Also page.link which seems to be a firebase hosted / google owned shortener
Sample hxxps://fv01zz75.page.link/amTC redirecting to hxxp://dach-sovet.ru/opros?utm=2 On 27/08/20, 6:22 PM, "mailop on behalf of micah anderson via mailop" <mailop-boun...@mailop.org on behalf of mailop@mailop.org> wrote: Hi, Benoit Panizzon via mailop <mailop@mailop.org> writes: > In the last couple of days we face an increasing amount of phishing > sites hosted @ firebasestorage.googleapis.com targeting our customers. We have been hit by the same, although strangely it has not been happening so much recently. > Now I start to wonder, is this URI also being used in legitimate > emails, or is it uniquely used in phishing emails and similar? Unfortunately, it is used by legitimate emails. We had to be careful not to block the false positives. We reported quite actively the compromised domains, and at one point I thought we had a inside contact who would help with this, but radio silence. -- micah _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop