new campaign: bitly & appengine.google

Chip M. Tue, 12 Sep 2017 06:28:34 -0700

There's a new campaign that uses Bitly shorteners to some sort of
Google forwarder ("appengine").


Here's some sample Locations returned by HEADing the shorteners:
        
appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbbcomplianceglobal.com/report.php?mn=######################
        
appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbbtax.com/getreport.php?ne=########################
        
appengine.google.com/_ah/logout?continue=http://bbbwork.com/abuse.php?number=#####################
        
appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbbcompliancenetwork.com/compliance.php?ne=######################
        
appengine.google.com/_ah/logout?continue=https://appengine.google.com/_ah/logout?continue=http://bbb-compliance.com/abuse.php?rt=###################
I've hashed out the parts that look like tracking IDs, all of 
which have been pure numeric chars.

Here's the corresponding Subjects:
        752566913589:407
        8260420930:36
        Incident:062881374904:149
        Incident:22677610925:290
        Incident:5858851682625:543

The message text is a fake BBB complaint.
I'll put a sample online tonight, if practical.

The SA scores have ranged from -2.2 to 1.5, with no useful 
patterns.

Does anyone have a contact at BitLy?  These would be trivially 
easy for them to block.
        - "Chip"

new campaign: bitly & appengine.google

Reply via email to