Exposing GCHQ's URL Shortening Service - An OSINT Analysis

0
August 06, 2022

I've recently decided to come up with a proper analysis on a well known GCHQ URL shortening service used for monitoring purposes where the ultimate goal would be to provide additional insights into its Internet-connected infrastructure and try to find additional links and connections between related campaigns courtesy of the GCHQ

Sample URL known to have been involved in the campaign:

hxxp://lurl.me

Related domains known to have been involved in the campaign include:

hxxp://mhhiuag.com

hxxp://lhgeesp.biz

hxxp://ciwcesp.com

hxxp://lhgeesp.net

hxxp://ciwcesp.biz

Sample related responding IPs known to have been involved in the campaign include:

hxxp://198.105.254.11

hxxp://37.220.34.116

hxxp://109.235.48.3

hxxp://64.74.223.47

hxxp://198.105.244.11

Sample screenshots include:







Rogue Twitter accounts known to have been involved in the campaign include:
hxxp://twitter.com/2009iranfree
hxxp://twitter.com/MagdyBasha123
hxxp://twitter.com/TheLorelie
hxxp://twitter.com/Jim_Harper
hxxp://twitter.com/angelocerantola
hxxp://twitter.com/recognizedesign
hxxp://twitter.com/akhormani
hxxp://twitter.com/FNZZ
hxxp://twitter.com/GlenBuchholz
hxxp://twitter.com/enricolabriola
hxxp://twitter.com/katriord
hxxp://twitter.com/ShahkAm147
hxxp://twitter.com/Pezhman09
hxxp://twitter.com/jimsharr
hxxp://twitter.com/blackhatcode

I'll continue monitoring the development of this campaign and I'll post updates as soon as new developments take place.

About the author

Donec non enim in turpis pulvinar facilisis. Ut felis. Praesent dapibus, neque id cursus faucibus. Aenean fermentum, eget tincidunt.

0 Comments:

Subscribe to: Post Comments (Atom)