TSPY_DYRE.YSR

September 21, 2015

Analysis by: RonJay Kristoffer Caragay

ALIASES:

Trojan:Win32/Bulta!rfn (Microsoft); Troj/Upatre-SQ (Sophos)

PLATFORM:

Windows

OVERALL RISK RATING:

DAMAGE POTENTIAL:

DISTRIBUTION POTENTIAL:

REPORTED INFECTION:

INFORMATION EXPOSURE:

Threat Type: Spyware
Destructiveness: No
Encrypted: Yes
In the wild: Yes

OVERVIEW

Infection Channel: Downloaded from the Internet, Dropped by other malware

This spyware may be dropped by other malware.

It uses the Windows Task Scheduler to add a scheduled task that executes the copies it drops.

It does not have any propagation routine.

It connects to certain websites to send and receive information. It deletes itself after execution.

TECHNICAL DETAILS

File Size: 546,816 bytes

File Type: EXE

Memory Resident: Yes

Initial Samples Received Date: 12 Sep 2015

Payload: Steals information

Arrival Details

This spyware may be dropped by the following malware:

TROJ_UPATRE.YSR

Installation

This spyware drops the following copies of itself into the affected system:

%AppDataLocal%\{random filename}.exe (for Windows Vista and above)
%Windows%\{random filename}.exe (for Windows XP and below)

(Note: %AppDataLocal% is the Application Data folder found in Local Settings, where it is usually C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.)

It uses the Windows Task Scheduler to add a scheduled task that executes the copies it drops.

It adds the following mutexes to ensure that only one of its copies runs at any one time:

Global\{random}

It injects codes into the following process(es):

explorer.exe
svchost.exe

Autostart Technique

The scheduled task executes the malware every:

1 minute

Other System Modifications

This spyware modifies the following registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Lsa
LimitBlankPasswordUse = "0"

(Note: The default value data of the said registry entry is 1.)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Terminal Server
fDenyTSConnections = "0"

(Note: The default value data of the said registry entry is 1.)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Terminal Server
fSingleSessionPerUser = "0"

(Note: The default value data of the said registry entry is 1.)

Propagation

This spyware does not have any propagation routine.

Dropping Routine

This spyware drops the following files:

%System%\config\systemprofile\Application Data\{random filename} (for Windows XP and below)
%AppDataLocal%\{random filename} (for Windows Vista and above)

(Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.. %AppDataLocal% is the Application Data folder found in Local Settings, where it is usually C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)

Information Theft

This spyware gathers the following data:

Host Name
Public IP Address
Computer Name
OS Version
OS Platform
User Accounts
System Info(CPU, Memory, No. of Processors)
Installed programs
Services

Other Details

This spyware connects to the following URL(s) to check for an Internet connection:

google.com
microsoft.com

It connects to the following URL(s) to get the affected system's IP address:

http://icanhazip.com

It connects to the following website to send and receive information:

http://{BLOCKED}.{BLOCKED}.75.75:4443
http://{BLOCKED}.{BLOCKED}.220.8:443
http://{BLOCKED}.{BLOCKED}.93.197:443
http://{BLOCKED}.{BLOCKED}.226.85:443
http://{BLOCKED}.{BLOCKED}.48.147:443
http://{BLOCKED}.{BLOCKED}.49.139:443
http://{BLOCKED}.{BLOCKED}.49.162:443
http://{BLOCKED}.{BLOCKED}.76.24:443
http://{BLOCKED}.{BLOCKED}.166.94:4443
http://{BLOCKED}.{BLOCKED}.18.187:4443
http://{BLOCKED}.{BLOCKED}.201.9:443
http://{BLOCKED}.{BLOCKED}.153.202:443
http://{BLOCKED}.{BLOCKED}.64.35:4443
http://{BLOCKED}.{BLOCKED}.194.101:4443
http://{BLOCKED}.{BLOCKED}.190.84:443
http://{BLOCKED}.{BLOCKED}.58.42:4443
http://{BLOCKED}.{BLOCKED}.135.106:4443
http://{BLOCKED}.{BLOCKED}.81.96:4443
http://{BLOCKED}.{BLOCKED}.102.70:443
http://{BLOCKED}.{BLOCKED}.157.210:443
http://{BLOCKED}.{BLOCKED}.157.202:443
http://{BLOCKED}.{BLOCKED}.63.98:443
http://{BLOCKED}.{BLOCKED}.73.130:443
http://{BLOCKED}.{BLOCKED}.250.245:443
http://{BLOCKED}.{BLOCKED}.48.79:443
http://{BLOCKED}.{BLOCKED}.50.124:4443
http://{BLOCKED}.{BLOCKED}.91.90:443
http://{BLOCKED}.{BLOCKED}.142.66:443
http://{BLOCKED}.{BLOCKED}.154.180:4443
http://{BLOCKED}.{BLOCKED}.34.245:443
http://{BLOCKED}.{BLOCKED}.171.216:443
http://{BLOCKED}.{BLOCKED}.60.93:4443
http://{BLOCKED}.{BLOCKED}.179.197:443
http://{BLOCKED}.{BLOCKED}.165.182:443
http://{BLOCKED}.{BLOCKED}.156.170:4443
http://{BLOCKED}.{BLOCKED}.147.103:4443
http://{BLOCKED}.{BLOCKED}.33.225:4443
http://{BLOCKED}.{BLOCKED}.57.164:4443
http://{BLOCKED}.{BLOCKED}.230.226:4443
http://{BLOCKED}.{BLOCKED}.203.23:443
http://{BLOCKED}.{BLOCKED}.128.203:443
http://{BLOCKED}.{BLOCKED}.191.170:443
http://{BLOCKED}.{BLOCKED}.51.115:4443
http://{BLOCKED}.{BLOCKED}.254.225:443
http://{BLOCKED}.{BLOCKED}.9.66:4443
http://{BLOCKED}.{BLOCKED}.182.74:443

It does the following:

Receive configuration(web injects/MitB)
Receive New connections
Download file and execute
Download Module(VNC,TV)
Browser Snapshot
Terminate Process
Add Users
Modifies Master Boot Record (MBR)
Shutdown/restart system
Monitors the following browsers:
- chrome.exe
- firefox.exe
- iexplore.exe
Connects to the following STUN (Session Traversal Utilities for NAT) server in order to determine the public IP address of the compromised computer:
- stun1.voiceeclipse.net
- stun.callwithus.com
- stun.sipgate.net
- stun.ekiga.net
- stun.internetcalls.com
- stun.noc.ams-ix.net
- stun.voip.aebc.com
- stun.voipbuster.com
- stun.voxgratia.org
- stun.ipshka.com
- stun.faktortel.com.au
- stun.iptel.org
- stun.voipstunt.com
- 203.183.172.196:3478
- s1.taraba.net
- stun.l.google.com:19302
- stun1.l.google.com:19302
- stun2.l.google.com:19302
- stun3.l.google.com:19302
- stun4.l.google.com:19302
- stun.schlund.de
- stun.rixtelecom.se
- stun.voiparound.com
- numb.viagenie.ca
- stun.stunprotocol.org
- stun.services.mozilla.com
- stun.2talk.co.nz
Stop the following services:
- wscsvc
- MpsSvc
- WinDefend

It deletes itself after execution.

NOTES:

This spyware steals important banking/bitcoin information by injecting malicious codes to bank/Bitcoin login webpages with URLs containing any of the following:

