🔥 Evilginx Phishlets: Реверс-прокси решения для кражи учетных данных и обхода 2FA — идеально подходит для продвинутых фишинговых наборов! 💻🔐🛡️💸

[blackdatabase]

**Pre-order: BBVA México**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bbva.mx (URL: www.bbva.mx)
Ссылка для входа: https://www.bbva.mx/personas/servicios/linea-bbva.html (Login URL: https://www.bbva.mx/personas/servicios/linea-bbva.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banorte**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.banorte.com (URL: www.banorte.com)
Ссылка для входа: https://www.banorte.com/wps/portal/personas (Login URL: https://www.banorte.com/wps/portal/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Citibanamex**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.banamex.com (URL: www.banamex.com)
Ссылка для входа: https://www.banamex.com/personas.html (Login URL: https://www.banamex.com/personas.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: HSBC México**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.hsbc.com.mx (URL: www.hsbc.com.mx)
Ссылка для входа: https://www.hsbc.com.mx/personas/ (Login URL: https://www.hsbc.com.mx/personas/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Scotiabank México**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.scotiabank.com.mx (URL: www.scotiabank.com.mx)
Ссылка для входа: https://www.scotiabank.com.mx/Personas/Acceso-Simple.html (Login URL: https://www.scotiabank.com.mx/Personas/Acceso-Simple.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banco Inbursa**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.inbursa.com (URL: www.inbursa.com)
Ссылка для входа: https://www.inbursa.com.mx/Personas (Login URL: https://www.inbursa.com.mx/Personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banco Azteca**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bancoazteca.com.mx (URL: www.bancoazteca.com.mx)
Ссылка для входа: https://www.bancoazteca.com.mx/personas.html (Login URL: https://www.bancoazteca.com.mx/personas.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: BanBajío**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bajio.com.mx (URL: www.bajio.com.mx)
Ссылка для входа: https://www.bajio.com.mx/personas (Login URL: https://www.bajio.com.mx/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banca Mifel**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.mifel.com.mx (URL: www.mifel.com.mx)
Ссылка для входа: https://www.mifel.com.mx/personas (Login URL: https://www.mifel.com.mx/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banco del Bajío**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bb.com.mx (URL: www.bb.com.mx)
Ссылка для входа: https://www.bb.com.mx/personas (Login URL: https://www.bb.com.mx/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

 

[blackdatabase]

**Pre-order: Lloyds Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.lloydsbank.com (URL: www.lloydsbank.com)
Ссылка для входа: https://www.lloydsbank.com/online-banking/log-on (Login URL: https://www.lloydsbank.com/online-banking/log-on)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Barclays Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.barclays.co.uk (URL: www.barclays.co.uk)
Ссылка для входа: https://www.barclays.co.uk/ (Login URL: https://www.barclays.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: HSBC UK**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.hsbc.co.uk (URL: www.hsbc.co.uk)
Ссылка для входа: https://www.hsbc.co.uk/ (Login URL: https://www.hsbc.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: NatWest (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.natwest.com (URL: www.natwest.com)
Ссылка для входа: https://www.natwest.com/ (Login URL: https://www.natwest.com/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Santander UK**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.santander.co.uk (URL: www.santander.co.uk)
Ссылка для входа: https://www.santander.co.uk/ (Login URL: https://www.santander.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Royal Bank of Scotland (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.rbs.co.uk (URL: www.rbs.co.uk)
Ссылка для входа: https://www.rbs.co.uk/ (Login URL: https://www.rbs.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: TSB Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.tsb.co.uk (URL: www.tsb.co.uk)
Ссылка для входа: https://www.tsb.co.uk/ (Login URL: https://www.tsb.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Virgin Money UK**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.virginmoney.com (URL: www.virginmoney.com)
Ссылка для входа: https://www.virginmoney.com/ (Login URL: https://www.virginmoney.com/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Metro Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.metrobankonline.co.uk (URL: www.metrobankonline.co.uk)
Ссылка для входа: https://www.metrobankonline.co.uk/ (Login URL: https://www.metrobankonline.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: The Co-operative Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.co-operativebank.co.uk (URL: www.co-operativebank.co.uk)
Ссылка для входа: https://www.co-operativebank.co.uk/ (Login URL: https://www.co-operativebank.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Clydesdale Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.cbonline.co.uk (URL: www.cbonline.co.uk)
Ссылка для входа: https://www.cbonline.co.uk/ (Login URL: https://www.cbonline.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Yorkshire Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.ybonline.co.uk (URL: www.ybonline.co.uk)
Ссылка для входа: https://www.ybonline.co.uk/ (Login URL: https://www.ybonline.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Bank of Ireland UK**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bankofirelanduk.com (URL: www.bankofirelanduk.com)
Ссылка для входа: https://www.bankofirelanduk.com/ (Login URL: https://www.bankofirelanduk.com/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Ulster Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.ulsterbank.co.uk (URL: www.ulsterbank.co.uk)
Ссылка для входа: https://www.ulsterbank.co.uk/ (Login URL: https://www.ulsterbank.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Nationwide Building Society (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.nationwide.co.uk (URL: www.nationwide.co.uk)
Ссылка для входа: https://www.nationwide.co.uk/ (Login URL: https://www.nationwide.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Skipton Building Society (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.skipton.co.uk (URL: www.skipton.co.uk)
Ссылка для входа: https://www.skipton.co.uk/ (Login URL: https://www.skipton.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Coventry Building Society (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.coventrybuildingsociety.co.uk (URL: www.coventrybuildingsociety.co.uk)
Ссылка для входа: https://www.coventrybuildingsociety.co.uk/ (Login URL: https://www.coventrybuildingsociety.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Halifax (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.halifax.co.uk (URL: www.halifax.co.uk)
Ссылка для входа: https://www.halifax-online.co.uk/ (Login URL: https://www.halifax-online.co.uk/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Monzo Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.monzo.com (URL: www.monzo.com)
Ссылка для входа: https://app.monzo.com (Login URL: https://app.monzo.com)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Starling Bank (UK)**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.starlingbank.com (URL: www.starlingbank.com)
Ссылка для входа: https://app.starlingbank.com (Login URL: https://app.starlingbank.com)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

 

[blackdatabase]

