Author |
Message |
Baitsamurai
Baiting Guru
Joined: 30 Mar 2010
Posts: 2186
Location: in the mind of my pet-lad
|
Posted:
Mon Apr 19, 2010 5:47 am |
|
Here is something nasty for the Sitekillers.
http://www.publicbanksecurity.com/
Got is with a ASEM this morning.
Quote: |
Your Public Bank Internet Banking has been locked due to some internal issues.
In order to unlock your Internet Banking, follow these steps:
1. Visit our website: http://www.publicbanksecurity.com 2. Logon to the Internet Banking using your username and password.
3. Confirm your mobile phone number by entering the TAC you receive.
4. After confirming your account, log out. Your account access will be restored.
Thank you for using Public Bank.
|
from [email protected]
All links are going back to PBeBank.com which seems genuine. |
_________________ PROTECT VICTIMS - POST SCAMMAILS: SCAMWARNERS
"u dis fucking ingrate, *DELETED*!"
"YOU ARE VERY VERY STPEID MAN FUK YOU WITH YOUR MONEY"
"you are a thief i know you ....fbi is coming for you"
"YOU WILL RUST IN HELL YOU BASTERD"
"I don't mean no disrespect but i don't like that word cunning,I mean this is a charity work for Christ's sake"
x84 x124
C0nv0y/P4tr1ck Co-Bait with Boris_YELLsome: Lagos-Abuja-Lagos-Cotonou
Don't ever worry about seeming stupid. We're baiters. We do a lot of silly things in our baits. (Ima Baeder) |
|
|
|
Loge
Not quite a Newb
Joined: 10 Apr 2010
Posts: 62
Location: under the snake
|
Posted:
Mon Apr 19, 2010 10:05 am |
|
IP Address: 98.136.50.138
IP Location: California - Sunnyvale - Yahoo! Inc
WHOIS
Quote: |
Domain Name.......... publicbanksecurity.com
Creation Date........ 2010-04-19
Registration Date.... 2010-04-19
Expiry Date.......... 2011-04-19
Organisation Name.... Chris Twarogowski
Organisation Address. 9146 Richards dr.
Organisation Address.
Organisation Address. Mentor
Organisation Address. 44060
Organisation Address. OH
Organisation Address. UNITED STATES
Admin Name........... Chris Twarogowski
Admin Address........ 9146 Richards dr.
Admin Address........
Admin Address........ Mentor
Admin Address........ 44060
Admin Address........ OH
Admin Address........ UNITED STATES
Admin Email..........
Admin Phone.......... +1.4402576117
Admin Fax............
Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email...........
Tech Phone........... +1.4089162124
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com |
The site claims to be VeriSign secured. Not sure how exactly this can be proven false, but as far as I understand the VeriSign link should be javascript like for example on this site:
https://www.trustthecheck.com/trustthecheck/ssl/default.aspx
Quote: |
<script src=https://seal.verisign.com/getseal?host_name=www.trustthecheck.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script> |
But publicbanksecurity.com uses a simple anker tag for the link that looks very suspicious to me:
Quote: |
href="https://servicecenter.verisign.com/cgi-bin/Xquery.exe?Template=authCertByIssuer&remote_host=https://digitalid.msctrustgate.com/secure/cgi-bin/haydn.exe&form_file=../fdf/authCertByIssuer.fdf&issuerSerial=6fad9ec0b33468c07a48e3db47f67818"
target="_blank"><img src="login_data/login_trustgate.gif" width="73"
border="0" height="41"> |
justjay once said:
Quote: |
Go to the verifying authority's website and check the verification. VeriSign verification should be done at http://www.verisignsecured.com/. Do not rely on the popup from the website you are investigating! |
But http://www.verisignsecured.com does forward to https://www.trustthecheck.com/. Not sure how to actually verify it...
Also according to the source some of the links go to http://www.cpbebank.com and this site also looks suspicious after a short look:
Quote: |
Registration Service Provided By: RESELL.BIZ
Contact: +1.0000000000
Website: http://Resell.biz
Domain Name: CPBEBANK.COM
Registrant:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000
Creation Date: 30-Jun-2009
Expiration Date: 30-Jun-2010
Domain servers in listed order:
ns2.cpbebank.com
ns1.cpbebank.com
Administrative Contact:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000
Technical Contact:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000
Billing Contact:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000
Status:ACTIVE |
EDIT:
Ok, cpbebank.com seems to be a legit subbranch of PBEBANK.COM.
EDIT2:
Hmmmm, both pbebank.com and cpbebank.com use the same anker link for VeriSign verification as described above (both are on the pbebank server):
https://www2.pbebank.com/cpmain.html
https://www2.pbebank.com/main.html
So they seem to use an alternate verifying mechanism (msctrustgate.com)?
Either way this certificate is only valid for pbebank.com (because of this the cpbebank.com login site is actually on pbebank.com) and certainly not for publicbanksecurity.com. |
|
|
|
|
fashmo
Elite Baiter
Joined: 01 May 2006
Posts: 1693
|
Posted:
Mon Apr 19, 2010 11:04 am |
|
Phising only no content
Testing his/hers handywork
http://www.publicbanksecurity.com/main_files/fuckkk$.txt
Report to phishtank/ Netcraft
http://www.phishtank.com/ <<<<<<< Done
Win an ipod <<<< Done
Changed state to n/a as we dont deal with phishers here |
_________________ Win an ipod
Why the insult you are raining on me
The correction regarding your gender is noted.
The word sir is an official rerm used as a mark of respect irrespective of sex
Send to me your private phone number so as to enable me talk to you earball to earbell
x 2
x 1 Wheel of Rome
x 1
Last edited by fashmo on Mon Apr 19, 2010 11:40 am; edited 1 time in total |
|
|
|
Loge
Not quite a Newb
Joined: 10 Apr 2010
Posts: 62
Location: under the snake
|
Posted:
Mon Apr 19, 2010 11:16 am |
|
Just out of curiosity: how did you find this file? |
|
|
|
|
fashmo
Elite Baiter
Joined: 01 May 2006
Posts: 1693
|
Posted:
Mon Apr 19, 2010 11:38 am |
|
|
|
|
|