cashproonline.bankofamerica.com/AuthenticationFrameworkWeb/cpo/login/public/loginMain.faces
cashproonline.bankofamerica.com/*
businessaccess.citibank.citigroup.com/cbusol/signon.do
businessaccess.citibank.citigroup.com/*
www.business.hsbc.co.uk/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDgzAfSycDUy8LAzNDbz8vbzMDKADKR2LKuyHkgbotDB1dDZyDDTwMzM0sDTy93B1dnXz8DN0tTCC6nd0dPUzMfYCqwzxdDTxNnEwMTH3dDA08jQnoLsgNDQUAO-nOhw!!
www.business.hsbc.co.uk/*
www.nwolb.com/default.aspx
www.nwolb.com/*
www6.rbc.com/webapp/ukv0/signin/logon.xhtml
www6.rbc.com/*
online.bankofscotland.co.uk/personal/logon/login.jsp
online.bankofscotland.co.uk/*
www.rbsdigital.com/login.aspx*
www.rbsdigital.com/*
wellsoffice.wellsfargo.com/*/signon/index.jsp*
wellsoffice.wellsfargo.com/*
www.ulsterbankanytimebanking.ie/default.aspx
www.ulsterbankanytimebanking.ie/*
access.jpmorgan.com/jpmalogon
access.jpmorgan.com/*
gateway.citizenscommercialbanking.com/ccp/accessmoneymanager.jsp
gateway.citizenscommercialbanking.com/*
www.signatureny.web-access.com/signat/cgi-bin/login.cgi
www.signatureny.web-access.com/*
www.bankline.rbs.com/CWSLogon/logon.do*
www.bankline.rbs.com/*
www.bankline.ulsterbank.ie/CWSLogon/logon.do*
www.bankline.ulsterbank.ie/*
lloydslink.online.lloydsbank.com/Logon/Logon.jsp
lloydslink.online.lloydsbank.com/*
banking.bankofscotland.co.uk/Logon/Logon.aspx*
banking.bankofscotland.co.uk/*
onepass.regions.com/oaam_server/oamLoginPage.jsp*
onepass.regions.com/*
commercial.bnc.ca/auth/Login*
commercial.bnc.ca/*
ktt.key.com/ktt/cmd/logon
ktt.key.com/*
businessbanking.tdcommercialbanking.com/WBB/LoginDisplay
businessbanking.tdcommercialbanking.com/*
cityntl.webcashmgmt.com/wcmfd/wcmpw/CustomerLogin
cityntl.webcashmgmt.com/*
www.treasury.pncbank.com/idp/esec/login.ht
www.treasury.pncbank.com/*
ffcw.webcashmgmt.com/wcmfd/wcmpw/CustomerLogin
ffcw.webcashmgmt.com/*
eastwestbank.webcashmgmt.com/wcmfd/wcmpw/CustomerLogin
eastwestbank.webcashmgmt.com/*
cib.bankofthewest.com/K1/servlet/com.fis.authentication.servlet.WelcomeServlet
cib.bankofthewest.com/*
www.frostcashmanager.com/CASHplus
www.frostcashmanager.com/*
www.bankunitedbusinessonlinebanking.com/bbw/cmserver/welcome/default/verify.cfm
www.bankunitedbusinessonlinebanking.com/*
www8.comerica.com/pkmslogin.form
www8.comerica.com/*
securentrycorp.amegybank.com/
securentrycorp.amegybank.com/*
securentrycorp.calbanktrust.com/
securentrycorp.calbanktrust.com/*
www2.pbebank.com/myIBK/apppbb/servlet/BxxxServlet*
www2.pbebank.com/*
www.hsbc.com.my/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDCxNvAz9vzyAXA2cPRxMPywBDAwgAykdiyjv5w-WJ0e1v6m5g6RNiYWngbeRvHGRqbECc7uDUvPjQYH0_j_zcVP1I_ShzDMWeniYwxZE5qemJyZXY1XljqgvN0w_Lyy_KBYZBQW5oRLm3jyMAwombdA!!/dl3/d3/L0lJSklna21BL0lKakFBTXlBQkVSQ0pBISEvNEZHZ3NvMFZ2emE5SUFnIS83XzA4NEswTktJUkQwQ0hBNEhJSTQwMDAwMDAwL3lSbVo6MjI4ODAwMDQ!
www.hsbc.com.my/*
securentrycorp.nsbank.com/
securentrycorp.nsbank.com/*
securentrycorp.zionsbank.com/
securentrycorp.zionsbank.com/*
ematchingnz1.online.anz.com/saam/SAAMLogin/Login.fcc*
ematchingnz1.online.anz.com/*
www.fcsolb.com/cb/pages/jsp-ns/login.jsp*
www.fcsolb.com/*
transtasman.online.anz.com/client
transtasman.online.anz.com/*
www.commercial.hsbc.com.hk/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDd-NQv1BDg2AXA1-PEE9zPwtDAwgAykeaxTu7O3qYmPsA-WGergaeJk4mBqa-boYGnsbYdPsidBfkhioCAMGAADI!
www.commercial.hsbc.com.hk/*
www.anzdirect.co.nz/online/EnterANZDirect.do
www.anzdirect.co.nz/*
www.bostonprivatebank.com/index.cfm/pid/10540
www.bostonprivatebank.com/*
secure1.businesswaybnl.it/newcorporate/webcontoc/login/login
secure1.businesswaybnl.it/*
business2.danskebank.co.uk/pub/logon/logon.aspx*
business2.danskebank.co.uk/*
online.coutts.com/eBankingCouttsLogin/login
online.coutts.com/*
leumionline.bankleumi.co.uk/my.policy
leumionline.bankleumi.co.uk/*
www.gs.reyrey.com/common/login/login.aspx
www.gs.reyrey.com/*
businessonline.mutualofomahabank.com/cb/pages/jsp-ns/login.jsp
businessonline.mutualofomahabank.com/*
login.salesforce.com/
login.salesforce.com/*
top.capitalonebank.com/pub/html/login.html
top.capitalonebank.com/*
cmol.bbt.com/auth/prompt.tb*
cmol.bbt.com/*
business-eb.ibanking-services.com/K1/index.jsp
business-eb.ibanking-services.com/*
businessonline.tdbank.com/corporatebankingweb/core/login.aspx
businessonline.tdbank.com/*
tdetreasury.tdbank.com/s1gcb/logon/sbuser
tdetreasury.tdbank.com/*
express.53.com/portal/auth/login/Login
express.53.com/*
www.natwestibanking.com/eai/IPB_EAI_Web/*
www.natwestibanking.com/*
online.adambank.com/eBankingAdamLogin/login
online.adambank.com/*
fdonline.co-operativebank.co.uk/corp/BANKAWAY*
fdonline.co-operativebank.co.uk/*
home?.ybonline.co.uk/raluV8/reglm-web/login.ctl
home?.ybonline.co.uk/*
www.iombankibanking.com/eai/IPB_EAI_Web/eai*
www.iombankibanking.com/*
www.rbsiibanking.com/ipb/IPB_Client_Web/Start.do
www.rbsiibanking.com/*
www22.bmo.com/ctpauth/CTPEAILogin/CustUserPasswordAuthServlet*
www22.bmo.com/*
e-access.compassbank.com/bbw/cmserver/welcome/default/verify.cfm
e-access.compassbank.com/*
ht.businessonlinepayroll.com/SPF/login/ee_auth.aspx
ht.businessonlinepayroll.com/*
www1.rbcbankusa.com/cgi-bin/rbaccess/rbunxcgi*
www1.rbcbankusa.com/*
webcmpr.bancopopular.com/K1
webcmpr.bancopopular.com/*
login.isso.db.com/websso/sso_multi_auth_Logon.sso*
login.isso.db.com/*
bank.barclays.co.uk/olb/auth/LoginLink.action
bank.barclays.co.uk/*
www.svbconnect.com/auth
www.svbconnect.com/*
www.corporate-clients.commerzbank.com/S-Portal/SHTML/cdir2/companydirectportal/pgf.html*
www.corporate-clients.commerzbank.com/*
charisma.btdirect.ro/CharismaWEB/_Public/Login.aspx
charisma.btdirect.ro/*
aibinternetbanking.aib.ie/inet/roi/login.htm
aibinternetbanking.aib.ie/*
business.santander.co.uk/LGSBBI_NS_ENS/BtoChannelDriver.ssobto*
business.santander.co.uk/*
retail.santander.co.uk/LOGSUK_NS_ENS/BtoChannelDriver.ssobto*
retail.santander.co.uk/*
santander.hpdsc.com/main
santander.hpdsc.com/*
www.rbsidigital.com/default.aspx*
www.rbsidigital.com/*
www.onlinebanking.natwestoffshore.com/default.aspx*
www.onlinebanking.natwestoffshore.com/*
www.internationalpayments.co.uk/
www.internationalpayments.co.uk/*
bolpp.bankofireland.com/Commercial*
bolpp.bankofireland.com/*
www.boi-bol.com/newHome.jsp
www.boi-bol.com/*
www.ingonline.com/ro/!UPR.Dispatcher*
www.ingonline.com/*
cbfm.saas.cashfac.com/cbfm/Logon.aspx
cbfm.saas.cashfac.com/*
onlinebusiness.lloydsbank.co.uk/business/logon/login.jsp*
onlinebusiness.lloydsbank.co.uk/*
alolb1.arbuthnotlatham.co.uk/IB/Online
alolb1.arbuthnotlatham.co.uk/*
online.hoaresbank.co.uk/fi11512/bb/logon
online.hoaresbank.co.uk/*
butterfieldonline.co.uk/
butterfieldonline.co.uk/*
www.asbolb.com/servlet/ASB.ASBServlet
www.asbolb.com/*
online.ybs.co.uk/public/authentication/login1.do
online.ybs.co.uk/*
www.kbinternetbanking.com:8443/ARCIB-NEWF/index.html
www.kbinternetbanking.com:8443/*
ibank.reliancebankltd.com/logon.aspx
ibank.reliancebankltd.com/*
online.duncanlawrie.com/InternetBanking/faces/mdi/login.jsp
online.duncanlawrie.com/*
esavings.shawbrook.co.uk/BankFast/Shawbrook
esavings.shawbrook.co.uk/*
bureau.bottomline.co.uk/unity/index.aspx
bureau.bottomline.co.uk/*
ibb.firsttrustbank1.co.uk/ibb/controller*
ibb.firsttrustbank1.co.uk/*
www1.firstdirect.com/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDgzAfSycDUy8LAzNDbz8vbzMDKADKR5rFO7s7epiY-wD5YZ6uBp4mTiYGpr5uhgaexmDdFibeBn7enkEuBs4ejiYeHkGGMN0FuaGKAPRSfDc!
www1.firstdirect.com/*
netbanking.ubluk.com/Login/Index
netbanking.ubluk.com/*
ibank.zenith-bank.co.uk/internetbanking/index.jsp
ibank.zenith-bank.co.uk/*
ibank.gtbankuk.com/Gaps_UK/Default.aspx
ibank.gtbankuk.com/*
online.bankofcyprus.co.uk/netteller/login.faces
online.bankofcyprus.co.uk/*
my.sjpbank.co.uk/Security/Auth/Logon
my.sjpbank.co.uk/*
www.365online.com/online365/spring/authentication*
www.365online.com/*
online.kbc.ie/kbc-online/onlinebanking/login*
online.kbc.ie/*
www.open24.ie/online/login.aspx*
www.open24.ie/*
business2.danskebank.ie/pub/logon/logon.aspx*
business2.danskebank.ie/*
online.ebs.ie/internet/login/index.jsp
online.ebs.ie/*
secure2.alphabank.ro/corporate/CorpOTPLoginLangRom.jsp
secure2.alphabank.ro/*
ib.btrl.ro/BT24/bfo/channel/web/loginframe.jsp*
ib.btrl.ro/*
btultra.btrl.ro/sign/_mcologon
btultra.btrl.ro/*
fastbanking.bancpost.ro/iBankWeb/login.jsp
fastbanking.bancpost.ro/*
www.ceconline.ro/smartoffice/logon.htm
www.ceconline.ro/*
ro.unicreditbanking.net/disp*
ro.unicreditbanking.net/*
secure.internetbanking.ro/IBK_SMS/Login/LoginFirstStep.aspx*
secure.internetbanking.ro/*
net.crediteurope.ro/ibank-cln/do/login/prompt
net.crediteurope.ro/*
www.raiffeisenonline.ro/eBankingWeb/login*
www.raiffeisenonline.ro/*
login.24banking.ro/casserver/login*
login.24banking.ro/*
s2b.standardchartered.com/ssoapp/login.jsp
s2b.standardchartered.com/*
eadibcorp.adib.ae/cb/servlet/cb/jsp-ns/login.jsp*
eadibcorp.adib.ae/*
corporate.adcb.com/corporateWeb/login.do
corporate.adcb.com/*
www.arabi-online.net/efs/servlet/efs/jsp-ns/login.jsp
www.arabi-online.net/*
cbionline.cbi.ae/bus/security/Welcome.do*
cbionline.cbi.ae/*
bankofirelandlifeonline.ie/
bankofirelandlifeonline.ie/*
corporate.metrobankonline.co.uk/
corporate.metrobankonline.co.uk/*
www.barclayswealth.com/login/action/logon/unauthenticated/personal/loginDetailsRouting
www.barclayswealth.com/*
www.cbdibusiness.ae/cb/servlet/cb/login.jsp
www.cbdibusiness.ae/*
login.smartbusiness.ae/bo-login.jsp
login.smartbusiness.ae/*
online.dib.ae/webapplication.ui/localoperations/login/loginpage.aspx
online.dib.ae/*
www.investbank.ae/ibank/loginAction.do
www.investbank.ae/*
netbanking.mashreqbank.com/B001/SMELogin.jsp
netbanking.mashreqbank.com/*
online.nbad.com/iportalweb/iportal/jsps/orbilogin.jsp
online.nbad.com/*
rakbankonline.ae/corp/BANKAWAY*
rakbankonline.ae/*
www.noorinternetbanking.com/CWCLIENT/loginClient.action
www.noorinternetbanking.com/*
secure.membersaccounts.com/SELFSERVICE/login.aspx*
secure.membersaccounts.com/*
cib.uab.ae/
cib.uab.ae/*
www.halifax-online.co.uk/personal/logon/login.jsp
www.halifax-online.co.uk/*
cardonebanking.com/authlogin.aspx?business*
cardonebanking.com/*
banking.triodos.co.uk/ib-seam/login.seam?loginType=username*
banking.triodos.co.uk/*
ebank.turkishbank.co.uk/Default2.aspx
ebank.turkishbank.co.uk/*
nebasilicon.fdecs.com/eCustService/*
nebasilicon.fdecs.com/*
apps.virginmoney.com/vmosws/loginWait.do
apps.virginmoney.com/*
onlinebanking.bankcoop.ch/
onlinebanking.bankcoop.ch/*
tb.raiffeisendirect.ch/
tb.raiffeisendirect.ch/*
wwwsec.ebanking.zugerkb.ch/authen/login
wwwsec.ebanking.zugerkb.ch/*
wwwsec.valiant.ch/authen/login*
wwwsec.valiant.ch/*
inba.lukb.ch/lukbLogin/*
inba.lukb.ch/*
www.bcv.ch/bcvd-login/authenticateAction.do
www.bcv.ch/*
www.bcv.ch/en
www.bcv.ch/*
www.bcv.ch/fr
www.bcv.ch/*
www.bcv.ch/de
www.bcv.ch/*
online.citi.eu/GBIPB/JSO/signon/DisplayUsernameSignon.do*
online.citi.eu/*
my.hypovereinsbank.de/login*
my.hypovereinsbank.de/*
db-sg.db.com/gen/login/index_4.cfm
db-sg.db.com/*
meine.deutsche-bank.de/trxm/db
meine.deutsche-bank.de/*
