I am trying to write a rule to catch phishing schemes of this nature: <a href="123.123.123.123/login">http://legit-stie.com/login</a>
Is there anything wrong with this regexp?
/href=\"\d{1,3}(\.\d{1,3}){3}[^\"]*\"[^\>]*\>\s*http/
I realize that it is probably really error-prone, but that is why I am
throwing it out to this list. Has anyone else tried to tackle this
with success?
