Also page.link which seems to be a firebase hosted / google owned shortener
Sample hxxps://fv01zz75.page.link/amTC redirecting to
hxxp://dach-sovet.ru/opros?utm=2
On 27/08/20, 6:22 PM, "mailop on behalf of micah anderson via mailop"
<mailop-boun...@mailop.org on behalf of mailop@mailop.org> wrote:
Hi,
Benoit Panizzon via mailop <mailop@mailop.org> writes:
> In the last couple of days we face an increasing amount of phishing
> sites hosted @ firebasestorage.googleapis.com targeting our customers.
We have been hit by the same, although strangely it has not been
happening so much recently.
> Now I start to wonder, is this URI also being used in legitimate
> emails, or is it uniquely used in phishing emails and similar?
Unfortunately, it is used by legitimate emails. We had to be careful not
to block the false positives.
We reported quite actively the compromised domains, and at one point I
thought we had a inside contact who would help with this, but radio
silence.
--
micah
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