www.banking.axa.de/OnlineBankingWebfrontend/banking/common/login.xhtml;jsessionid=F05F46A7333D65031BD6C9B43C062C31*
www.banking.axa.de/*
my.banklenz.de/web/guest/login
my.banklenz.de/*
ibank.theaccessbankukltd.co.uk/entry/CorpLoginLang.html
ibank.theaccessbankukltd.co.uk/*
www.standardlife.co.uk/c1/login.page
www.standardlife.co.uk/*
ebaer.juliusbaer.com/*
ebaer.juliusbaer.com/*
ebanking-ch2.ubs.com/workbench/Index.do*
ebanking-ch2.ubs.com/*
clients.tilneybestinvest.co.uk/ORM/Login.aspx
clients.tilneybestinvest.co.uk/*
banking.martinbank.de/
banking.martinbank.de/*
apps.bhw.de/es600/index.jsp
apps.bhw.de/*
auth.globalpay.westernunion.com/Sso/Login.aspx*
auth.globalpay.westernunion.com/*
extra.unicreditbank.hu/eibpublic_SP/login.en.html
extra.unicreditbank.hu/*
extra.unicreditbank.hu/eibpublic_SP/login.hu.html
extra.unicreditbank.hu/*
extra.unicreditbank.hu/eibpublic_SP/login.de.html
extra.unicreditbank.hu/*
banking.bmwbank.de/s/b2cpws.fcc*
banking.bmwbank.de/*
banking.donner-reuschel.de/index.jsp
banking.donner-reuschel.de/*
www.firstmeritib.com/ec/DefaultCorp.aspx
www.firstmeritib.com/*
cmo.cibc.com/wp/wps/portal/bbdsignon*
cmo.cibc.com/*
blcweb.banquelaurentienne.ca/lang/en/BLCDirect
blcweb.banquelaurentienne.ca/*
blcweb.banquelaurentienne.ca/lang/fr/BLCDirect
blcweb.banquelaurentienne.ca/*
online.hl.co.uk/my-accounts
online.hl.co.uk/*
www.dab-bank.de/Mein-Konto-Depot/Login
www.dab-bank.de/*
www.degussa-bank.de/login
www.degussa-bank.de/*
finanzportal.fiducia.de/p01pebe/entry*
finanzportal.fiducia.de/*
www.youinvest.co.uk/LogIn/username
www.youinvest.co.uk/*
login.isso.db.com/websso/sso_custom_multi_auth_flex_Logon.sso*
login.isso.db.com/*
db-direct.db.com/u/eb/Login_Main.serv*
db-direct.db.com/*
finanzportal.fiducia.de/p13pepe/entry*
finanzportal.fiducia.de/*
www.asl.com/asl/login/entryFrame.jsp
www.asl.com/*
banking.ing-diba.de/app/login*
banking.ing-diba.de/*
banking.valovisbank.de/portal/*
banking.valovisbank.de/*
kunden-mkb-bank.de/
kunden-mkb-bank.de/*
financepilot-pe.mlp.de/p12pepe/entry*
financepilot-pe.mlp.de/*
banking.greensill-bank.com/ptlweb/WebPortal*
banking.greensill-bank.com/*
hbciweb.olb.de/financebrowser5
hbciweb.olb.de/*
banking.oyakankerbank.de/*
banking.oyakankerbank.de/*
secure.ampbanking.com/au/Logon
secure.ampbanking.com/*
online.multiport.com.au/
online.multiport.com.au/*
globalpay.westernunion.com/GlobalPay/Login.aspx
globalpay.westernunion.com/*
www.anztransactive.anz.com/
www.anztransactive.anz.com/*
www.anz.com/INETBANK/bankmain.asp
www.anz.com/*
bbonline.banksa.com.au/html/cbank.asp*
bbonline.banksa.com.au/*
ibs.bankwest.com.au/BWLogin/bib.aspx
ibs.bankwest.com.au/*
netteller2.tsw.com.au/delphi/ntv451.asp*
netteller2.tsw.com.au/*
businessonline.westpac.com.au/esis/Login/SrvPage
businessonline.westpac.com.au/*
online.corp.westpac.com.au/
online.corp.westpac.com.au/*
www*.my.commbiz.commbank.com.au/Logon/UserMaintenance/Login.aspx
www*.my.commbiz.commbank.com.au/*
bbonline.bankofmelbourne.com.au/html/cbank.asp*
bbonline.bankofmelbourne.com.au/*
ib.banksyd.com.au/
ib.banksyd.com.au/*
online.hbs.net.au/hbsv47/ntv471.asp*
online.hbs.net.au/*
www.ib.boq.com.au/boqbl
www.ib.boq.com.au/*
www.my.commbank.com.au/netbank/Logon/Logon.aspx*
www.my.commbank.com.au/*
bank.ruralbank.com.au/banking/RBLIBanking
bank.ruralbank.com.au/*
secure.macquarie.com.au/sepas/serve*
secure.macquarie.com.au/*
nabconnect*.nab.com.au/auth/nabclogin/login.do*
nabconnect*.nab.com.au/*
ib.tmbank.com.au/ib/signon/Login.aspx
ib.tmbank.com.au/*
www.citibank.com.au/AUGCB/JSO/signon/DisplayUsernameSignon.do
www.citibank.com.au/*
ap.ebs.bankofchina.com/login.html*
ap.ebs.bankofchina.com/*
netteller*.pnbank.com.au/InternetBanking/Login.aspx
netteller*.pnbank.com.au/*
secure.defencebank.com.au/daib/logon/cu3205/logon.asp
secure.defencebank.com.au/*
online.bankmecu.com.au/daib/logon/cu3140/logon.asp
online.bankmecu.com.au/*
private.bankofsingapore.com/Login/Login
private.bankofsingapore.com/*
fareastnationalbank.ebanking-services.com/EamWeb/account/login.aspx*
fareastnationalbank.ebanking-services.com/*
velocity.ocbc.com/portal.view
velocity.ocbc.com/*
uniservices2.uobgroup.com/ELO/login.jsp
uniservices2.uobgroup.com/*
sg.bibplus.uobgroup.com/BIB/public
sg.bibplus.uobgroup.com/*
bbonline.stgeorge.com.au/html/cbank.asp*
bbonline.stgeorge.com.au/*
internetbanking.suncorpbank.com.au/
internetbanking.suncorpbank.com.au/*
inetbnkp.adelaidebank.com.au/OnlineBanking/AdBank
inetbnkp.adelaidebank.com.au/*
secure.anz.co.nz/IBCS/service/login
secure.anz.co.nz/*
www.bnz.co.nz/ib4b/app/login
www.bnz.co.nz/*
bol.westpac.co.nz/s1gcb/logon/sbuser
bol.westpac.co.nz/*
www.ib.kiwibank.co.nz/
www.ib.kiwibank.co.nz/*
www.flexipurchase.com/secure/welcome.asp
www.flexipurchase.com/*
homebank.tsbbank.co.nz/online
homebank.tsbbank.co.nz/*
secure1.rabodirect.co.nz/exp/policyenforcer/pages/loginB2CDGPEN.jsf
secure1.rabodirect.co.nz/*
my.statestreet.com/
my.statestreet.com/*
www.mercantilcbonline.com/secure/banking/logon
www.mercantilcbonline.com/*
fx.regions.com/esn01/servlet/RSASingleSignOn
fx.regions.com/*
www.goldman.com/login/login_a.cgi*
www.goldman.com/*
wealth.goldman.com/login/login_a.cgi*
wealth.goldman.com/*
businesscenter.mysynchrony.com/BusinessCenterPortal
businesscenter.mysynchrony.com/*
commerceconnections.commercebank.com
commerceconnections.commercebank.com/*
www.bankdirect.co.nz
www.bankdirect.co.nz/*
pfo.us.hsbc.com
pfo.us.hsbc.com/*
bbonline.stgeorge.com.au/html/cbindex.asp*
bbonline.stgeorge.com.au/*
ideal.dbs.com/loginSubscriber/login/pin.jsp
ideal.dbs.com/*
internet-banking.dbs.com.sg/IB/Welcome
internet-banking.dbs.com.sg/*
www.dbsvonline.com/english/index.asp*
www.dbsvonline.com/*
cashmanager.mizuhoe-treasurer.com/mz/servlet/SLogin*
cashmanager.mizuhoe-treasurer.com/*
www.superchoice.com.au/amp
www.superchoice.com.au/*
www.superorganised.com.au/dashboard/login*
www.superorganised.com.au/*
portal.northonline.com.au/WealthNET.PortalClient
portal.northonline.com.au/*
www.gecapitalbank.com/gecb/app/login
www.gecapitalbank.com/*
www.gemyaccounts.com/myaccounts/Index.html*
www.gemyaccounts.com/*
connect.bnymellon.com/ConnectLogin/login/LoginPage.jsp
connect.bnymellon.com/*
www.postfinance.ch/ap/ba/fp/html/e-finance/home*
www.postfinance.ch/*
ebanking-ch2.ubs.com/workbench/Index.do*
ebanking-ch2.ubs.com/*
clientlogin.ibb.ubs.com/login
clientlogin.ibb.ubs.com/*
www.ebanking.hsbc.co.nz/1/2/!ut/p/c5/jZBdC4IwGEZ_0vtuI6VLXTitmeGa6G5kiIigMyKK_n3rJrrpg-fynHPzgAE_Z6_jYC_j4uwENZigzYMQOd0yFLwIkJbZmsu4JCJhnjefecn-qkklokxTLEjquUxCKsUBxRF_1Kp3rVawT5e5hwZM-CYr8ZTzjVzFyDhn0Ez9YLv7d0-Rl6cdVG45z_6D06zr205GD_hDJm4!/dl3/d3/L0lJSklna21BL0lKakFBTXlBQkVSQ0pBISEvNEZHZ3NvMFZ2emE5SUFnIS83X002NzBDMkozMEdTRzYwMlJNREw1QjAzQ0MzL0FHVnNUNDc3MjAwMDQ!
www.ebanking.hsbc.co.nz/*
secure.heartland.co.nz/IB/index.zul
secure.heartland.co.nz/*
connect-ch2.ubs.com/workbench/Index.do*
connect-ch2.ubs.com/*
www.bendigobank.com.au/banking/BBLIBanking
www.bendigobank.com.au/*
www.hsbc.com.au/1/2/HUB_IDV2/IDV_EPP*
www.hsbc.com.au/*
www.citibusiness.citibank.com.sg/SGCBZ/JSO/signon/DisplayUsernameSignon.do
www.citibusiness.citibank.com.sg/*
internet.ocbc.com/internet-banking
internet.ocbc.com/*
ibank.standardchartered.com.sg/nfs/login.htm
ibank.standardchartered.com.sg/*
fastpay.asbbank.co.nz/Account/LogOn
fastpay.asbbank.co.nz/*
drob.santanderbank.com/cscobgss/Satellite*
drob.santanderbank.com/*
ebanking-mc.ubs.com/
ebanking-mc.ubs.com/*
www2.secure.hsbcnet.com/uims/portal/IDV_CAM10_AUTHENTICATION*
www2.secure.hsbcnet.com/*
ebanking-es.ubs.com/
ebanking-es.ubs.com/*
ebanking-uk.ubs.com/
ebanking-uk.ubs.com/*
www.citibank.com.sg/SGGCB/JSO/signon/DisplayUsernameSignon.do
www.citibank.com.sg/*
www.onlinesbiglobal.com/64SG/BANKAWAY*
www.onlinesbiglobal.com/*
www.onlinesbiglobal.com/64SG/BANKAWAY*
www.onlinesbiglobal.com/*
ebanking-bel.ubs.com/epexb
ebanking-bel.ubs.com/*
ebanking-bel.ubs.com/estmtb
ebanking-bel.ubs.com/*
ebanking-bel.ubs.com/fim
ebanking-bel.ubs.com/*
ebanking-bhs2.ubs.com/epex
ebanking-bhs2.ubs.com/*
ebanking-aut.ubs.com/fim
ebanking-aut.ubs.com/*
ebanking-aut.ubs.com/epexa
ebanking-aut.ubs.com/*
ebanking-aut.ubs.com/estmta
ebanking-aut.ubs.com/*
invest.etrade.com.au/Home.aspx
invest.etrade.com.au/*
www.hsbc.com.sg/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDf6NAZ8tQU3c3A0dDV5MAf2MTAwjQL8h2VAQAdKy3eg!!/*
www.hsbc.com.sg/*
www.asb.co.nz
www.asb.co.nz/*
cib.icicibank.com/corp/BANKAWAY*
cib.icicibank.com/*
group.unicreditbanking.net/
group.unicreditbanking.net/*
www.fidunet.lu/fidunet/loginFidu.jsp
www.fidunet.lu/*
www.corpnet.lu/corpnet/loginCorp.jsp
www.corpnet.lu/*
secure.unicreditbank.lu/
secure.unicreditbank.lu/*
www.unicreditbank.sk/i-banking-sk-https.html
www.unicreditbank.sk/*
www.unicreditbank.ba/eba/BHgradjani
www.unicreditbank.ba/*
ebanking-au.ubs.com/ebanking
ebanking-au.ubs.com/*
onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl
onlineservices.ubs.com/*
clientportal.ibb.ubs.com/portal/index.htm*
clientportal.ibb.ubs.com/*
ebanking-fr.ubs.com/enquiries/*
ebanking-fr.ubs.com/*
ebanking-de1.ubs.com/workbench/Index.do*
ebanking-de1.ubs.com/*
ebanking-hksg.ubs.com/
ebanking-hksg.ubs.com/*
ebanking-can.ubs.com/epex
ebanking-can.ubs.com/*
ebanking-ca.ubs.com/safeloginc/Login*
ebanking-ca.ubs.com/*
ebanking-ca.ubs.com/gepc/MainAction
ebanking-ca.ubs.com/*
ebanking-can.ubs.com/estmtc
ebanking-can.ubs.com/*
ebanking-ca.ubs.com/safeloginc/Login*
ebanking-ca.ubs.com/*
ebanking-ca.ubs.com/estmtc/action/login
ebanking-ca.ubs.com/*
trz.tranzact.org/LogonOTP.aspx
trz.tranzact.org/*
catalystcorp.org/*
catalystcorp.org/*
www.tranzact.org/
www.tranzact.org/*
mdcommercial.jpmorgan.com/
mdcommercial.jpmorgan.com/*
jpmcsso.jpmorgan.com/sso/action/login*
jpmcsso.jpmorgan.com/*
online.lloydsbank.co.uk/personal/logon/login.jsp*
online.lloydsbank.co.uk/*
www.hsbc.co.uk/1/2/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gDgzAfSycDUy8LAzNDbz8vbzMDKADKR5rFO7s7epiY-wD5YZ6uBp4mTiYGpr5uhgaexmDdFibeBn7enkEuBs4ejiYeRiHGMN1-Hvm5qfoFuRHlABOr0sE!*
www.hsbc.co.uk/*
ebanking-it.ubs.com/
ebanking-it.ubs.com/*
ebanking-lux.ubs.com/estmt
ebanking-lux.ubs.com/*
ebanking-lux.ubs.com/epex
ebanking-lux.ubs.com/*
ebanking-lux.ubs.com/fim
ebanking-lux.ubs.com/*
ebanking-ch.ubs.com/workbench/Index.do*
ebanking-ch.ubs.com/*
quotes-global1.ubs.com/go/*
quotes-global1.ubs.com/*
ebanking-nld.ubs.com/estmtn
ebanking-nld.ubs.com/*
www.ubs.com/connect
www.ubs.com/*
privatebank-us.ubs.com/
privatebank-us.ubs.com/*
jpmcsso.jpmorgan.com/sso/action/federateLogin*
jpmcsso.jpmorgan.com/*
online.unicreditcorporate.it/login.htm
online.unicreditcorporate.it/*
online-smallbusiness.unicredit.it/login.htm
online-smallbusiness.unicredit.it/*
online-private.unicredit.it/login.htm
online-private.unicredit.it/*
online-retail.unicredit.it/login.htm
online-retail.unicredit.it/*
www.gtb.unicredit.eu/login
www.gtb.unicredit.eu/*
my.hypovereinsbank.de/login*
my.hypovereinsbank.de/*
online.bulbank.bg/page/default.aspx*
online.bulbank.bg/*
extra.unicreditbank.hu/eib_SP/loginpage.hu.html
extra.unicreditbank.hu/*
