Live Phish Site! (Server: storage.googleapis.com)

One of the phshers from Sendgrid has apparently moved off from Sendgrid and onto a Digital Coean VPS, with the phish URI located on storage.googleapis.com.

Google: You provided this service and made it available to Internet users. Please *fix* this problem ASAP. 🙁

Received: from send0.riverrockscvs.com (unknown [162.243.165.191])
Date: 10 Sep 2020 23:##:## -0700
From: <spamtrap domain><<x>@<x>>
Subject: Urgent required you have (##) pending incoming Emails in <spamtrap>.

<snip>

ROUNDCUBE

You have (13) pending incoming Emails
Your allowed Email Quota usage has been exceeded on your account.
wallawashington@web-mail.com.ar
Please kindly verify your Human and not a robot by following the below link, so we can get your account running normal again.

[ Verify Webmail Account ]

<snip>

URI: https://storage.googleapis.com/tbrdccy/login.html#<spamtrap>

$ host storage.googleapis.com
storage.googleapis.com has address 216.58.194.176
storage.googleapis.com has address 172.217.6.80
storage.googleapis.com has address 172.217.0.48
storage.googleapis.com has address 216.58.194.208
storage.googleapis.com has address 172.217.5.112
storage.googleapis.com has address 172.217.164.112
storage.googleapis.com has IPv6 address 2607:f8b0:4005:80b::2010
storage.googleapis.com has IPv6 address 2607:f8b0:4005:804::2010
storage.googleapis.com has IPv6 address 2607:f8b0:4005:807::2010
storage.googleapis.com has IPv6 address 2607:f8b0:4005:80a::2010

[NOTE: There is no redirect URI in this page. It appears to be a Roundcube Webmail email address and password login or confirmaiton page. In other words, somebody is using Google’s API to phish. ] 🙁

Опубликовано
В рубрике google.com

Добавить комментарий

Ваш адрес email не будет опубликован.