Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: A URL shortener handy for phishers - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A URL shortener handy for phishers

Reader Fred submitted a suspicious PDF received via email.

It’s a classic phishing PDF (for the Apple Store), like I have analyzed here in previous diary entries. It can be quickly analyzed with pdfid and pdf-parser, like this:

Notice the long URL, with another URL as parameter at the end: this first URL is a redirector.

The second URL, bitleyco, is an URL shortener:

It has some interesting features for an attacker, like Geotargeting and Device targeting:

And also statistics: just append a plus (+) to the URL and you get statistics. Unfortunately for me, I got a 404 for the phishing URL.

This URL shortening service is not very popular:

So you can add this domain (bitleyco dot cc) to your blacklist, your business will not be impacted.

If you know more about this URL shortener, or if it looks similar to other URL shorteners, please post a comment.

Update: I found what software it is: Premium URL Shortener.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

268 Posts
ISC Handler
I think site has been removed. All I can find about is this report from urlquery

https://urlquery.net/report/db820383-60dc-437d-aff9-36e9f98def5d
Anonymous

Sign Up for Free or Log In to start participating in the conversation!