www.hvbrsce.com/ebanking/Athens/Pages/ElectronicBanking.htm
www.hvbrsce.com/*
si.unicreditbanking.net/disp*
si.unicreditbanking.net/*
www.unicreditbank.cz/web/redirect.php*
www.unicreditbank.cz/*
www.unicreditbank.cz/web/redirect.php*
www.unicreditbank.cz/*
online.privatebanking.societegenerale.be/sg/login_nl.html
online.privatebanking.societegenerale.be/*
online.privatebanking.societegenerale.be/sg/login_fr.html
online.privatebanking.societegenerale.be/*
www.zaba.hr/ebank/gradjani/Prijava
www.zaba.hr/*
www.brdoffice.ro/smartoffice/_mcologon*
www.brdoffice.ro/*
an.rbcnetbank.com/
an.rbcnetbank.com/*
www.brdoffice.ro/smartoffice/_mcologon*
www.brdoffice.ro/*
www.barclayswealth.com/login/action/logon/unauthenticated/corporate/loginSigningGemplus
www.barclayswealth.com/*
e-bank.unicreditbank.si/webbankBACX
e-bank.unicreditbank.si/*
www.vancity.com/BusinessBanking/OnlineBanking/MyAccounts
www.vancity.com/*
onlinebusinessplus.vancity.com/business/default.jsp*
onlinebusinessplus.vancity.com/*
bankonweb.sgeb.bg/page/default.aspx*
bankonweb.sgeb.bg/*
bankonweb.sgeb.bg/page/default.aspx*
bankonweb.sgeb.bg/*
banques.exalog.net/authent.php*
banques.exalog.net/*
www.sogehomebank.com/Retail/login.aspx*
www.sogehomebank.com/*
entreprises.societegenerale.fr/index.html
entreprises.societegenerale.fr/*
entreprises.societegenerale.fr/
entreprises.societegenerale.fr/*
entreprises.societegenerale.fr/associations-connexion.html
entreprises.societegenerale.fr/*
professionnels.societegenerale.fr/association_connexion.html
professionnels.societegenerale.fr/*
professionnels.societegenerale.fr/index.html
professionnels.societegenerale.fr/*
particuliers.societegenerale.fr/
particuliers.societegenerale.fr/*
www.sgcb.nc/part/fr/dciweb.htm*
www.sgcb.nc/*
www.sgcb.nc/part/en/dciweb.htm*
www.sgcb.nc/*
sogecashnet.societegenerale.cg/smartoffice/GB
sogecashnet.societegenerale.cg/*
sogecashnet.societegenerale.cg/smartoffice/index.htm
sogecashnet.societegenerale.cg/*
ebanking.societegenerale.al/webbankALB/loginCer.jsp*
ebanking.societegenerale.al/*
www.uibanking-net.com/smartoffice/fr/connexion.html
www.uibanking-net.com/*
www.uibanking-net.com/smartoffice/GB/connexion.html
www.uibanking-net.com/*
www.privatebanking.societegenerale.com/en/banking/luxembourg
www.privatebanking.societegenerale.com/*
www.privatebanking.societegenerale.com/en/banking/monaco
www.privatebanking.societegenerale.com/*
banque.bfcoi.com/identificationClient.html*
banque.bfcoi.com/*
www.unity-online.co.uk/
www.unity-online.co.uk/*
ibank1.bib.barclays.com/logon
ibank1.bib.barclays.com/*
sogeonline.societegenerale.cn/eweb/prelogin.do*
sogeonline.societegenerale.cn/*
pro.skb.net/
pro.skb.net/*
sikanet.sg-ssb.com.gh/priv/en/dciweb.htm*
sikanet.sg-ssb.com.gh/*
sikanet.sg-ssb.com.gh/priv/fr/dciweb.htm*
sikanet.sg-ssb.com.gh/*
www.obsgnet.com.mk/Retail/LoginModule/LoginToken.aspx
www.obsgnet.com.mk/*
www.fineco.it/it/public
www.fineco.it/*
www.investimenti.unicredit.it/
www.investimenti.unicredit.it/*
ticari.yapikredi.com.tr/ifcapp/xrl/8a162dffc621811178834120027d2afa;jsessionid=c0a8913f30fcd76aff61c9b944afb647f480bfa640bc.e34KcheMc3iMaO0Rah4Oe0
ticari.yapikredi.com.tr/*
ticari.yapikredi.com.tr/ifcapp/xrl/0ae47e2458dc60906796609e8cf7763b
ticari.yapikredi.com.tr/*
sgcib.pl/ib/Default.aspx*
sgcib.pl/*
www.interacciones.com/portalAgentes/login.jsp
www.interacciones.com/*
www.interacciones.com/loginUsuario.do
www.interacciones.com/*
sogecashnet.sga.dz/smartoffice
sogecashnet.sga.dz/*
www.sogecashnet.ma/smartoffice/index.htm
www.sogecashnet.ma/*
unified-access.societegenerale.com/portal/site/SogecashWeb
unified-access.societegenerale.com/*
wibdirect.wib-bank.net/business/online
wibdirect.wib-bank.net/*
www.mercantilcbonline.com/secure/banking/individualLogon
www.mercantilcbonline.com/*
admin.epymtservice.com/admin/index.jhtml*
admin.epymtservice.com/*
access.usbank.com/cpsApp1/AxolPreAuthServlet*
access.usbank.com/*
top.capitalonebank.com/cashplus/
top.capitalonebank.com/*
www.chase.com/commercial-bank/chase-commercial-online
www.chase.com/*
direct.capitecbank.co.za/ibank
direct.capitecbank.co.za/*
see.sbi.com.mx/invernet2000/home
see.sbi.com.mx/*
enlace.santander-serfin.com/eai/EaiEmpresasWAR/inicio.do
enlace.santander-serfin.com/*
cpn.hsbc.com.mx/cpn/default.htm*
cpn.hsbc.com.mx/*
www.scotiaweb.com.mx/hipotecario/hip_login.asp
www.scotiaweb.com.mx/*
www.bancaempresarialazteca.com.mx/BancaEmpresarial/login.htm
www.bancaempresarialazteca.com.mx/*
sites.scotiabank.com.mx/colproveedores/menu/entrada.asp
sites.scotiabank.com.mx/*
inbursamf.inbursa.com/
inbursamf.inbursa.com/*
direct.mcbgroup-ebanking.com/wiblogin/corporate_AuthenticateUserLocalEPF.html
direct.mcbgroup-ebanking.com/*
direct.mcbgroup-ebanking.com/mcbbonairelogin/corporate_AuthenticateUserLocalEPF.html
direct.mcbgroup-ebanking.com/*
mcbdirect.mcb-bank.com/business/online
mcbdirect.mcb-bank.com/*
www.mcb-home.com/online/site001index.itm
www.mcb-home.com/*
www.cmb-home.com/online/site002index.itm
www.cmb-home.com/*
cmbdirect.cmbnv.com/business/online
cmbdirect.cmbnv.com/*
www.wib-home.com/online/site004index.itm
www.wib-home.com/*
www.mcbb-home.com/online/site003index.itm
www.mcbb-home.com/*
mcbdirect.mcbbonaire.com/business/online
mcbdirect.mcbbonaire.com/*
www.scotiaconnect.scotiabank.com/sco-tp/pki/AuthenticateUserRoamingEPF.bns
www.scotiaconnect.scotiabank.com/*
direct.mcbgroup-ebanking.com/mcblogin/corporate_AuthenticateUserLocalEPF.html
direct.mcbgroup-ebanking.com/*
direct.mcbgroup-ebanking.com/cmblogin/corporate_AuthenticateUserLocalEPF.html
direct.mcbgroup-ebanking.com/*
ib.absa.co.za/absa-online/login.jsp
ib.absa.co.za/*
www.fnb.co.za/
www.fnb.co.za/*
internetbanking.firstcaribbeanbank.com/index.jsp
internetbanking.firstcaribbeanbank.com/*
jpmpb001.jpmorgan.com/prelogin/index.jsp
jpmpb001.jpmorgan.com/*
jpmorgan.chase.com/Public/Logon
jpmorgan.chase.com/*
www.paymentnet.jpmorgan.com/
www.paymentnet.jpmorgan.com/*
www.sg-bdp.pf/
www.sg-bdp.pf/*
www.sogecashnet.ma/smartoffice/index_gb.htm
www.sogecashnet.ma/*
gg-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth
gg-services.credit-suisse.com/*
it-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
it-services.credit-suisse.com/*
www.banorte.com/portal/personas/acceso.web*
www.banorte.com/*
www.bancoinbursa.com/login/useraccessPortatil.asp
www.bancoinbursa.com/*
ebanking.societegenerale.in/corp/AuthenticationController*
ebanking.societegenerale.in/*
www.interacciones.com/analisis/login.do
www.interacciones.com/*
subastas.scotiainlatrade.com/SubastasAppWeb/login.jsp
subastas.scotiainlatrade.com/*
pbusa.directnet.com/dn/c/cls/auth
pbusa.directnet.com/*
br.credit-suisse.com/sec/login/default.aspx
br.credit-suisse.com/*
onlinebanking-sg.credit-suisse.com/
onlinebanking-sg.credit-suisse.com/*
www.credit-suisse.com.sg/
www.credit-suisse.com.sg/*
securitiesexpert.credit-suisse.com/cs/eamnet/c/cls/auth
securitiesexpert.credit-suisse.com/*
mc-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
mc-services.credit-suisse.com/*
es-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth
es-services.credit-suisse.com/*
au-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth
au-services.credit-suisse.com/*
hk-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth
hk-services.credit-suisse.com/*
clientview-mx.credit-suisse.com/pb/mexico/c/cls/auth
clientview-mx.credit-suisse.com/*
at-directnet.credit-suisse.com/dn/c/cls/auth
at-directnet.credit-suisse.com/*
fr-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth
fr-services.credit-suisse.com/*
gi-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
gi-services.credit-suisse.com/*
lu-directnet.credit-suisse.com/dn/c/cls/auth
lu-directnet.credit-suisse.com/*
cs.directnet.com/dn/c/cls/auth*
cs.directnet.com/*
www.sft-ebanking.com/siteminderagent/forms/dbloginsft.fcc*
www.sft-ebanking.com/*
secure.internetbanking.firstcaribbeanbank.com/
secure.internetbanking.firstcaribbeanbank.com/*
bancodicaribeonline.com/aua/SIGNON.CFM
bancodicaribeonline.com/*
bancodicaribeonline.com/sxm/SIGNON.CFM
bancodicaribeonline.com/*
bancodicaribeonline.com/SIGNON.CFM
bancodicaribeonline.com/*
spib.wooribank.com/pib/Dream*
spib.wooribank.com/*
spib.wooribank.com/pib/Dream*
spib.wooribank.com/*
obank.kbstar.com/quics*
obank.kbstar.com/*
internetbanking.scu.net.au/mvpscu/SignOn/Login.aspx
internetbanking.scu.net.au/*
aw.rbcnetbank.com/
aw.rbcnetbank.com/*
bs-services.credit-suisse.com/cs/ibip/frontend/c/cls/auth*
bs-services.credit-suisse.com/*
ebanking-de1.ubs.com/enquiries/controller/*
ebanking-de1.ubs.com/*
www.volkswagenbank.de/PortalLogin/get/Error.aspx/*
www.volkswagenbank.de/*
konto.baaderbank.de/*
konto.baaderbank.de/*
banking.varengold.de/OnlineBankingWebfrontend/banking/common/login.xhtml;jsessionid=6B6D8E978F9BF46846D30C85AF534497*
banking.varengold.de/*
sponsor.voya.com/static/sponsor/SponsorLogin.fcc
sponsor.voya.com/*
nge01.bnymellon.com/NextGenV4/dflt/Login.ing
nge01.bnymellon.com/*
www.ingdirect.com.au/client/index.aspx
www.ingdirect.com.au/*
my.statestreet.com/secid-smpwservices.fcc*
my.statestreet.com/*
live.barcap.com/UAB/S/ecom/logon/1/barxcorporate*
live.barcap.com/*
tdwealth.netxinvestor.com/web/tdwealth/login
tdwealth.netxinvestor.com/*
clientpoint.fisglobal.com/tdcb/main/UserLogon*
clientpoint.fisglobal.com/*
nettbanken.nordea.no/login
nettbanken.nordea.no/*
www.e-ambiz.com.my/bon/jsp/common/loginfiles/Login.bon*
www.e-ambiz.com.my/*
girovision.plusgirot.se/
girovision.plusgirot.se/*
www.credit-cooperatif.coop/portail/particuliers/login.do
www.credit-cooperatif.coop/*
www.tmbbizdirect.com/
www.tmbbizdirect.com/*
www.ing.be/en/business/Pages/Login.aspx
www.ing.be/*
www.ing.be/fr/business/pages/login.aspx
www.ing.be/*
www.ing.be/nl/business/pages/login.aspx
www.ing.be/*
www.ing.be/de/business/Pages/Login.aspx
www.ing.be/*
www.ing.be/fr/Retail/Pages/Login.aspx
www.ing.be/*
www.ing.be/nl/retail/pages/login.aspx
www.ing.be/*
www.bancorpsouthonline.com/BXS/Login.aspx
www.bancorpsouthonline.com/*
www.kbc.be/site*
www.kbc.be/*
online.hapoalimusa.com/BHCorporate/core/login.aspx
online.hapoalimusa.com/*
workbench.bnymellon.com/login.jsp*
workbench.bnymellon.com/*
solo3.nordea.fi/cgi-bin/SOLO0001*
solo3.nordea.fi/*
client.gemoneybank.fr/identification.do
client.gemoneybank.fr/*
ebanking.fransabank.com/LoginAE.aspx
ebanking.fransabank.com/*
www.epargne-entreprise.federal-finance.fr/ent/start.swe*
www.epargne-entreprise.federal-finance.fr/*
www.exane.com
www.exane.com/*
onlinebanking.coutts.com/auth/login
onlinebanking.coutts.com/*
onlinebanking.orcobank.com/orcobankonline/
onlinebanking.orcobank.com/*
www.alliancebizsmart.com.my/business
www.alliancebizsmart.com.my/*
www.publicmutualonline.com.my/
www.publicmutualonline.com.my/*
ebank.publicbank.com.hk/index0028.html
ebank.publicbank.com.hk/*
www2.pbebank.com/PBL
www2.pbebank.com/*
ambank.amonline.com.my/
ambank.amonline.com.my/*
epayday.e-ambiz.com.my/epayroll/login.do
epayday.e-ambiz.com.my/*
www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do*
www.maybank2u.com.my/*
