Re: Phishing campaign using nested Google redirect

2021-02-19 Thread John Hardin
On Fri, 19 Feb 2021, Giovanni Bechis wrote: On 2/19/21 1:09 AM, John Hardin wrote: On Thu, 18 Feb 2021, Giovanni Bechis wrote: On 2/18/21 6:37 PM, Ricky Boone wrote: Just wanted to forward an example of an interesting URL obfuscation tactic observed yesterday.

Re: Phishing campaign using nested Google redirect

2021-02-19 Thread RW
On Thu, 18 Feb 2021 16:08:01 -0800 (PST) John Hardin wrote: > In our case it's best to upload an entire email (all headers intact > and with as little obfuscation as possible) to something like > Pastebin, then post the URL to that here so it can be downloaded. ... > For just URLs, though,

Re: Phishing campaign using nested Google redirect

2021-02-19 Thread Giovanni Bechis
On 2/19/21 1:09 AM, John Hardin wrote: > On Thu, 18 Feb 2021, Giovanni Bechis wrote: > >> On 2/18/21 6:37 PM, Ricky Boone wrote: >>> Just wanted to forward an example of an interesting URL obfuscation >>> tactic observed yesterday. >>> >>>

Re: Phishing campaign using nested Google redirect

2021-02-18 Thread Ricky Boone
On Thu, Feb 18, 2021 at 7:08 PM John Hardin wrote: > > In our case it's best to upload an entire email (all headers intact and > with as little obfuscation as possible) to something like Pastebin, then > post the URL to that here so it can be downloaded. This keeps the spample > from being

Re: Phishing campaign using nested Google redirect

2021-02-18 Thread John Hardin
On Thu, 18 Feb 2021, Giovanni Bechis wrote: On 2/18/21 6:37 PM, Ricky Boone wrote: Just wanted to forward an example of an interesting URL obfuscation tactic observed yesterday.

Re: Phishing campaign using nested Google redirect

2021-02-18 Thread John Hardin
On Thu, 18 Feb 2021, Ricky Boone wrote: Nice. I've copied scrubbed versions of what I've seen so far here: https://gitlab.com/-/snippets/2079108 (I can never remember if it is appropriate to include attachments to mailing lists like this). In our case it's best to upload an entire email (all

Re: Phishing campaign using nested Google redirect

2021-02-18 Thread Ricky Boone
Nice. I've copied scrubbed versions of what I've seen so far here: https://gitlab.com/-/snippets/2079108 (I can never remember if it is appropriate to include attachments to mailing lists like this). On Thu, Feb 18, 2021 at 1:13 PM Giovanni Bechis wrote: > > On 2/18/21 6:37 PM, Ricky Boone

Re: Phishing campaign using nested Google redirect

2021-02-18 Thread Giovanni Bechis
On 2/18/21 6:37 PM, Ricky Boone wrote: > Just wanted to forward an example of an interesting URL obfuscation > tactic observed yesterday. > >

Phishing campaign using nested Google redirect

2021-02-18 Thread Ricky Boone
Just wanted to forward an example of an interesting URL obfuscation tactic observed yesterday.