Below screenshot states that the base url firebasestorage.googleapis.com comes under content delivery network and the sub Url comes under phishing where customer wants to know why they were not blocking by the firewall.
Also while im checking with the Virsutotal the below urls have been mentioned as phishing. I just wanted to know how to take forward with this. By creating a deny rule on url category or kindly need you assistance here.
urlcategory1
.png
Download PNG • 14KB
urlcategory
.png
Download PNG • 90KB
thanks in advance
Hi Team, I just want to know whether this specific urls are phishing or not and how to take it forward. Like blocking the url using url category with decryption enabled? could that be a solution for all type of email phishing as well?
I mean if we enable decryption the sub url could be visible and the verdit for the urls can be checked with wildfire for signatures. So is this could be a solution for preventing from further links entering organization.
Regards
Hi Tom,
Thanks for the inputs.. So how shall i proceed to block that specific lengthy url on the firewall
Needed some inputs on that as well.
So shall i use a url category for the lengthy one without decryption or do we need decryption for that to be blocked. Kindly provide me with other possible means to rectify this issue.
thanks and regards,
Vijay
hi Vijaya
firebasestorage.googleapis.com is not a phishing site, it is a application development platform owned and operated by google, but users have been abusing the app-development capabilities by creating nefarious apps and storing credentials gathered from phishing campaigns. The main FQDN itself is safe, the lengthy URL you provided in the screenshot is a subsection (users pace) where this 'abuse' has taken place and that seems to be getting categorized properly
as such, the main site should not necessarily be blocked as it hosts countless 'good' applications
hope this helps
Tom