Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1021
Views
5
Helpful
1
Replies

Lots of emails with https://bit.ly/3izj6gx links passing our CES

RolandBaumgaertner72768
Level 1
Level 1

‎06-14-2021 05:10 AM

hello,

 

today one user got an email from a hotmail account with direct link https://bit.ly/3izj6gx.

He told me he didnt click on the link but since then, maybe more 30 users get a similiar message.

 

Is there any way we can manualy create a rule to stop this? I am afraid that all our users get more and more emails from this type.

 

Thanks in advance,

Roland

 

Labels:
1 Reply 1

SriramV
Cisco Employee
Cisco Employee

‎06-14-2021 06:23 AM - edited ‎06-14-2021 06:27 AM

this is a malware URL. ESA should have bought it. if url reputation filter is configured, it would have caught. 

 

Mon Jun 14 12:56:00 2021 Info: MID 51832 interim verdict using engine: CASE spam positive

Mon Jun 14 12:56:00 2021 Info: MID 51832 URL h*** : // ljzl. skysafe. run / apmix has reputation -6.5 matched Condition: URL Reputation Rule

 

if not configured, then follow "https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118775-technote-esa-00.html"

0 Helpful
Customers Also Viewed These Support Documents