Massive Phishing Campaign Domain Farm Spotted in the Wild Uses Google’s Firebase Thousands of Users Affected – An OSINT Analysis

I’ve just stumbled across a pretty decent and massive phishing domains farm that using Google’s for the purpose of hosting and distributing the rogue and malicious content.

In this post I’ll provide actionable intelligence on the infrastructure behind it including to discuss in-depth the TTPs (Tactics Techniques and Procedures) of the cybercriminals behind it.

Sample rogue and malicious URL known to have participated in the campaign:


Sample malicious and rogue responding IPs known to have participated in the campaign:

Sample screenshots of the rogue and malicious phishing domains known to have been involved in the campaign:

Sample rogue and malicious phishing domain portfolio known to have participated in the campaign:



Stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked * E-shop Owner Information

Who is Dancho Danchev?

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products