EXPLORE
Sign In
← Back to Explore
sublimemediumRule

Firebase storage link

The message contains a Firebase storage link, which can be used to host malicious content.

Detection Query

type.inbound
and any(body.links, .href_url.domain.domain == 'firebasestorage.googleapis.com')

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

email

References

Tags

Suspicious link
Raw Content
name: "Firebase storage link"
description: |
  The message contains a Firebase storage link, which can be used to host malicious content.
references:
  - "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-in-a-bucket-utilizing-google-firebase-storage/"
type: "rule"
severity: "medium"
source: |
  type.inbound
  and any(body.links, .href_url.domain.domain == 'firebasestorage.googleapis.com')
tags:
  - "Suspicious link"