# MONETA (MONETA.CO.KR/CITI-LOAN.COM)
#
#  Current patterns.
#
#  Updated and verified 4/09/06
#
LT3=no

# Obscured Moneta Domain
#
:0 B
* !--.*forwarded message --
* !^forwarded message:
* -1000^0
*  1100^0 (^|[^-_0-9a-z])(c|%63)(a|%41)(f|%46)(e|%65)24(ÿ|\.|[=%]2E)com([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(w|%77)(w|%77)(w|%77)(ÿ|\.|[=%]2E)(m|%4d)(a|%61)(d|%64)(f|%66)(g|%67)(r|%52)(f|%66)(g|%67)(y|%59)(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(w|%77)(w|%77)(v|%76)(w|%77)(ÿ|\.|[=%]2E)(info|net)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(w|%77)(w|%77)(w|%77)(ÿ|\.|[=%]2E)(h|%48)(a|%41)(n|%54)(a|%41)(f|%46)(o|%55)(s|%59)(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(w|%77)(w|%77)(w|%77)(ÿ|\.|[=%]2E)(g|%47)(a|%41)(l|%4c)(l|%4c)(e|%45)(r|%72)(y|%65)(y|%65)(e|%65)(h|%68)(ÿ|\.|[=%]2E)com([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(m|%6d)(n|%6e)(g|%67)(l|%6c)(o|%4f)(a|%41)(n|%6e)(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(n|%6e)(u|%75)(r|%72)(i|%49)(k|%6b)(u|%55)(n|%6e)(ÿ|\.|[=%]2E)net([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(n|%6E)(a|%61)(y|%79)(a|%61)(n|%6E)(a|%61)(\.|%2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(l|%6C)(o|%6F)(a|%61)(n|%6E)(-|%2D)(s|%73)(e|%65)(r|%72)(v|%76)(i|%69)(c|%63)(e|%65)(\.|%2E)(c|%63)(o|%6F)(\.|%2E)(k|%6B)(r|%72)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(s|%73)(e|%[46]5)(g|%47)(i|%69)(k|%6b)(o|%4f)(r|%72)(e|%45)(a|%41)(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(s|%73)(m|%4d)(a|%61)(d|%64)(f|%[46]6)(g|%67)(r|%72)(f|%46)(g|%46]7)(y|%59)(ÿ|\.|[=%]2E)com([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(c|$63)(a|%61)(f|%66)(e|%65)24(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(v|%76)(e|%65)(n|%6e)(i|%69)(c|%63)(e|%65)24(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(w|%77)(e|%65)-(i|%69)(r|%72)(e|%65)(n|%6e)(e|%65)(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(m|%6D)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(m|%6d)(o|%6f)(o|%6f)(n|%4e)(t|%74)(o|%6f)(u|%55)(r|%72)(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(ÿ|\.|[=%]2E)(k|%6b)(r|%72)([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z])(e|%65)(i|%49)(j|%4a)(o|%4f)(b|%62)(ÿ|\.|[=%]2E)(c|%63)(o|%6F)(ÿ|\.|[=%]2E)(k|%6b)(r|%72)([^a-z0-9.]|\. |\.$|$)
{
 LT3=yes

 SBLOG="C3R-${TESTNAME} (Pattern Match: Obscured Domain belonging to ${TESTNAME})"
 INCLUDERC=${SBDIR}/functions/loglevel.rc
}

# Moneta email address
#
:0 B
* ! LT3 ?? yes
* !--.*forwarded message --
* !^forwarded message:
* -1000^0
*  1100^0 (^|[^-_0-9a-z]|[=%]20)denydeny(@|[=%]40)yahoo(ÿ|\.|[=%]2E)co(ÿ|\.|[=%]2E)kr([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z]|[=%]20)finecall2002(@|[=%]40)yahoo(ÿ|\.|[=%]2E)co(ÿ|\.|[=%]2E)kr([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z]|[=%]20)aigo123(@|[=%]40)dreamwiz(ÿ|\.|[=%]2E)com([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z]|[=%]20)fineloan(@|[=%]40)dreamwiz(ÿ|\.|[=%]2E)com([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z]|[=%]20)aigo1(@|[=%]40)naver(ÿ|\.|[=%]2E)com([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z]|[=%]20)lgylsh1004(@|[=%]40)yahoo(ÿ|\.|[=%]2E)co(ÿ|\.|[=%]2E)kr([^a-z0-9.]|\. |\.$|$)
{
 LT3=yes

 SBLOG="C3R-${TESTNAME} (Pattern Match: Email Address)"
 INCLUDERC=${SBDIR}/functions/loglevel.rc
}

# Moneta URL path or code
#
:0 B
* ! LT3 ?? yes
* !--.*forwarded message --
* !^forwarded message:
* -1000^0
*  1100^0 (^|[^-_0-9a-z]|[=%]20)denydeny(@|[=%]40)yahoo(ÿ|\.|[=%]2E)co(ÿ|\.|[=%]2E)kr([^a-z0-9.]|\. |\.$|$)
*  1100^0 (^|[^-_0-9a-z]|[=%]20)~bobloan/
*  1100^0 (^|[^-_0-9a-z]|[=%]20)~citiloan/
*  1100^0 \?vMarketorIdx=
*  1100^0 (^|[^-_0-9a-z]|[=%]20)include/spam_input(ÿ|\.|[=%]2E)asp\?ComId=
*  1100^0 (^|[^-_0-9a-z]|[=%]20)page/social_write(ÿ|\.|[=%]2E)asp\?ComId=
*  1100^0 ()/codmain\.html\?
*  1100^0 ()/or_marketing(ÿ|\.|[=%]2E)php\?partner=root
*  1100^0 ()/partner/RejectMail(ÿ|\.|[=%]2E)php  target=_blank>
*  1100^0 ()\[(\.)?D\.e\.n\.y\]
*  1100^0 ()/remem/remember(ÿ|\.|[=%]2E)htm([^a-z0-9.]|\. |\.$|$)
*  1100^0 ()/p-for/2-job(ÿ|\.|[=%]2E)html([^a-z0-9.]|\. |\.$|$)
*  1100^0 ()/p-for/2-mail(ÿ|\.|[=%]2E)html([^a-z0-9.]|\. |\.$|$)
{
 LT3=yes

 SBLOG="C3R-${TESTNAME} (Pattern Match: URL Path or Code)"
 INCLUDERC=${SBDIR}/functions/loglevel.rc
}