www.maybank2e.net/M2E/mbbcustomer
www.maybank2e.net/*
www.maybank2e.com/SEA/m2e/portal/portal.view
www.maybank2e.com/*
rib.affinonline.com/rib/pb/logon
rib.affinonline.com/*
afactorcontact.com/ClientManagerCMA/formulaire.html
afactorcontact.com/*
cgaoi.c-g-a.fr/ClientManagerOI/formulaire.html
cgaoi.c-g-a.fr/*
cgaetoile.c-g-a.fr/ClientManagerCDN/formulaire.html
cgaetoile.c-g-a.fr/*
cgacontact.c-g-a.fr/ClientManagerSG/formulaire.html
cgacontact.c-g-a.fr/*
cgi-hp.espace-clients.fr/
cgi-hp.espace-clients.fr/*
bourse.cholet-dupont.fr/login.asp
bourse.cholet-dupont.fr/*
cib.affinonline.com/business/login.html
cib.affinonline.com/*
www.factocicpartnet.com/factocicWeb
www.factocicpartnet.com/*
sec.westpac.co.nz/IOLB/Login.jsp
sec.westpac.co.nz/*
e-cash.alrajhibank.com.my/CashWebAlrajhi/index.jsp
e-cash.alrajhibank.com.my/*
www.cimb.bizchannel.com.my/corp/common2/login.do*
www.cimb.bizchannel.com.my/*
banking.secure.bnl.it/
banking.secure.bnl.it/*
webbanking.bgl.lu/en/Main.html
webbanking.bgl.lu/*
entreprises.bnpparibas.net/NSAccess
entreprises.bnpparibas.net/*
connexis.bnpparibas.com
connexis.bnpparibas.com/*
webbanking.bgl.lu/fr/Main.html
webbanking.bgl.lu/*
webbanking.bgl.lu/de/Main.html
webbanking.bgl.lu/*
webbanking.bgl.lu/nl/Main.html
webbanking.bgl.lu/*
webbanking.bgl.lu/pt/Main.html
webbanking.bgl.lu/*
www.co-operativebank.co.nz/InternetBankingSecure/t/iblogin.aspx
www.co-operativebank.co.nz/*
businessbank.tsbbank.co.nz/BusinessBank/login.jsp
businessbank.tsbbank.co.nz/*
probank.tsbbank.co.nz/ProBank/login.action
probank.tsbbank.co.nz/*
ibank.sbs.net.nz/ui/inetbankindex.aspx
ibank.sbs.net.nz/*
global.kbstar.com/quics*
global.kbstar.com/*
portal.northonline.com.au/WealthNET.PortalClient/DUBLE
portal.northonline.com.au/*
ib.mebank.com.au/auth/ib/login.html
ib.mebank.com.au/*
ib.tmbank.com.au/ib/SignOn/Login.aspx
ib.tmbank.com.au/*
online.mystate.com.au/Banking/Personal
online.mystate.com.au/*
online.mystate.com.au/Banking/Business
online.mystate.com.au/*
ibanking.bankofmelbourne.com.au/ibank/loginPage.action
ibanking.bankofmelbourne.com.au/*
www.sbisyd.com.au/eremit/index.php
www.sbisyd.com.au/*
ribs.rabobank.com.au/RIBSAU/AU
ribs.rabobank.com.au/*
secure.boqspecialist.com.au/BOQ/BOQSpecialist
secure.boqspecialist.com.au/*
online.westpac.com.au/esis/Login/SrvPage*
online.westpac.com.au/*
netaccess3.qtmb.com.au/QTMB/NetTeller/login.aspx
netaccess3.qtmb.com.au/*
www.citibank.com.my/MYGCB/JSO/signon/DisplayUsernameSignon.do
www.citibank.com.my/*
logon.reflex.rhbbank.com.my/rhbcams/corporate/login.jsp
logon.reflex.rhbbank.com.my/*
logon.rhb.com.my/
logon.rhb.com.my/*
www.citigold.com.my/MYGCB/JSO/signon/DisplayUsernameSignon.do
www.citigold.com.my/*
www.benefitaccess.com/cba.html
www.benefitaccess.com/*
transactgateway.svb.com/siliconvalley/customerlogin.aspx
transactgateway.svb.com/*
leumionline.leumiusa.com/uniquesiga2fb1806b2b3831412436dd67c0ba0085419e78b8eb462c3cbbdd1d547afe055/uniquesig0
leumionline.leumiusa.com/*
internationalfx.bannerbank.com/servlet/VTDController
internationalfx.bannerbank.com/*
fxpayments.americanexpress.com
fxpayments.americanexpress.com/*
www.cashanalyzer.com/
www.cashanalyzer.com/*
accesd.affaires.desjardins.com/en/ada
accesd.affaires.desjardins.com/*
accesd.affaires.desjardins.com/fr/ada
accesd.affaires.desjardins.com/*
www.ml.com/
www.ml.com/*
www.mymerrill.com/ml/home.aspx*
www.mymerrill.com/*
secureprivateebanking.nordea.lu/eServices/Login.aspx*
secureprivateebanking.nordea.lu/*
secureprivateebanking.nordea.ch/ESERVICES/Login.aspx*
secureprivateebanking.nordea.ch/*
secureprivateebanking.nordea.sg/eServices/Login.aspx*
secureprivateebanking.nordea.sg/*
ssologin.bnpparibas.com/cib/LoginForm.aspx*
ssologin.bnpparibas.com/*
clientlogin.ibb.ubs.com/login*
clientlogin.ibb.ubs.com/*
banking.ing-diba.de/app/login*
banking.ing-diba.de/*
sharinbox.societegenerale.com/login.do
sharinbox.societegenerale.com/*
secure1.entreprises.bnpparibas.net/sommaire/jsp/identification.jsp
secure1.entreprises.bnpparibas.net/*
www.fibi-online.co.il/web/swisswwwc
www.fibi-online.co.il/*
uk.hkbea-cyberbanking.com/UCBWeb/Index.action
uk.hkbea-cyberbanking.com/*
uk.hkbea-cyberbanking.com/UCBCorp/Index.action
uk.hkbea-cyberbanking.com/*
ebanking.procreditbank-kos.com/User/LogOn
ebanking.procreditbank-kos.com/*
probanking.procreditbank.ba/User/LogOn*
probanking.procreditbank.ba/*
classic.nordea.fi/cgi-bin/SOLO0001*
classic.nordea.fi/*
www.danskebank.fi/fi-fi/Henkiloasiakkaat/Pages/henkiloasiakkaat.aspx*
www.danskebank.fi/*
www.danskebank.fi/fi-fi/yritysasiakkaat/Pages/yritysasiakkaat.aspx*
www.danskebank.fi/*
www.danskebank.fi/sv-fi/Privat/Pages/Privat.aspx*
www.danskebank.fi/*
www.danskebank.fi/sv-fi/Foretag/Medelstora-foretag/Webbtjanster/Pages/Webbtjanster.aspx*
www.danskebank.fi/*
www.danskebank.fi/sv-fi/OmBanken/Ombanken/Pages/Ombanken.aspx*
www.danskebank.fi/*
www.danskebank.fi/en-fi/Personal/Pages/Personal.aspx*
www.danskebank.fi/*
www.danskebank.fi/en-fi/business/Medium-business/Online-services/Pages/Online-services.aspx*
www.danskebank.fi/*
kunde.comdirect.de/lp/wt/login
kunde.comdirect.de/*
www.corealdirect.de/corealcredit/abaxx-*
www.corealdirect.de/*
casextern.creditplus.de/casextern_prod1/login
casextern.creditplus.de/*
www.asl.com/c/portal/login
www.asl.com/*
meine.norisbank.de
meine.norisbank.de/*
kunden-mkb-bank.de
kunden-mkb-bank.de/*
ufo.union-investment.de/process*
ufo.union-investment.de/*
www.mercedes-benz-bank.de/intrade/login/login.jsf
www.mercedes-benz-bank.de/*
banking.oyakankerbank.de
banking.oyakankerbank.de/*
cfi.mb.seb.se/pqq_portal/sebflow/login
cfi.mb.seb.se/*
securebank.santander.de/LICCMG_SCB_ENS/BtoChannelDriver.ssobto*
securebank.santander.de/*
wertpapier.hafnerbank.de
wertpapier.hafnerbank.de/*
www.bankhaus-lampe.de/en/client-portal
www.bankhaus-lampe.de/*
securebanking.hanseaticbank.de/onlinebanking-hb/loginFormAction.do
securebanking.hanseaticbank.de/*
meine.sutorbank.de
meine.sutorbank.de/*
portal.sutorbank.de
portal.sutorbank.de/*
e-bank.wuestenrot.de/ebanking/eb/index.html
e-bank.wuestenrot.de/*
abconline.arabbanking.com/abconlinen/login.asp
abconline.arabbanking.com/*
banking.bankofscotland.de/netbanking/RetailLoginHome.html
banking.bankofscotland.de/*
ebank.garantibank.nl/scripts/gbide.dll*
ebank.garantibank.nl/*
www.hypotirol.com/at/privatkunden/hypo-online/hypo-online-banking/login.html
www.hypotirol.com/*
banking.oberbank.de/smartoffice/de/_mcologon*
banking.oberbank.de/*
www.oberbank-banking.at/obk/tiles/start.action
www.oberbank-banking.at/*
kunde.onvista-bank.de/login.html*
kunde.onvista-bank.de/*
www.accessonline.abnamro.com/fss/open/welcome.do*
www.accessonline.abnamro.com/*
banking.bw-bank.de
banking.bw-bank.de/*
secure.moneyou.de/thc/policyenforcer/pages/loginB2C.jsf
secure.moneyou.de/*
ssl2.haspa.de/OnlineFiliale/banking/authenticate/login
ssl2.haspa.de/*
www.bancomernetcash.com/local_pibee/KDPOSolicitarCredenciales_es.html
www.bancomernetcash.com/*
www.dslbank.de/dienste/partner/login.html*
www.dslbank.de/*
ebanking.denizbank.at/login.aspx
ebanking.denizbank.at/*
www.provincialnetcash.com/KDPOSolicitarCredenciales_es.html
www.provincialnetcash.com/*
netredex.grupobbva.com/local_tebe/TEBELogin_bbva_belgica_CAS.html
netredex.grupobbva.com/*
netredex.grupobbva.com/local_tefr/TEFRLogin_bbva_francia_CAS.html
netredex.grupobbva.com/*
www.bbvanetcash.com.co/local_pibee/KDPOSolicitarCredenciales_es.html
www.bbvanetcash.com.co/*
www.francesnetcash.com.ar/local_pibee/KDPOSolicitarCredenciales_es.html
www.francesnetcash.com.ar/*
www.francesnetcash.com.ar/local_pibee/KDPOSolicitarCredenciales_en.html
www.francesnetcash.com.ar/*
www.continentalnetcash.com.pe/KDPOSolicitarCredenciales_es.html
www.continentalnetcash.com.pe/*
www.bbvanetcash.cl/local_pibee/indexPibee.html
www.bbvanetcash.cl/*
www.bbvanetcash.com/local_kyop/KYOPSolicitarCredenciales.html
www.bbvanetcash.com/*
ve1.provinet.net/nhvp_ve_web/atpn_es_web_jsp/login.jsp*
ve1.provinet.net/*
www.provincialnetcash.com/KDPOSolicitarCredenciales_en.html
www.provincialnetcash.com/*
netredex.grupobbva.com/local_tebe/TEBELogin_bbva_belgica_FRA.html
netredex.grupobbva.com/*
netredex.grupobbva.com/local_tefr/TEFRLogin_bbva_francia_FRA.html
netredex.grupobbva.com/*
netredex.grupobbva.com/local_telnsp/TELNLogin_bbva_londres_CAS.html
netredex.grupobbva.com/*
netredex.grupobbva.com/local_teln/TELNLogin_bbva_londres_ING.html
netredex.grupobbva.com/*
www.bbvanet.com.co/index.html*
www.bbvanet.com.co/*
www.provincial.com/personas/BBVAProvincial.jsp
www.provincial.com/*
secure.provinet.net/cgi-bin.cgi/bbvanettxtencr.cgi*
secure.provinet.net/*
www.bbvanet.cl/bbvanet/Process*
www.bbvanet.cl/*
www.bbvanet.cl/bbvanet/personas.html
www.bbvanet.cl/*
privat.bhf-bank.ch/Authentification/GetAuthentificationVersion*
privat.bhf-bank.ch/*
onba.zkb.ch
onba.zkb.ch/*
www.neuehelvetischebank.ch/e-banking.html
www.neuehelvetischebank.ch/*
onlinebanking.bankcoop.ch/coopLogin
onlinebanking.bankcoop.ch/*
online.bankvonroll.ch
online.bankvonroll.ch/*
sobanet.baloise.ch/ibfLogin/*
sobanet.baloise.ch/*
eservice.cembra.ch
eservice.cembra.ch/*
banking.bekb.ch/ident.html
banking.bekb.ch/*
www.barclayswealth.ch/Login/fedsso.do*
www.barclayswealth.ch/*
netbanking.sparkasse.at
netbanking.sparkasse.at/*
online.bankaustria.at
online.bankaustria.at/*
ebanking.es.rbcis.com/ebancoval/control/login
ebanking.es.rbcis.com/*
www2.targobank.es/empresasI
www2.targobank.es/*
www2.targobank.es/particularesI
www2.targobank.es/*
www.volkswagenbank.es/html/central_empresas.jsp
www.volkswagenbank.es/*
www.volkswagenbank.es/clientes/central_particular.jsp
www.volkswagenbank.es/*
clientes.selfbank.es/conexion
clientes.selfbank.es/*
clientes.selfbank.es/login.phtml
clientes.selfbank.es/*
bancoonline.openbank.es/servlet/PProxy*
bancoonline.openbank.es/*
bancoonline.openbank.es/servlet/PProxy*
bancoonline.openbank.es/*
www.oney.es/OneyES_PrivateArea
www.oney.es/*
clientes.uci.es
clientes.uci.es/*
oi.bankia.es/es/login
oi.bankia.es/*
ib.swedbank.lv/business*
ib.swedbank.lv/*
factoring.mb.seb.se/nauth3/Authentication/login.jsp*
factoring.mb.seb.se/*
factoring.seb.de/nauth3/Authentication/login.jsp*
factoring.seb.de/*
ib.baltikums.eu/x/login;jsessionid=BB003BE9FD76AAB7C6C99F3D944F7152*
ib.baltikums.eu/*
ib.bib.lv/web/guest;jsessionid=0125DB8D917675A75518DC10BDE4100F
ib.bib.lv/*
www.norvik.eu/en/intl
www.norvik.eu/*
www.comercios.cetelem.es/FcControlador.srvl;jsessionid=VyZ7VLYHWr1kwmTLRbGBgSvLb3LMMXN5YNBpNGjPpGTvysQQHyYK!-2062353136*
www.comercios.cetelem.es/*
oficinaempresas.bankia.es/es/login.html
oficinaempresas.bankia.es/*
https://arg3875.andbank.com/olywebAND/Authentication
https:/*
www.bmedonline.es/*
www.bmedonline.es/*
www2.bancopastor.es/particularesBP
www2.bancopastor.es/*
www2.bancopastor.es/empresasBP
www2.bancopastor.es/*
telemarch.bancamarch.es/htmlVersion/index.jsp
telemarch.bancamarch.es/*
internetbanken.forex.se/wps/portal/0087
internetbanken.forex.se/*
www.penser.se/sv/Logga-in/EPnet
www.penser.se/*
www.penser.se/sv/Logga-in/EPoint
www.penser.se/*
online.carnegie.se/Login/Logon
online.carnegie.se/*
nordic.carnegie.se
nordic.carnegie.se/*
www.expressfaktura.se/*
www.expressfaktura.se/*
banken.amfabank.se/wa/auth*
banken.amfabank.se/*
ibank.humebank.com.au/mvp/signon/login.aspx
ibank.humebank.com.au/*
mittval.maxm.se/companyservices
mittval.maxm.se/*
inloggad.volvofinans.se/foretag/inloggning/forenklad.html
inloggad.volvofinans.se/*
inloggad.volvofinans.se/privat/inloggning/valjInloggning.html
inloggad.volvofinans.se/*
secure.ekobanken.se/security/login.aspx*
secure.ekobanken.se/*
amsweb.catella.se/catella/login.htm
amsweb.catella.se/*
portfolioservice.seb.fi/pbfi/Default.aspx*
portfolioservice.seb.fi/*
webapp.sebgroup.com/sec/extranet/inloggning/inloggning.asp*
webapp.sebgroup.com/*
otf.seb.se
otf.seb.se/*
internetbanken.sparbankenoresund.se/BankIDLogin/sidor/login.aspx
internetbanken.sparbankenoresund.se/*
www.dnb.se/cim
www.dnb.se/*
e-gbs24.gbsbarlinek.pl
e-gbs24.gbsbarlinek.pl/*
ebank.bankbps.pl/bpswarszawa_k
ebank.bankbps.pl/*
ebank.bankbps.pl/bpswroclaw_k
ebank.bankbps.pl/*
ebank.bankbps.pl/bpsolsztyn_k
ebank.bankbps.pl/*
ebank.bankbps.pl/bpskatowice_k
ebank.bankbps.pl/*
ebank.bankbps.pl/bpslublin_k
ebank.bankbps.pl/*
ebank.bankbps.pl/bpskrakow_k
ebank.bankbps.pl/*
ebank.bankbps.pl/bpsrzeszow_k
ebank.bankbps.pl/*
sso.cloud.ideabank.pl/login*
sso.cloud.ideabank.pl/*
www.citibankonline.pl/PLGCB/JPS/portal/SignonLocaleSwitch.do*
www.citibankonline.pl/*
secure.ideabank.pl
secure.ideabank.pl/*
www.meritumbank.pl
www.meritumbank.pl/*
secure.resurs.se/butiksredovisning/setlang.do*
secure.resurs.se/*
factoring.resurs.se:81/login.aspx
factoring.resurs.se:81/*
factoring.resurs.se/login.aspx
factoring.resurs.se/*
secure.resurs.se/butiksredovisning/login.do
secure.resurs.se/*
mnet.marginalen.se
mnet.marginalen.se/*
fakturaservice.marginalen.se
fakturaservice.marginalen.se/*
secure.resurs.se/internetbank/inlaninglogin_foretag.jsp
secure.resurs.se/*
www.asnbank.nl/onlinebankieren/secure/loginparticulier.html
www.asnbank.nl/*
www.megabank.nl/portal/authentication/logonPassword.do
www.megabank.nl/*
www.megabank.nl/portal/authentication/logonToken.do
www.megabank.nl/*
www.bngbank.nl/_layouts/15/Authenticate.aspx*
www.bngbank.nl/*
www.btv.bdsonline.nl
www.btv.bdsonline.nl/*
www.ims.bdsonline.nl
www.ims.bdsonline.nl/*
www.da.bdsonline.nl
www.da.bdsonline.nl/*
www.btp.bdsonline.nl/treasury
www.btp.bdsonline.nl/*
online.atbank.nl/atb-retail/engine
online.atbank.nl/*
online.atbank.nl/atb-corporate/engine
online.atbank.nl/*
login.binck.nl
login.binck.nl/*
bankieren.rabobank.nl/klanten
bankieren.rabobank.nl/*
sparen.nibcdirect.nl
sparen.nibcdirect.nl/*
banking.lloydsbank.nl/netbankingnl/RetailLoginHome.html
banking.lloydsbank.nl/*
bankieren.triodos.nl/ib-seam/login.seam
bankieren.triodos.nl/*
www.snsbank.nl/mijnsns/secure/login.html
www.snsbank.nl/*
www.snsbank.nl/mijnsns/secure/loginzakelijk.html
www.snsbank.nl/*
www.regiobank.nl/internetbankieren/secure/login.html
www.regiobank.nl/*
www.regiobank.nl/internetbankieren/secure/loginzakelijk.html
www.regiobank.nl/*
www.vanlanschot.com/ebanking/myportal/FvLnl2
www.vanlanschot.com/*
auth.aktia.fi/netbank
auth.aktia.fi/*
auth.aktia.fi/tunnistus/UI/Login
auth.aktia.fi/*
auth.aktia.fi/corporatenetbank
auth.aktia.fi/*
www.saastopankki.fi/yritysverkkopankkiin
www.saastopankki.fi/*
pankki.tapiola.fi/service/identify
pankki.tapiola.fi/*
www2.handelsbanken.fi/Tapas/tapas/hb/login
www2.handelsbanken.fi/*
creditors.kaupthing.com/default.aspx*
creditors.kaupthing.com/*
creditors.kaupthing.com/default.aspx*
creditors.kaupthing.com/*
online.s-pankki.fi/service/identify
online.s-pankki.fi/*
swedbank.telehansa.net/thnetfi/thnetfi
swedbank.telehansa.net/*
annit.osuuspankki.fi/oprextranet/default.asp
annit.osuuspankki.fi/*
www.pohjola.fi/linkki*
www.pohjola.fi/*
www.pohjola.fi/linkki*
www.pohjola.fi/*
www.pohjola.fi/linkki*
www.pohjola.fi/*
www.pohjola.fi/linkki*
www.pohjola.fi/*
www.op-pohjola.fi/yrityspalvelut*
www.op-pohjola.fi/*
kultaraha.op.fi/cgi-bin/krcgi
kultaraha.op.fi/*
auth.aktia.fi/tupas
auth.aktia.fi/*
nettbank.edb.com/edbnettbank
nettbank.edb.com/*
nettbank.edb.com/edbnettbankhttps:
nettbank.edb.com/*
www.netfonds.no/account/auth.php
www.netfonds.no/*
secure.skandiabanken.no/Authentication/OtpSms
secure.skandiabanken.no/*
secure.skandiabanken.no/Authentication/BankIdMobile
secure.skandiabanken.no/*
secure.skandiabanken.no/Authentication/OtpCodeCard
secure.skandiabanken.no/*
secure.skandiabanken.no/Authentication/BankIdWebClient
secure.skandiabanken.no/*
nettbank.seb.no/authenticate/login/selectauth
nettbank.seb.no/*
bank.storebrand.no
bank.storebrand.no/*
www.nettkonto.no
www.nettkonto.no/*
nettbank.remember.no
nettbank.remember.no/*
www.sbm.no/nettbank-logginn
www.sbm.no/*
www.banknorwegian.no/Login/BankId
www.banknorwegian.no/*
www.banknorwegian.no/Login/BankIdMobil
www.banknorwegian.no/*
www.danskebank.dk/da-dk/Erhverv/Mellem-erhverv/Online-services/Support/Pages/Support.aspx*
www.danskebank.dk/*
www.danskebank.dk/da-dk/Erhverv/Mellem-erhverv/Online-services/Support/Pages/Support.aspx*
www.danskebank.dk/*
bebank.bpel.net/bpel-web/virty/login.cfm
bebank.bpel.net/*
www.bancacrasti.it/sito2001/botw/botw_4-5/areavetrina3.asp
www.bancacrasti.it/*
www.bancacrasti.it/sito2001/botw/botw_4-5/areavetrina4.asp
www.bancacrasti.it/*
www.bancacrasti.it/sito2001/botw/botw_4-5/areavetrina2.asp
www.bancacrasti.it/*
www.biverbanca.it/sito2001/botw/botw_4-5/areavetrina4.asp
www.biverbanca.it/*
www.biverbanca.it/sito2001/botw/botw_4-5/areavetrina2.asp
www.biverbanca.it/*
www.biverbanca.it/sito2001/botw/botw_4-5/areavetrina3.asp
www.biverbanca.it/*
app.secservizi.it/CommonApps/shared/vb/tesoweb/loginTesowebGVB.html
app.secservizi.it/*
www.carife.it/it/accesso-imprese.php
www.carife.it/*
www.carife.it/it/accesso-privati.php
www.carife.it/*
www.carife.it/it/accesso-imprese-online.php
www.carife.it/*
portale.tercas.it/AreaRiservata.aspx*
portale.tercas.it/*
portale.bancacaripe.it/AreaRiservata.aspx*
portale.bancacaripe.it/*
ibbweb.tecmarket.it/tmibbwebsecurity/05034/login.aspx*
ibbweb.tecmarket.it/*
tesoreriaonline.bper.it/tesoreria/index.jsp
tesoreriaonline.bper.it/*
youwebcard.bancopopolare.it/preLogin.asp
youwebcard.bancopopolare.it/*
bywebcard.bancopopolare.it/preLogin.asp
bywebcard.bancopopolare.it/*
www.bpmbanking.it/pub/xbank/home.do
www.bpmbanking.it/*
cib.natixis.com/net/
cib.natixis.com/*
cpe.erste-group.com
cpe.erste-group.com/*
www.online-kundenservice.at/index.php*
www.online-kundenservice.at/*
www.denzelbank.at/Sparen/Login.aspx
www.denzelbank.at/*
www.factorbank.com/clients.php
www.factorbank.com/*
ef3web.factorbank.com/efweb/servlet/efweb.RCServlet
ef3web.factorbank.com/*
online.gutmann.at/pobapp/LoginForm.aspx*
online.gutmann.at/*
vip.valartis.at/Pages/Login/Login.aspx
vip.valartis.at/*
newentreprises.interepargne.natixis.com/nie_psd_ee/EC_EE_TRANSV_AUTH_01.action*
newentreprises.interepargne.natixis.com/*
cib.natixis.com/net/default.aspx
cib.natixis.com/*
www.novobanco.es/site/cms.aspx*
www.novobanco.es/*
online.popularbancaprivada.es/index.html
online.popularbancaprivada.es/*
conecta.es.rbcis.com/tafval
conecta.es.rbcis.com/*
nbnet.novobanco.es
nbnet.novobanco.es/*
conecta.es.rbcis.com/person-online/dologin
conecta.es.rbcis.com/*
www.ing.be/en/retail/pages/login.aspx
www.ing.be/*
www.ing.be/de/retail/Pages/Login.aspx
www.ing.be/*
www.ingonline.com/cz
www.ingonline.com/*
www.ingonline.com/bg
www.ingonline.com/*
www.ingonline.com/hu
www.ingonline.com/*
www.ingonline.com/pl
www.ingonline.com/*
www.ingonline.com/ro
www.ingonline.com/*
www.ingonline.com/sk
www.ingonline.com/*
secure.ingdirect.fr/public/displayLogin.jsf
secure.ingdirect.fr/*
esipub.esi-sa.com/INGArchive/Account/Login.aspx*
esipub.esi-sa.com/*
esipub.esi-sa.com/INGArchive/Account/Login.aspx*
esipub.esi-sa.com/*
esipub.esi-sa.com/INGArchive/Account/Login.aspx*
esipub.esi-sa.com/*
banking.ing-diba.de/app/obligo
banking.ing-diba.de/*
secure.ingdirect.it/login.aspx
secure.ingdirect.it/*
www.ing.lu/web/ING/EN/Personal/Login/index.htm
www.ing.lu/*
www.ing.lu/ING/FR/Particuliers/Login/index.htm
www.ing.lu/*
www.ing.lu/web/ING/FR/Personal/Login/index.htm
www.ing.lu/*
www.ing.lu/web/ING/NL/Particuliers/Login/index.htm
www.ing.lu/*
mijnzakelijk.ing.nl/
mijnzakelijk.ing.nl/*
mijn.ing.nl/
mijn.ing.nl/*
banking.ing-diba.at/online-banking
banking.ing-diba.at/*
www.casden.fr/simu/view/accueil.seam
www.casden.fr/*
start.ingbusinessonline.pl/ing/do/sms
start.ingbusinessonline.pl/*
solo.nordea.com/nsc/engine*
solo.nordea.com/*
solo.nordea.com/nsc/engine*
solo.nordea.com/*
solo.nordea.com/nsc/engine*
solo.nordea.com/*
solo.nordea.com/nsc/engine*
solo.nordea.com/*
www.netbank.nordea.dk/netbank/index.jsp
www.netbank.nordea.dk/*
solo1.nordea.fi/nsp/engine
solo1.nordea.fi/*
solo1.nordea.fi/nsp/login
solo1.nordea.fi/*
internetbanken.privat.nordea.se/nsp/login
internetbanken.privat.nordea.se/*
internetbanken.privat.nordea.se/nsp/engine*
internetbanken.privat.nordea.se/*
nb.nordea.no/jlogin/nettbank/login/login
nb.nordea.no/*
www.nordeaim.nordea.com/ImExt/WebportExt.nsf
www.nordeaim.nordea.com/*
eplusgiro.plusgirot.se/eplusgiro.html
eplusgiro.plusgirot.se/*
eplusgiro.plusgirot.se/eplusgiro_comp.html
eplusgiro.plusgirot.se/*
gfs.nb.se/privat/bank/index_foretag.html
gfs.nb.se/*
girolink.plusgirot.se/
girolink.plusgirot.se/*
www.bcif.fr/Compte/Login.aspx
www.bcif.fr/*
www.ubibanca.com/Login_utilio
www.ubibanca.com/*
extranet.bpifrance.fr/etresosesame/connexion.do
extranet.bpifrance.fr/*
basfnet.france.banqueaudi.com/cnet/Arc_NbOrion_html/Banque/Static_BASF/netbank_fr.html
basfnet.france.banqueaudi.com/*
www.ing.lu/web/ING/DE/Privatpersonen/Einloggen/index.htm
www.ing.lu/*
basfnet.france.banqueaudi.com/cnet/Arc_NbOrion_html/Banque/Static_BASF/netbank_en.html
basfnet.france.banqueaudi.com/*
www.banque-tahiti.pf/pauth.aspx*
www.banque-tahiti.pf/*
www.mydegroof.fr
www.mydegroof.fr/*
www4.banquewormser.com/
www4.banquewormser.com/*
esecure.banque-edel.fr/es@b/fr/index.jsp
esecure.banque-edel.fr/*
www.ct6.e-i.com/wlib_sharedresources/sson/ssonsign/sign_extranet.asp*
www.ct6.e-i.com/*
boursebesv.besv.fr/fr/index.html
boursebesv.besv.fr/*
clients.banque-fiducial.fr/comptes/fr/index.htm
clients.banque-fiducial.fr/*
web.procapital.fr/bami/public/form_login.html
web.procapital.fr/*
web.procapital.fr/bami/public/form_procap_login.html
web.procapital.fr/*
www.bamibanque.fr/WD110AWP/WD110awp.exe/CONNECT/GESCOMPTE2010
www.bamibanque.fr/*
www.bami.lmpatrimonline.com/bol-sb-web/EP01Action.do
www.bami.lmpatrimonline.com/*
www.bami.lmpatrimonline.com/bol-sb-web/EC01Action.do
www.bami.lmpatrimonline.com/*
www.palatine.fr/espace-client-entreprises.html
www.palatine.fr/*
www.pouyanne.net/
www.pouyanne.net/*
espace-client.cora.fr/FrHomeBK/cora/logon.do
espace-client.cora.fr/*
www.portail.banque-solfea.fr/user/login
www.portail.banque-solfea.fr/*
www.bybloseuropeonline.com/finsebanking_enu_europe
www.bybloseuropeonline.com/*
www.byblosonline.com/finsebanking_enu
www.byblosonline.com/*
www.ingbank.cz/ib/login
www.ingbank.cz/*