**KeyBank**: $5k
Веб-сайт: www.key.com (URL: www.key.com)
Ссылка для входа: https://www.key.com/login (Login URL: https://www.key.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Regions Bank**: $5k
Веб-сайт: www.regions.com (URL: www.regions.com)
Ссылка для входа: https://www.regions.com/login (Login URL: https://www.regions.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Fifth Third Bank**: $5k
Веб-сайт: www.53.com (URL: www.53.com)
Ссылка для входа: https://www.53.com/login (Login URL: https://www.53.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Huntington Bank**: $5k
Веб-сайт: www.huntington.com (URL: www.huntington.com)
Ссылка для входа: https://onlinebanking.huntington.com/login (Login URL: https://onlinebanking.huntington.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**BBVA USA**: $5k
Веб-сайт: www.bbvausa.com (URL: www.bbvausa.com)
Ссылка для входа: https://www.bbvausa.com/login (Login URL: https://www.bbvausa.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Citizens Bank**: $5k
Веб-сайт: www.citizensbank.com (URL: www.citizensbank.com)
Ссылка для входа: https://www.citizensbank.com/login (Login URL: https://www.citizensbank.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**M&T Bank**: $5k
Веб-сайт: www.mtb.com (URL: www.mtb.com)
Ссылка для входа: https://www.mtb.com/login (Login URL: https://www.mtb.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**BMO Harris Bank**: $5k
Веб-сайт: www.bmoharris.com (URL: www.bmoharris.com)
Ссылка для входа: https://www.bmoharris.com/login (Login URL: https://www.bmoharris.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**First Republic Bank**: $5k
Веб-сайт: www.firstrepublic.com (URL: www.firstrepublic.com)
Ссылка для входа: https://www.firstrepublic.com/login (Login URL: https://www.firstrepublic.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Zions Bank**: $5k
Веб-сайт: www.zionsbank.com (URL: www.zionsbank.com)
Ссылка для входа: https://www.zionsbank.com/login (Login URL: https://www.zionsbank.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Webster Bank**: $5k
Веб-сайт: www.websterbank.com (URL: www.websterbank.com)
Ссылка для входа: https://www.websterbank.com/login (Login URL: https://www.websterbank.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Simmons Bank**: $5k
Веб-сайт: www.simmonsbank.com (URL: www.simmonsbank.com)
Ссылка для входа: https://www.simmonsbank.com/login (Login URL: https://www.simmonsbank.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Old National Bank**: $5k
Веб-сайт: www.oldnational.com (URL: www.oldnational.com)
Ссылка для входа: https://www.oldnational.com/login (Login URL: https://www.oldnational.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Comerica Bank**: $5k
Веб-сайт: www.comerica.com (URL: www.comerica.com)
Ссылка для входа: https://www.comerica.com/login (Login URL: https://www.comerica.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**First Horizon Bank**: $5k
Веб-сайт: www.firsthorizon.com (URL: www.firsthorizon.com)
Ссылка для входа: https://www.firsthorizon.com/login (Login URL: https://www.firsthorizon.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Valley National Bank**: $5k
Веб-сайт: www.valley.com (URL: www.valley.com)
Ссылка для входа: https://www.valley.com/login (Login URL: https://www.valley.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Bank of the West**: $5k
Веб-сайт: www.bankofthewest.com (URL: www.bankofthewest.com)
Ссылка для входа: https://www.bankofthewest.com/login (Login URL: https://www.bankofthewest.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**First Citizens Bank**: $5k
Веб-сайт: www.firstcitizens.com (URL: www.firstcitizens.com)
Ссылка для входа: https://www.firstcitizens.com/login (Login URL: https://www.firstcitizens.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Cadence Bank**: $5k
Веб-сайт: www.cadencebank.com (URL: www.cadencebank.com)
Ссылка для входа: https://www.cadencebank.com/login (Login URL: https://www.cadencebank.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pinnacle Financial Partners**: $5k
Веб-сайт: www.pnfp.com (URL: www.pnfp.com)
Ссылка для входа: https://www.pnfp.com/login (Login URL: https://www.pnfp.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Ameris Bank**: $5k
Веб-сайт: www.amerisbank.com (URL: www.amerisbank.com)
Ссылка для входа: https://www.amerisbank.com/login (Login URL: https://www.amerisbank.com/login)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

 

[blackdatabase]

**Evilginx Phishlets**: 反向代理解决方案，用于窃取凭据和绕过2FA – 适合高级钓鱼工具包！

钓鱼工具包及其价格:

LinkedIn: $5k (evilpuppet)
网站: www.linkedin.com
登录链接: https://www.linkedin.com/login
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Intuit: $3k
网站: www.intuit.com
登录链接: https://accounts.intuit.com/index.html
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Telegram: $3k
网站: www.telegram.org
登录链接: https://my.telegram.org/auth
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Yahoo + AOL: $5k
网站: www.yahoo.com, www.aol.com
登录链接: https://login.yahoo.com, https://login.aol.com
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

iCloud: $2.5k
网站: www.icloud.com
登录链接: https://www.icloud.com
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Google (Gmail + Google Services): $5k
网站: www.google.com
登录链接: https://accounts.google.com/signin
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

GitHub: $1k
网站: www.github.com
登录链接: https://github.com/login
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Office365: $1k (包括Okta和GoDaddy)
网站: www.office.com, www.okta.com, www.godaddy.com
登录链接: https://login.microsoftonline.com, https://www.okta.com/login, https://sso.godaddy.com/login
捕获电子邮件/用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Outlook: $1k
网站: www.outlook.com
登录链接: https://outlook.live.com/owa/
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Airbnb: $1k
网站: www.airbnb.com
登录链接: https://www.airbnb.com/login
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Salesforce: $1k
网站: www.salesforce.com
登录链接: https://login.salesforce.com
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Amazon.com: $2k
网站: www.amazon.com
登录链接: https://www.amazon.com/ap/signin
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Facebook: $2k
网站: www.facebook.com
登录链接: https://www.facebook.com/login
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Instagram: $2k
网站: www.instagram.com
登录链接: https://www.instagram.com/accounts/login/
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Azure.com: $3k
网站: www.azure.com
登录链接: https://portal.azure.com
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

AWS.amazon.com: $3k
网站: aws.amazon.com
登录链接: https://signin.aws.amazon.com/signin
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Ads.microsoft.com: $3k
网站: ads.microsoft.com
登录链接: https://ads.microsoft.com/login
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Mobile.de: $5k
网站: www.mobile.de
登录链接: https://www.mobile.de/login
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Autoscout24: $5k
网站: www.autoscout24.com
登录链接: https://www.autoscout24.com/login
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Blockchain.com: $5k (JS Inject MODULE + $1k)
网站: www.blockchain.com
登录链接: https://login.blockchain.com
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Binance.com: $6k
网站: www.binance.com
登录链接: https://accounts.binance.com/en/login
捕获电子邮件和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Wells Fargo: $5k
网站: www.wellsfargo.com
登录链接: https://connect.secure.wellsfargo.com/auth/login/present
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Citi: $5k
网站: www.citi.com
登录链接: https://online.citi.com/US/login.do
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Bank of America (Bofa): $5k
网站: www.bankofamerica.com
登录链接: https://secure.bankofamerica.com/login/sign-in/signOnV2Screen.go
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Chase: $5k
网站: www.chase.com
登录链接: https://secure01a.chase.com/web/auth/logonbox
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

Scotiabank Canada: $4k
网站: www.scotiabank.com
登录链接: https://www.scotiaonline.scotiabank.com
捕获用户名和密码。绕过2FA并捕获cookie/令牌。日志发送到Telegram。

 

[Vigorin]

Do you have a bank log to purchase here?

 

[DarkToken]

just asking what is the hard on this work to make price like 5k for phish page? why isn't under 1k , I gusse the price is to much

 

[blackdatabase]

just asking what is the hard on this work to make price like 5k for phish page? why isn't under 1k , I gusse the price is to much

Well, if you consider that the price must be under $1k, why don't you start making them yourself, and sell them at that price, you imagine that no one will sell anymore and you will sell everything. I wish you success!

 

[Brend4tamx]

Well, if you consider that the price must be under $1k, why don't you start making them yourself, and sell them at that price, you imagine that no one will sell anymore and you will sell everything. I wish you success!

How are you supposed to save the access token to banks like bbva.mx? If they use an RSA token to access and the session is lost if you refresh the page, even after 1 hour of being in the session it automatically logs you out.

 

[blackdatabase]

How are you supposed to save the access token to banks like bbva.mx? If they use an RSA token to access and the session is lost if you refresh the page, even after 1 hour of being in the session it automatically logs you out.

in general, the banks in MX do not have 2fa when logging in from a new device (browser), so as a conclusion, the tokens are useless. But this does not mean that reverse proxy is not profitable in these cases, when you want to automatically edit the account. I don't understand the purpose of the comment! If you have questions about the product, ask them, if you feel alone and useless in life, I'm sorry I can't help you!

 

[Brend4tamx]

in general, the banks in MX do not have 2fa when logging in from a new device (browser), so as a conclusion, the tokens are useless. But this does not mean that reverse proxy is not profitable in these cases, when you want to automatically edit the account. I don't understand the purpose of the comment! If you have questions about the product, ask them, if you feel alone and useless in life, I'm sorry I can't help you!

Well, you are selling a service for Mexican banks, but it doesn't seem to make sense to use Evilginx for Mexican banks because they don't send 2FA when accessing from a different browser. So, what are you really selling regarding these banks? It's a serious question because I'm a potential buyer.

 

[blackdatabase]

Well, you are selling a service for Mexican banks, but it doesn't seem to make sense to use Evilginx for Mexican banks because they don't send 2FA when accessing from a different browser. So, what are you really selling regarding these banks? It's a serious question because I'm a potential buyer.

So, once again, for your limited understanding:
A reverse proxy does much more than just capture tokens and login details. While capturing tokens and session cookies is one approach, an attacker using a reverse proxy can perform a variety of malicious actions, including modifying account information, initiating transactions, and manipulating banking operations in real-time, often without the victim's immediate knowledge.

From an attacker's perspective, a reverse proxy acts as an intermediary between the victim and the legitimate server, allowing the attacker to intercept, alter, and control the entire communication flow. Here’s how an attacker can exploit this setup for more advanced manipulation:

1. Account Modification in Banking Platforms:
In scenarios involving online banking, once an attacker captures login credentials and session tokens through a reverse proxy, they can modify the victim's account details in real-time. For example:

Auto-updating recipient details: The attacker can intercept requests when the victim is adding or modifying a bank transfer recipient. The attacker can secretly replace the intended recipient’s bank account details with their own, ensuring that future payments are redirected to the attacker’s account.
Changing account information: While the victim believes they are updating their contact details (such as email or phone number), the attacker can modify these fields to their own credentials, gaining control over important communications like transaction confirmations or account recovery methods.
2. Automatic Transfers via ADS (Automatic Debit Systems):
Once the attacker has control of the victim’s banking session, they can initiate transactions using Automatic Debit Systems (ADS) or similar features. By doing this, the attacker can:

Schedule future transfers to their accounts by manipulating recurring payment settings or automatic billing features, which can go unnoticed by the victim until the payment is processed.
Modify standing orders or scheduled transfers to reroute funds to attacker-controlled accounts without immediately raising suspicion. This tactic works especially well in accounts with multiple beneficiaries or complex payment schedules.
3. Silent Transaction Manipulation:
One of the key powers of a reverse proxy attack is the ability to alter data on-the-fly. For instance:

If the victim initiates a legitimate transaction, the attacker can silently alter the amount or recipient during the transaction process, making it appear as though everything is proceeding as expected to the user, but diverting funds to an attacker-controlled account instead.
The attacker can also inject automated scripts into the banking session, which can manipulate the interface to hide certain transaction details from the user’s view or prevent them from noticing suspicious activity.
4. Bypassing Two-Factor Authentication (2FA) or MFA:
Many modern banking systems use two-factor authentication (2FA) or multi-factor authentication (MFA) as a security layer. However, in a reverse proxy attack, the attacker can:

Intercept the 2FA or MFA tokens in real-time. When the victim enters the 2FA code sent via SMS or app, the attacker can capture and use it to complete fraudulent transactions or changes to account details.
Simultaneously bypass the need for the attacker to know the victim’s password or have physical access to the 2FA device, as the session is already authenticated and under the attacker’s control.
5. Injecting Malicious Code to Ensure Long-Term Access:
Beyond simple account manipulation, attackers may also use a reverse proxy to:

Insert malicious scripts or browser extensions into the victim’s device. This can help the attacker maintain long-term access even after the session has ended. For example, by injecting a keylogger or other malware, the attacker can continue to capture future login credentials and sensitive data.
Persist session hijacking: Through real-time modification of cookies or session tokens, the attacker can ensure they maintain access to the victim’s account even after the victim logs out or ends their current session. This is especially dangerous in banking environments where the attacker can periodically re-enter the system to initiate unauthorized transfers or modifications.
6. Phishing for Personal Information to Facilitate Future Fraud:
In banking environments, reverse proxy attacks can be used not just for immediate theft but for long-term fraud by:

Phishing for sensitive personal data like Social Security numbers, credit card information, and security questions, which can be used later to compromise other accounts or to perform identity theft.
Modifying the victim’s transaction history or notifications so that unauthorized transfers are hidden or appear legitimate, delaying detection of the fraud.
Conclusion:
An attacker using a reverse proxy in banking systems or similar platforms has the ability to do much more than simply capture login tokens. They can actively manipulate account settings, alter recipient details, initiate automatic transfers, and modify data on-the-fly, all while bypassing security measures like 2FA or MFA. The attacker can silently carry out fraudulent transactions and ensure long-term control over the account through session persistence, making reverse proxy attacks a powerful tool for sophisticated financial fraud and identity theft."

