|
|
|
@ -63,11 +63,12 @@ reconf['HAS_ONION_URI'] = { |
|
|
|
|
|
|
|
local password_in_subject = [[Subject=/\bpassword\b/i]] |
|
|
|
local password_in_body = [[/\bpassword\b/i{sa_body}]] |
|
|
|
local btc_wallet = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]] |
|
|
|
local btc_wallet_address = [[/^[13][0-9a-zA-Z]{25,34}$/{words}]] |
|
|
|
local wallet_word = [[/^wallet$/i{words}]] |
|
|
|
|
|
|
|
reconf['LEAKED_PASSWORD_SCAM'] = { |
|
|
|
re = string.format('(%s | %s) & %s', password_in_subject, |
|
|
|
password_in_body, btc_wallet), |
|
|
|
re = string.format('(%s | %s) & %s & %s', password_in_subject, |
|
|
|
password_in_body, btc_wallet_address, wallet_word), |
|
|
|
description = 'Contains password word and BTC wallet address', |
|
|
|
score = 7.0, |
|
|
|
group = 'scams' |
Vsevolod Stakhov
7 years ago