Saturday, August 06, 2022

Exposing GCHQ's URL Shortening Service - An OSINT Analysis

I've recently decided to come up with a proper analysis on a well known GCHQ URL shortening service used for monitoring purposes where the ultimate goal would be to provide additional insights into its Internet-connected infrastructure and try to find additional links and connections between related campaigns courtesy of the GCHQ

Sample URL known to have been involved in the campaign:

hxxp://lurl.me

Related domains known to have been involved in the campaign include:

hxxp://mhhiuag.com

hxxp://lhgeesp.biz

hxxp://ciwcesp.com

hxxp://lhgeesp.net

hxxp://ciwcesp.biz

Sample related responding IPs known to have been involved in the campaign include:

hxxp://198.105.254.11

hxxp://37.220.34.116

hxxp://109.235.48.3

hxxp://64.74.223.47

hxxp://198.105.244.11

Sample screenshots include:







Rogue Twitter accounts known to have been involved in the campaign include:
hxxp://twitter.com/2009iranfree
hxxp://twitter.com/MagdyBasha123
hxxp://twitter.com/TheLorelie
hxxp://twitter.com/Jim_Harper
hxxp://twitter.com/angelocerantola
hxxp://twitter.com/recognizedesign
hxxp://twitter.com/akhormani
hxxp://twitter.com/FNZZ
hxxp://twitter.com/GlenBuchholz
hxxp://twitter.com/enricolabriola
hxxp://twitter.com/katriord
hxxp://twitter.com/ShahkAm147
hxxp://twitter.com/Pezhman09
hxxp://twitter.com/jimsharr
hxxp://twitter.com/blackhatcode

I'll continue monitoring the development of this campaign and I'll post updates as soon as new developments take place.

No comments:

Post a Comment