www.internationalmoneytransfers.com.au/login/login
www.internationalmoneytransfers.com.au/*
www.bnpparibasfortis.be/private/Start.asp
www.bnpparibasfortis.be/*
nab.directnet.com/dn/c/cls/auth
nab.directnet.com/*
www.secure.bnpparibas.net/banque/portail/particulier/HomeConnexion*
www.secure.bnpparibas.net/*
www.secure.bnpparibas.net/banque/portail/entrepros/HomeConnexion*
www.secure.bnpparibas.net/*
www.secure.bnpparibas.net/banque/portail/particulier/Fiche*
www.secure.bnpparibas.net/*
ssologin-bp2s.bnpparibas.com/*
ssologin-bp2s.bnpparibas.com/*
factor.bnpparibas.com/factoring/fr/Portail_Connexion.or*
factor.bnpparibas.com/*
personeo.epargne-retraite-entreprises.bnpparibas.com/portal/salarie-bnp/*
personeo.epargne-retraite-entreprises.bnpparibas.com/*
personal.gironet.com/DIBS_GIRO_BANK/pages/loginP.jsp
personal.gironet.com/*
business.firstcitizensonline.com/cb/pages/jsp-ns/loginfcbsc.jsp
business.firstcitizensonline.com/*
ibs.medbank.lt/login.aspx
ibs.medbank.lt/*
business2.danskebank.dk/pub/logon/logon.aspx*
business2.danskebank.dk/*
ebankas.danskebank.lt/ib/site/login*
ebankas.danskebank.lt/*
verkkopankki2.danskebank.fi/pub/logon/logon.aspx*
verkkopankki2.danskebank.fi/*
business2.danskebank.com/pub/logon/logon.aspx*
business2.danskebank.com/*
www.danskebank.no/nb-no/Bedrift/Mellomstore-bedrifter/Nettbank/Pages/Nettbank.aspx*
www.danskebank.no/*
business2.danskebank.no/pub/logon/logon.aspx*
business2.danskebank.no/*
businessonline.huntington.com/BOLHome/BusinessOnlineLogin.aspx
businessonline.huntington.com/*
banking.postbank.de/rai/login
banking.postbank.de/*
online.akbank.de/onlinebanking/de/Login.html
online.akbank.de/*
business.memberdirect.net/business/default.jsp*
business.memberdirect.net/*
www.colonialfirststate.com.au/firstnet/login.aspx*
www.colonialfirststate.com.au/*
www.colonialfirststate.com.au/FNMaster/masterLoginFrames.asp
www.colonialfirststate.com.au/*
bizpermonline.newcastlepermanent.com.au/NPBSBusiness
bizpermonline.newcastlepermanent.com.au/*
internetbanking.imb.com.au/IB/personal
internetbanking.imb.com.au/*
www.cardservicesdirect.com.au/AUCRD/JSO/signon/DisplayUsernameSignon.do
www.cardservicesdirect.com.au/*
banking.beyondbank.com.au/daib/logon/cu5022/logon.asp
banking.beyondbank.com.au/*
logon.online.anz.com/auth/Logon/CentralLogin.fcc*
logon.online.anz.com/*
sslsecure.maybank.com.sg/cgi-bin/mbs/scripts/mbb_login.jsp
sslsecure.maybank.com.sg/*
www.bizchannel.cimb.com.sg/corp/common2/login.do*
www.bizchannel.cimb.com.sg/*
www.hongleongonline.com.my/business/index.jsp
www.hongleongonline.com.my/*
www.mybsn.com.my/mybsn/login/login.do
www.mybsn.com.my/*
bbmy.ocbc.com/baliweb/59341/site/defaultskin/en_US/html/static/logon_box.htm
bbmy.ocbc.com/*
webzr.aktivbank.de/webzr/login/ShowLogin.do
webzr.aktivbank.de/*
akp.aab.de/akp/vermoegensstatus/uebersicht.do
akp.aab.de/*
www.baaderbank.de/en/login.html
www.baaderbank.de/*
www.hsbctrinkaus.de/global/display/user*
www.hsbctrinkaus.de/*
portal4.sydbank.dk/wps/bankdata/jsp/html/da/PortalFrame.jsp*
portal4.sydbank.dk/*
www.sydbank.de/Sign/DE/_mcologon*
www.sydbank.de/*
ssl.icoio.de/account
ssl.icoio.de/*
ssl.icoio.de/cash
ssl.icoio.de/*
ssl.icoio.de/realestate
ssl.icoio.de/*
konto.biw-bank.de/onlinebanking-biwvp/login
konto.biw-bank.de/*
banking.bmwbank.de/
banking.bmwbank.de/*
www.bankdirect.co.nz/
www.bankdirect.co.nz/*
www.hsbc.fr/1/2/hsbc-france/entreprises-institutionnels/connexion
www.hsbc.fr/*
online.asb.co.nz/auth/
online.asb.co.nz/*
fnb.asb.co.nz/SignOn.aspx
fnb.asb.co.nz/*
newentreprises.interepargne.natixis.com/
newentreprises.interepargne.natixis.com/*
entreprises.retraite.assurances.natixis.com
entreprises.retraite.assurances.natixis.com/*
epargnants.interepargne.natixis.fr/def_int_ep/ep/home.do*
epargnants.interepargne.natixis.fr/*
bancaelectronica.evobanco.com/
bancaelectronica.evobanco.com/*
be.abanca.com/
be.abanca.com/*
private.lombardodier.com/login/login.jsp
private.lombardodier.com/*
cs1.credistar.com/p/
cs1.credistar.com/*
www.eurocredito.es/zonaClienteEurocredito/FcControlador.srvl*
www.eurocredito.es/*
caixadirecta.colonya.es/BEWeb/2056/6056/login_identificacion.action
caixadirecta.colonya.es/*
caixadirecta.colonya.es/BEWeb/2056/6056/inicia_identificacion.action*
caixadirecta.colonya.es/*
caixadirecta.colonya.es/BEWeb/2056/6056/inicia_identificacion.action*
caixadirecta.colonya.es/*
ob.cua.com.au/ib/f7bba4b88b84645e0ff8787e159be60d/LoginAuth.action
ob.cua.com.au/*
bcaixanet-empresas.bancocaixageral.es/
bcaixanet-empresas.bancocaixageral.es/*
bcaixanet-particulares.bancocaixageral.es/
bcaixanet-particulares.bancocaixageral.es/*
barclaysnet.barclays.es/accesoBarclaysNet.html
barclaysnet.barclays.es/*
www.bsfincomonline.com/
www.bsfincomonline.com/*
direct.smbc.co.jp/aib/aibgsjsw5001.jsp
direct.smbc.co.jp/*
moj.multibank.pl/
moj.multibank.pl/*
companynet.mbank.pl/mt/
companynet.mbank.pl/*
online.mbank.pl/pl/Login
online.mbank.pl/*
aliorbank.pl/hades/do/Login
aliorbank.pl/*
www.ipko.pl/
www.ipko.pl/*
www.centrum24.pl/centrum24-web/login
www.centrum24.pl/*
www.ubank.com.au/
www.ubank.com.au/*
ib.greater.com.au/OnlineBanking/Login.aspx
ib.greater.com.au/*
ib3.bsp.com.pg/IB/businesslogin.aspx
ib3.bsp.com.pg/*
online.arabbank.com.au/login/abaonline
online.arabbank.com.au/*
ribs.rabobank.co.nz/RIBSNZ/NZ
ribs.rabobank.co.nz/*
online.corp.westpac.co.nz/
online.corp.westpac.co.nz/*
e-biz.smbc.co.jp/core/index.html
e-biz.smbc.co.jp/*
ibiznes24.pl/bzwbk24biznes-client/login.html
ibiznes24.pl/*
www.inwestoronline.pl/cbm/
www.inwestoronline.pl/*
velocity.ocbc.com/login.html
velocity.ocbc.com/*
www.bizsol.anser.ne.jp/0010c/rblgi01/I1RBLGI01-S01.do
www.bizsol.anser.ne.jp/*
fes.rakuten-bank.co.jp/MS/main/RbS*
fes.rakuten-bank.co.jp/*
token.kasbank.com/
token.kasbank.com/*
monitor.kasbank.com/
monitor.kasbank.com/*
attijarinet.attijariwafa.com/entreprise/
attijarinet.attijariwafa.com/*
attijarinet.attijariwafa.com/particulier/
attijarinet.attijariwafa.com/*
attijariconnect.attijariwafa.com/
attijariconnect.attijariwafa.com/*
www.attijarioffshore.com
www.attijarioffshore.com/*
mijn.gilissen.nl/
mijn.gilissen.nl/*
profnet2.tgservices.nl/
profnet2.tgservices.nl/*
mijn.asrbank.nl/loginpagina.aspx
mijn.asrbank.nl/*
www.contractmanager.asr.nl/
www.contractmanager.asr.nl/*
banking.dvbbank.com/
banking.dvbbank.com/*
smartcard.kasbank.com/kasweb/
smartcard.kasbank.com/*
nettbank.danskebank.no/html/index.html*
nettbank.danskebank.no/*
www.danskebank.no/nb-no/Privat/Nettbank-og-Mobil/nettbank/support/Pages/support.aspx*
www.danskebank.no/*
multiversa.geartesiabank.nl/MULTIVERSA-IFP/actions/login
multiversa.geartesiabank.nl/*
www2.poppankki.fi/VerkkopalvelutWeb/sisaankirjaus/lomake_valinta.jsp
www2.poppankki.fi/*
www.danskebank.dk/da-dk/Erhverv/Mellem-erhverv/Online-services/Support/Pages/Support.aspx*
www.danskebank.dk/*
www.danskebank.dk/da-dk/Privat/Selvbetjening/Produkter/Letbank/Pages/Log-ind-ji.aspx*
www.danskebank.dk/*
www.danskebank.dk/da-dk/Privat/Selvbetjening/raadgivning/Teknisk-support/Pages/Teknisk-support.aspx*
www.danskebank.dk/*
www.danskebank.dk/da-dk/Erhverv/Mindre-erhverv/Netbank/Support/Pages/Support.aspx*
www.danskebank.dk/*
foton-it.ubs.com
foton-it.ubs.com/*
www.tesoreria.cassacentrale.it
www.tesoreria.cassacentrale.it/*
www.tesoreria.dedagroup.it/bcc/
www.tesoreria.dedagroup.it/*
tesoreria.cabel.it/
tesoreria.cabel.it/*
online.crfossano.it/nb/it/index.html
online.crfossano.it/*
www.chebanca.it/wps/portal/Istituzionale/login
www.chebanca.it/*
carigeonline.gruppocarige.it/wps8ib/portal*
carigeonline.gruppocarige.it/*
portal.berenberg.de/MULTIVERSA-IFP/faces/login/login.jsf
portal.berenberg.de/*
my.hsbcprivatebank.com/1/2/*
my.hsbcprivatebank.com/*
www.bancorpsouthinview.web-cashplus.com/Cashplus/
www.bancorpsouthinview.web-cashplus.com/*
singlepoint.usbank.com/cs70_banking/logon/sbuser
singlepoint.usbank.com/*
bankonline.sboff.com/OFS2/InternetBanking
bankonline.sboff.com/*
online.alrayanbank.co.uk/online/aspscripts/Logon.asp
online.alrayanbank.co.uk/*
mybbsaccounts.bucksbs.co.uk/mlogn01.asp
mybbsaccounts.bucksbs.co.uk/*
online.ccbank.co.uk/main.asp*
online.ccbank.co.uk/*
u-2-view.chorleybs.co.uk/mlogn01.asp
u-2-view.chorleybs.co.uk/*
wealthclient.closebrothers.com/Login
wealthclient.closebrothers.com/*
secure.funds.lloydsbank.com/user/logon.aspx*
secure.funds.lloydsbank.com/*
myaccounts.newbury.co.uk/main.asp*
myaccounts.newbury.co.uk/*
cbforex.citizensbank.com/*WebApplication/cbforex/loginScreen*
cbforex.citizensbank.com/*
www.bostonprivate.com/index.cfm/page/Online-Banking/pid/10540
www.bostonprivate.com/*
www.anz.com/personal/
www.anz.com/*
www.bankline.natwest.com/CWSLogon/logon.do*
www.bankline.natwest.com/*
online-business.bankofscotland.co.uk/business/logon/login.jsp
online-business.bankofscotland.co.uk/*
ebanking2.danskebank.co.uk/pub/logon/logon.aspx*
ebanking2.danskebank.co.uk/*
business.co-operativebank.co.uk/corp/BANKAWAY*
business.co-operativebank.co.uk/*
home?.cybusinessonline.co.uk/lmgruV8/ceblm-web/login.ctl
home?.cybusinessonline.co.uk/*
www.onlinebanking.iombank.com/default.aspx*
www.onlinebanking.iombank.com/*
www.caterallenonline.co.uk/
www.caterallenonline.co.uk/*
personal.co-operativebank.co.uk/CBIBSWeb/start.do
personal.co-operativebank.co.uk/*
banking.ireland-bank.com/IrelandBankOnline_303/Authentication/Login.aspx
banking.ireland-bank.com/*
cardonebanking.com/authlogin.aspx
cardonebanking.com/*
banking.triodos.co.uk/ib-seam/login.seam?loginType=dp550*
banking.triodos.co.uk/*
infinity.icicibank.co.uk/UKRET/BANKAWAY*
infinity.icicibank.co.uk/*
secure.tddirectinvesting.co.uk/webbroker2/login.jsp
secure.tddirectinvesting.co.uk/*
www.deutschebank-dbdirect.com/cas/login*
www.deutschebank-dbdirect.com/*
banking.lloydsbank.com/Logon/logon.aspx
banking.lloydsbank.com/*
jpmcsso-uk.jpmorgan.com/sso/action/federateLogin*
jpmcsso-uk.jpmorgan.com/*
cashmanagement.barclays.net/portalservices/forms/login.pser*
cashmanagement.barclays.net/*
secure.aldermorebusinesssavings.co.uk/corporate
secure.aldermorebusinesssavings.co.uk/*
uksecure.barclayswealth.com/
uksecure.barclayswealth.com/*
www.gerrard.com/clientcentre/login.aspx
www.gerrard.com/*
online-business.tsb.co.uk/business/logon/login.jsp
online-business.tsb.co.uk/*
bankinguk.secure.investec.com/login.html*
bankinguk.secure.investec.com/*
banking.smile.co.uk/SmileWeb/start.do
banking.smile.co.uk/*
www.coventrybuildingsociety.co.uk/onlineservices/login/ols_login.aspx
www.coventrybuildingsociety.co.uk/*
online.citi/snapshoot/3
online.citi/snapshoot/3
chaseonline.chase.com/snapshoot/1
chaseonline.chase.com/snapshoot/1
client.schwab.com/snapshoot/70
client.schwab.com/snapshoot/70
secure.bankofamerica.com/snapshoot/2
secure.bankofamerica.com/snapshoot/2
www.careerbuilder.co.in/snapshoot/23
www.careerbuilder.co.in/snapshoot/23
oltx.fidelity.com/snapshoot/62
oltx.fidelity.com/snapshoot/62
online.americanexpress.com/snapshoot/25
online.americanexpress.com/snapshoot/25
www.discovercard.com/snapshoot/29
www.discovercard.com/snapshoot/29
www.paypal.com/snapshoot/7
www.paypal.com/snapshoot/7

