Folks:
I've been seeing more frequently lately phishing that leverages web apps
hosted by Google and Microsoft as a collection point.
I couple of days ago I added firebaseapp.com and web.app to the default
util_rb_2tld list to cover firebase apps hosted by Google.
I've just seen a couple of phishes leveraging MS Azure web apps:
multadetrafico.eastus.cloudapp.azure.com
multapendente.westus2.cloudapp.azure.com
Unfortunately these can't be added as they have an Azure zone in the
fourth position and we don't have a util_rb_4tld directive...
So, topic for discussion: do we need to add a util_rb_4tld for this?
Related: does URIBL register names that deep?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Maxim I: Pillage, _then_ burn.
-----------------------------------------------------------------------
Tomorrow: John Moses Browning's 166th Birthday