 

[blackdatabase]

Атака типа Man-in-the-Middle (MITM) включает перехват коммуникации между двумя сторонами (например, между пользователем и сервером) без их ведома. В описанном тобой сценарии злоумышленник может скомпрометировать компьютер разными способами, а затем манипулировать DNS-трафиком, чтобы перенаправить пользователя на поддельный сервер, контролируемый злоумышленником.

Вот как может работать такая атака:

1. Инфекция компьютера и изменение настроек DNS
Злоумышленник может заразить компьютер жертвы через:

Эксплойт, фишинг или вредоносное ПО.
После заражения злоумышленник может изменить настройки DNS на устройстве жертвы, чтобы направить DNS-запросы на поддельный сервер DNS.
2. Поддельный сервер DNS
Поддельный сервер DNS будет возвращать неправильные IP-адреса для запрашиваемых сайтов. Например, если жертва попытается зайти на сайт Coinbase, поддельный DNS-сервер перенаправит пользователя на reverse proxy, такой как Evilginx.

3. Перенаправление на Evilginx
Evilginx — это инструмент, используемый для фишинговых атак с помощью обратного прокси. Он перехватывает и записывает трафик между жертвой и реальным сервером (например, Coinbase), включая данные для входа и cookies сессии.

Когда жертва пытается войти на Coinbase, прокси Evilginx создает почти идентичную копию настоящей страницы и передает все данные для входа злоумышленнику.
Жертва не заметит ничего подозрительного, так как будет взаимодействовать с веб-страницей, которая выглядит подлинной.
4. Перехват и изменение трафика в реальном времени
Как только злоумышленник захватывает cookies аутентификации и данные сессии, он может получить контроль над учетной записью жертвы без необходимости вводить пароль. Более того, поскольку Evilginx действует как прокси, злоумышленник может изменить трафик до его отправки на реальный сервер.

Изменение номера телефона на сервере: Если в учетной записи есть возможность изменить личные данные (например, номер телефона), злоумышленник может изменить запрос, отправляемый на сервер Coinbase. Жертва увидит в пользовательском интерфейсе, что все в порядке, и даже может получить подтверждение, не подозревая, что злоумышленник уже изменил, например, номер телефона, связанный с учетной записью.
5. Подтверждение действий жертвой
Если Coinbase требует дополнительного подтверждения (например, код, отправленный на электронную почту или телефон), жертва получит этот код и подтвердит действие. Однако изменения уже были сделаны злоумышленником на сервере, и жертва, по сути, сама подтверждает свою компрометацию.

Заключение
Эта атака работает, эксплуатируя доверие жертвы к якобы подлинному сайту и к сеансу аутентификации. Как только злоумышленник получает контроль над сессией, он может вносить небольшие изменения в учетную запись жертвы, такие как изменение номера телефона или других критических данных, не вызывая подозрений у жертвы.

 

[ovadgod]

**Pre-order: BBVA México**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bbva.mx (URL: www.bbva.mx)
Ссылка для входа: https://www.bbva.mx/personas/servicios/linea-bbva.html (Login URL: https://www.bbva.mx/personas/servicios/linea-bbva.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banorte**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.banorte.com (URL: www.banorte.com)
Ссылка для входа: https://www.banorte.com/wps/portal/personas (Login URL: https://www.banorte.com/wps/portal/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Citibanamex**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.banamex.com (URL: www.banamex.com)
Ссылка для входа: https://www.banamex.com/personas.html (Login URL: https://www.banamex.com/personas.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: HSBC México**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.hsbc.com.mx (URL: www.hsbc.com.mx)
Ссылка для входа: https://www.hsbc.com.mx/personas/ (Login URL: https://www.hsbc.com.mx/personas/)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Scotiabank México**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.scotiabank.com.mx (URL: www.scotiabank.com.mx)
Ссылка для входа: https://www.scotiabank.com.mx/Personas/Acceso-Simple.html (Login URL: https://www.scotiabank.com.mx/Personas/Acceso-Simple.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banco Inbursa**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.inbursa.com (URL: www.inbursa.com)
Ссылка для входа: https://www.inbursa.com.mx/Personas (Login URL: https://www.inbursa.com.mx/Personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banco Azteca**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bancoazteca.com.mx (URL: www.bancoazteca.com.mx)
Ссылка для входа: https://www.bancoazteca.com.mx/personas.html (Login URL: https://www.bancoazteca.com.mx/personas.html)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: BanBajío**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bajio.com.mx (URL: www.bajio.com.mx)
Ссылка для входа: https://www.bajio.com.mx/personas (Login URL: https://www.bajio.com.mx/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banca Mifel**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.mifel.com.mx (URL: www.mifel.com.mx)
Ссылка для входа: https://www.mifel.com.mx/personas (Login URL: https://www.mifel.com.mx/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

**Pre-order: Banco del Bajío**: $5k
Delivery time: 1-5 days after escrow opens
Веб-сайт: www.bb.com.mx (URL: www.bb.com.mx)
Ссылка для входа: https://www.bb.com.mx/personas (Login URL: https://www.bb.com.mx/personas)
Online banking access. Logs are sent to Telegram.
(Capture credentials and session tokens. Logs are sent to Telegram.)

 

[ovadgod]

I had a conversation with him, he seems nice. Meanwhile i realized that i had too much to learn about reverse proxy phishing method and other things. Thanks bro

 

[scotty32]

Verizon Email: $3.5k
Веб-сайт: www.verizon.com (URL: www.verizon.com)
Ссылка для входа: https://verizon.com/email (Login URL: https://verizon.com/email)

AT&T Mail: $3.5k
Веб-сайт: currently.att.yahoo.com (URL: currently.att.yahoo.com)
Ссылка для входа: https://currently.att.yahoo.com (Login URL: https://currently.att.yahoo.com)

SBCGlobal Mail: $3.5k
Веб-сайт: currently.att.yahoo.com/sbcglobal (URL: currently.att.yahoo.com/sbcglobal)
Ссылка для входа: https://currently.att.yahoo.com/sbcglobal (Login URL: https://currently.att.yahoo.com/sbcglobal)

Frontier Mail: $3.5k
Веб-сайт: www.frontier.com (URL: www.frontier.com)
Ссылка для входа: https://frontier.com (Login URL: https://frontier.com)

Rogers Email: $3.5k
Веб-сайт: www.rogers.com (URL: www.rogers.com)
Ссылка для входа: https://mail.rogers.com (Login URL: https://mail.rogers.com)

BT Mail (British Telecom): $3.5k
Веб-сайт: www.bt.com (URL: www.bt.com)
Ссылка для входа: https://home.bt.com (Login URL: https://home.bt.com)

Sky Mail: $3.5k
Веб-сайт: www.sky.com (URL: www.sky.com)
Ссылка для входа: https://www.sky.com (Login URL: https://www.sky.com)

Orange Mail (France): $3.5k
Веб-сайт: www.orange.fr (URL: www.orange.fr)
Ссылка для входа: https://www.orange.fr (Login URL: https://www.orange.fr)

SFR Mail: $3.5k
Веб-сайт: www.sfr.fr (URL: www.sfr.fr)
Ссылка для входа: https://www.sfr.fr (Login URL: https://www.sfr.fr)

Proximus Mail (Belgium): $3.5k
Веб-сайт: www.proximus.be (URL: www.proximus.be)
Ссылка для входа: https://www.proximus.be (Login URL: https://www.proximus.be)

Bell Mail (Canada): $3.5k
Веб-сайт: www.bell.net (URL: www.bell.net)
Ссылка для входа: https://www.bell.net (Login URL: https://www.bell.net)

CenturyLink Mail: $3.5k
Веб-сайт: www.centurylink.com (URL: www.centurylink.com)
Ссылка для входа: https://www.centurylink.com (Login URL: https://www.centurylink.com)

MTS Mail (Manitoba Telecom Services): $3.5k
Веб-сайт: www.mts.ca (URL: www.mts.ca)
Ссылка для входа: https://www.mts.ca (Login URL: https://www.mts.ca)

