diff --git a/scan.php b/scan.php
index 2077308..9e568e4 100644
--- a/scan.php
+++ b/scan.php
@@ -53,7 +53,7 @@ error_reporting(0);
     "eval\(base64_decode\(<(.*)POST(.*)>php",
     "\.\"<html><head><title>404\s*Not\s*Found<\/title><\/head><body>",
     "@error_reporting\(0\)",
-    "==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================",
+    "==========================+(\s*)Credit.Mutuel.ReZult(\s*)+==================", //
     "X-Mailer:(\s*)The(\s*)Bat\!(\s*)\(v",
     "WordPress(\s*)Inserter(\s*)Links",
     "The(\s*)Sword(\s*)Config(\s*)Fuck(\s*)Script",
@@ -62,11 +62,11 @@ error_reporting(0);
     "d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
     "eval\(gzinflate\(base64_decode\(",
     "eval\(gzinflate\(str_rot13\(base64_decode\(",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking",
-    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you",
-    "Wells(\s*)Fargo(\s*)Home(\s*)Page",
-    "Chase(\s*)Online(\s*)-(\s*)Logon",
+    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Home(\s*)\|(\s*)Personal", //
+    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Online(\s*)Banking(\s*)\|(\s*)Sign(\s*)In(\s*)to(\s*)Online(\s*)Banking", //
+    "Bank(\s*)of(\s*)America(\s*)\|(\s*)Thank(\s*)you", //
+    "Wells(\s*)Fargo(\s*)Home(\s*)Page", //
+    "Chase(\s*)Online(\s*)-(\s*)Logon", //
     "Send(\s*)Money,(\s*)Pay(\s*)Online(\s*)or(\s*)Set(\s*)Up(\s*)a(\s*)Merchant(\s*)Account(\s*)with(\s*)PayPal",
     "Login(\s*)-(\s*)PayPal",
     "Sign(\s*)Up(\s*)for(\s*)PayPal(\s*)-(\s*)It\'s(\s*)Free(\s*)and(\s*)Easy(\s*)to(\s*)Get(\s*)Started",
diff --git a/scan.py b/scan.py
index 1423ea0..ee9d71b 100644
--- a/scan.py
+++ b/scan.py
@@ -540,7 +540,13 @@ def is_hacked(filename):
             or 'https://www.colourbox.com/preview/11775720-hacker-boy-icon.jpg' in l \
             or 'https://image.prntscr.com/image/dQ_-z9pTRL6tA2kqbnXH6A.jp' in l:
             score.append(('SOCIALS', ''))
-
+        if '==========================+ Credit.Mutuel.ReZult +==================' in l \
+            or 'Bank of America | Home | Personal' in l \
+            or 'Bank of America | Online Banking | Sign In to Online Banking' in l \
+            or 'Bank of America | Thank you' in l \
+            or 'Wells Fargo Home Page' in l \
+            or 'Chase Online - Logon' in l \
+            core.append(('PHISHING', ''))
         previous_line = l
 
     if line_num < 20: