A URL shortener handy for phishers
Reader Fred submitted a suspicious PDF received via email.
It’s a classic phishing PDF (for the Apple Store), like I have analyzed here in previous diary entries. It can be quickly analyzed with pdfid and pdf-parser, like this:
Notice the long URL, with another URL as parameter at the end: this first URL is a redirector.
The second URL, bitleyco, is an URL shortener:
It has some interesting features for an attacker, like Geotargeting and Device targeting:
And also statistics: just append a plus (+) to the URL and you get statistics. Unfortunately for me, I got a 404 for the phishing URL.
This URL shortening service is not very popular:
So you can add this domain (bitleyco dot cc) to your blocklist, your business will not be impacted.
If you know more about this URL shortener, or if it looks similar to other URL shorteners, please post a comment.
Update: I found what software it is: Premium URL Shortener.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago