyel5tuZmRfl5txjYw=’
(No such file or directory).
You will notice the introduction of www1.pc-secure-shield.in.
Perhaps an attack method is being tested, perhaps a web site is unavailable. In any case, you want your web browser to notify you when these redirections occur.
Aggressive Virus Defense 