On 2020-05-12 10:15, Riccardo Alfieri wrote:
> Yes, we are seeing an awful lot of phishing sites hosted under
> https://firebasestorage.googleapis.com
i got sample of this now
> I'd say that 99% of them can be catched by a simple regex though, but
> I don't know how common those firebasestorage URLs are in normal
> emails.. I personally have still to see a legit one.
same here, if i just got a dollor from list below pr ip i would be out
of bussiness
# abuse port 465 begin
41.40.64.0/19 as8452 #TE-AS TE-AS, EG
51.91.0.0/16 as16276 #OVH, FR
64.64.104.0/24 as12025 #IMDC-AS12025, US
77.40.62.0/24 as12389 #ROSTELECOM-AS, RU
78.128.113.0/24 as209160 #MITI2000, BG
80.82.65.0/24 as202425 #INT-NETWORK, SC
107.6.160.0/20 as32475 #SINGLEHOP-LLC, US
138.122.149.0/24 as264337 #NET COM INFORMATICA LTDA - ME, BR
162.243.128.0/19 as14061 #DIGITALOCEAN-ASN, US
164.68.112.0/23 as51167 #CONTABO, DE
185.232.28.0/22 as39556 #PINHOSTING-AS, EE
185.50.149.0/24 as202984 #TEAM-HOST AS, RU
197.248.128.0/18 as37061 #Safaricom, KE
# abuse port 465 end
# all ips begin
41.40.76.111
51.91.212.79
64.64.104.10
77.40.62.101
78.128.113.100
80.82.65.190
107.6.169.254
138.122.149.123
162.243.142.91
164.68.112.178
185.232.30.130
185.50.149.10
197.248.180.74
# all ips end
# abuse port 587 begin
41.40.64.0/19 as8452 #TE-AS TE-AS, EG
51.91.0.0/16 as16276 #OVH, FR
77.40.62.0/24 as12389 #ROSTELECOM-AS, RU
78.128.113.0/24 as209160 #MITI2000, BG
107.6.176.0/21 as32475 #SINGLEHOP-LLC, US
118.173.252.0/23 as23969 #TOT-NET TOT Public Company Limited, TH
138.122.149.0/24 as264337 #NET COM INFORMATICA LTDA - ME, BR
162.243.128.0/19 as14061 #DIGITALOCEAN-ASN, US
164.68.112.0/23 as51167 #CONTABO, DE
183.136.225.0/24 as58461 #CT-HANGZHOU-IDC No.288,Fu-chun Road, CN
185.50.149.0/24 as202984 #TEAM-HOST AS, RU
197.248.128.0/18 as37061 #Safaricom, KE
# abuse port 587 end
# all ips begin
41.40.76.111
51.91.247.125
77.40.62.101
78.128.113.100
107.6.183.229
118.173.253.110
138.122.149.123
162.243.139.113
164.68.112.178
183.136.225.45
185.50.149.10
197.248.180.74
# all ips end
# abuse port 993 begin
46.242.128.0/17 as12824 #HOMEPL-AS, PL
51.83.0.0/16 as16276 #OVH, FR
162.243.128.0/19 as14061 #DIGITALOCEAN-ASN, US
185.232.28.0/22 as39556 #PINHOSTING-AS, EE
# abuse port 993 end
# all ips begin
46.242.145.104
51.83.66.171
162.243.141.181
185.232.30.130
# all ips end
i have no custommers there, not planning to make one single one, port 25
is open for them if need of email me, note the above ips have not
acccess to custommer ports, i just make shorewall show logs of abused
ports that is not first accepted in iptables, no fail2ban neeeded