NetZero Mail: $3.5k
Веб-сайт: www.netzero.com (URL: www.netzero.com)
Ссылка для входа: https://www.netzero.com (Login URL: https://www.netzero.com)

Juno Mail: $3.5k
Веб-сайт: www.juno.com (URL: www.juno.com)
Ссылка для входа: https://www.juno.com (Login URL: https://www.juno.com)

Y7Mail (Australia): $3.5k
Веб-сайт: au.yahoo.com (URL: au.yahoo.com)
Ссылка для входа: https://au.mail.yahoo.com (Login URL: https://au.mail.yahoo.com)

TalkTalk Mail: $3.5k
Веб-сайт: www.talktalk.co.uk (URL: www.talktalk.co.uk)
Ссылка для входа: https://www.talktalk.co.uk (Login URL: https://www.talktalk.co.uk)

Virgin Media Mail: $3.5k
Веб-сайт: www.virginmedia.com (URL: www.virginmedia.com)
Ссылка для входа: https://www.virginmedia.com (Login URL: https://www.virginmedia.com)

Optus Mail (Australia): $3.5k
Веб-сайт: www.optus.com.au (URL: www.optus.com.au)
Ссылка для входа: https://www.optus.com.au (Login URL: https://www.optus.com.au)

Charter.net (Spectrum): $3.5k
Веб-сайт: www.spectrum.net (URL: www.spectrum.net)
Ссылка для входа: https://www.spectrum.net/login (Login URL: https://www.spectrum.net/login)

Xtra Mail (New Zealand): $3.5k
Веб-сайт: www.xtra.co.nz (URL: www.xtra.co.nz)
Ссылка для входа: https://xtramail.co.nz (Login URL: https://xtramail.co.nz)

Blueyonder Mail: $3.5k
Веб-сайт: www.blueyonder.co.uk (URL: www.blueyonder.co.uk)
Ссылка для входа: https://www.blueyonder.co.uk (Login URL: https://www.blueyonder.co.uk)

Mail.be (Belgium): $3.5k
Веб-сайт: www.mail.be (URL: www.mail.be)
Ссылка для входа: https://www.mail.be (Login URL: https://www.mail.be)

Libero Mail (Italy): $3.5k
Веб-сайт: www.libero.it (URL: www.libero.it)
Ссылка для входа: https://www.libero.it (Login URL: https://www.libero.it)

Tiscali Mail (Italy): $3.5k
Веб-сайт: www.tiscali.it (URL: www.tiscali.it)
Ссылка для входа: https://mail.tiscali.it (Login URL: https://mail.tiscali.it)

Alice Mail (Italy): $3.5k
Веб-сайт: mail.alice.it (URL: mail.alice.it)
Ссылка для входа: https://mail.alice.it (Login URL: https://mail.alice.it)

Wanadoo Mail (France): $3.5k
Веб-сайт: www.wanadoo.fr (URL: www.wanadoo.fr)
Ссылка для входа: https://mail.wanadoo.fr (Login URL: https://mail.wanadoo.fr)

Laposte.net (France): $3.5k
Веб-сайт: www.laposte.net (URL: www.laposte.net)
Ссылка для входа: https://www.laposte.net (Login URL: https://www.laposte.net)

Free.fr Mail (France): $3.5k
Веб-сайт: www.free.fr (URL: www.free.fr)
Ссылка для входа: https://webmail.free.fr (Login URL: https://webmail.free.fr)

i bougth a phislet customized, im waiting to delivery. will see and post reviews

 

[blackdatabase]

I had a conversation with him, he seems nice. Meanwhile i realized that i had too much to learn about reverse proxy phishing method and other things. Thanks bro

Thanks!

 

[h2ok]

Pleasant person to talk to. he knows his work.

 

[blackdatabase]

Google = $6.5k EvilPlaywright (evilpuppet)

 

[blackdatabase]

Pleasant person to talk to. he knows his work.

thank you !

 

[scotty32]

i bougth a phislet customized, im waiting to delivery. will see and post reviews

Still waiting 11 days after i send the money