On Tue, 15 May 2018, Alex wrote:
Hi,
[snip..]
Train bayes, look for custom URIBL lists that might hit that powned website.
The IP (216.32.180.23) is listed on sorbs, but that's it, and the
domain (peabodyenergy.com) is not listed anywhere.
I wasn't referring to the site that was the source of the message but the
website that was hosting that PHISH login page.
(EG that "https://euphqobeofnetwork . com/example.survey/question/login.php" )
I don't hold it against a company if one of their LLusers gets p0wned and used
to send out spam/phishes.
What I do hold accountable is if some website gets p0wned and then (ab)used to
host phish pages. Whos's to say that the next page the black-hats put up is a
malware page?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{