Massive "Facebook Appeal" Themed Phishing Campaign Uses Google's Firebase Spotted in the Wild - An OSINT Analysis

0
October 29, 2021

I just came across to a currently active phishing campaign that's using Google's Firebase as a hosting infrastructure for the purpose of enticing users into falling victim into a rogue and fake "Facebook Appeal" themed phishing campaign.

You can check out my initial analysis at my official Dark Web Onion here as my initial post got censored by Google as it violates its Terms of Service.


Sample malicious and rogue phishing domains known to have been involved in the campaign:


hxxp://publicaccount-facebook-46956.web.app

hxxp://publicappeal-348239237392.web.app

hxxp://publicappeal-9344858302239.web.app

hxxp://publicappeal-facebook.web.app

hxxp://publicappeal-form-fb-copyright102872.web.app

hxxp://publicappeal-form-fb-copyright104352.web.app

hxxp://publicappeal-form-fb-copyright119275.web.app

hxxp://publicappeal-form-fb-copyright126776.web.app

hxxp://publicappeal-form-fb-copyright171651.web.app

hxxp://publicappeal-form-fb-copyright18251.web.app

hxxp://publicappeal-form-fb-copyright18258.web.app

hxxp://publicappeal-form-fb-copyright18274.web.app

hxxp://publicappeal-form-fb-copyright18275.web.app

hxxp://publicappeal-form-fb-copyright182755.web.app

hxxp://publicappeal-form-fb-copyright18721.web.app

hxxp://publicappeal-form-fb-copyright187265.web.app

hxxp://publicappeal-form-fb-copyright187285.web.app

hxxp://publicappeal-form-fb-copyright18762.web.app

hxxp://publicappeal-form-fb-copyright19285.web.app

hxxp://publicappeal-form-fb-copyright19827.web.app

hxxp://publicappeal-form-fb-copyright981725.web.app

hxxp://publicappeal-form-page-unpublish1897.web.app

hxxp://publicappeal-from-fb-copyright12352.web.app

hxxp://publicappeal-from-fb-copyright12857.web.app

hxxp://publicappeal-page-unpublish-1827589.web.app

hxxp://publicappeal-page-unpublish1107276.web.app

hxxp://publicappeal-page-unpublish118172861.web.app

hxxp://publicappeal-page-unpublish18275.web.app

hxxp://publicappeal-page-unpublish182758.web.app

hxxp://publicappeal-page-unpublish1827586.web.app

hxxp://publicappeal-page-unpublish1827588.web.app

hxxp://publicappeal-page-unpublish182759.web.app

hxxp://publicappeal-page-unpublish18278652.web.app

hxxp://publicappeal-page-unpublish1827890.web.app

hxxp://publicappeal-page-unpublish187-36ac4.web.app

hxxp://publicappeal-page-unpublish187265.web.app

hxxp://publicappeal-page-unpublish18769.web.app

hxxp://publicappeal-page-unpublish1906392.web.app

hxxp://publicbusiness-appeal-form-129862.web.app

hxxp://publicbusiness-appeal-form125921.web.app

hxxp://publicfacebookappeal110631.web.app

hxxp://publicfb-appeal-form-29997.web.app

hxxp://publicfb-appeal-form-70f46.web.app

hxxp://publicfb-appeal-form-791bd.web.app

hxxp://publicfb-appeal-form-8276f.web.app

hxxp://publichouse-h3.web.app

hxxp://publicpage-appeal-unpublish1253631.web.app

hxxp://publicproject-8595314475285305009.web.app

hxxp://publicrestriction-appeal-business128.web.app

hxxp://publicreview2024545897534.web.app


Stay tuned!

About Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

0 Comments:

Subscribe to: Post Comments (Atom)