The following are the proxy addresses used for man-in-the-middle attacks:

{BLOCKED}.{BLOCKED}.105.117:443
{BLOCKED}.{BLOCKED}.202.99:443

It sends the following GET request:

/0309au11/{Computer name}_{OS patform}.{BOTID}/{value}/{data/variable}/{BLOCKED}.{BLOCKED}.6.243/

It sends a POST request to send stolen information from the injection.

SOLUTION

Minimum Scan Engine: 9.750

FIRST VSAPI PATTERN FILE: 11.914.03

FIRST VSAPI PATTERN DATE: 12 Sep 2015

VSAPI OPR PATTERN File: 11.915.00

VSAPI OPR PATTERN Date: 13 Sep 2015

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.

Step 3

Remove the malware/grayware file that dropped/downloaded TSPY_DYRE.YSR. (Note: Please skip this step if the threat(s) listed below have already been removed.)

TROJ_UPATRE.YSR

Step 4

Restart in Safe Mode

[ Learn More ]

Step 5

Search and delete these files

[ Learn More ]

There may be some files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.

%System%\config\systemprofile\Application Data\{random filename} (for Windows XP and below)
%AppDataLocal%\{random filename} (for Windows Vista and above)

Step 6

Restore this modified registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- From: LimitBlankPasswordUse = "0"
  To: LimitBlankPasswordUse = 1
In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
- From: fDenyTSConnections = "0"
  To: fDenyTSConnections = 1
In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
- From: fSingleSessionPerUser = "0"
  To: fSingleSessionPerUser = 1

Step 7

Delete the Scheduled Tasks added by this malware/grayware

[ Learn More ]

To delete the added Scheduled Task file:

For Windows 2000, Windows XP, and Windows Server 2003:

Open the Windows Scheduled Tasks. To do this, click Start>Programs>Accessories>System Tools>Scheduled Tasks.
Double-click on a .JOB file.
Check if the malware path and file name exists in the .JOB file. To do this, check the value in the Run field.
If found, select the .JOB file then press SHIFT+DELETE to permanently delete the file.
Repeat the steps above for the remaining .JOB files.

For Windows Vista, Windows 7, Windows Server 2008, Windows 8, Windows 8.1, and Windows Server 2012:

Open the Windows Task Scheduler. To do this:
• On Windows Vista, Windows 7, and Windows Server 2008, click Start, type taskschd.msc in the Search input field, then press Enter.
• On Windows 8, Windows 8.1, and Windows Server 2012, right-click on the lower left corner of the screen, click Run, type taskschd.msc, then press Enter.
In the left panel of the Task Scheduler Window, click Task Scheduler Library.
In the upper-middle panel, click a Task.
In the lower middle panel, click the Actions tab
Check if the malware path and file name exists in the task. To do this, check the value in the Details column under the Actions tab.
If found, select the task and press DELETE and click Yes to delete the task.
Repeat the steps above for the remaining tasks.

Step 8

Restart in normal mode and scan your computer with your Trend Micro product for files detected as TSPY_DYRE.YSR. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Did this description help? Tell us how we did.

TSPY_DYRE.YSR

OVERVIEW

TECHNICAL DETAILS

SOLUTION

Trend Vision One™ - Proactive Security Starts Here.

Resources

Support

About Trend

Country Headquarters