Strange! Infact, pnbindia.com, pnbindia.in both are theirs. One hosted in India and other in US. Drop down menu works for .in and doesn’t work in .com. .com is detected as infected and .in ain’t which made me thought that one is owned and other ain’t. Phew!
From: vaibhav aher [mailto:[email protected]] Sent: 13 January 2010 17:02 To: chintan dave Cc: [email protected]; [email protected] Subject: Re: [Owasp-delhi] Fwd: PNB phishing page. But PNB them self claims that PNBIndia.in is there domain. Take a look at this.. http://www.pnb.net.in/ -- Vaibhav Aher InfoSec Consultant On Wed, Jan 13, 2010 at 4:31 PM, chintan dave <[email protected]> wrote: I am not sure why they have multiple sites. Initial thought that came to my mind was phishing. So I fired a DNS look up query on both the domains. The following is the result. A quick DNS look up: PNBIndia.in: http://www.dnsstuff.com/tools/whois/?tool_id=66 <http://www.dnsstuff.com/tools/whois/?tool_id=66&token=&toolhandler_redirect=0&ip=www.pnbindia.in> &token=&toolhandler_redirect=0&ip=www.pnbindia.in PNBIndia.com: http://www.dnsstuff.com/tools/whois/?tool_id=66 <http://www.dnsstuff.com/tools/whois/?tool_id=66&token=&toolhandler_redirect=0&ip=www.pnbindia.com> &token=&toolhandler_redirect=0&ip=www.pnbindia.com Surprisingly NET4India is the registrar for both the URLs. Additionally, just out of curiosity, i tried the following as well: PNBIndia.co.in <http://pnbindia.co.in/> : http://www.dnsstuff.com/tools/whois/?tool_id=66 <http://www.dnsstuff.com/tools/whois/?tool_id=66&token=&toolhandler_redirect=0&ip=pnbindia.co.in> &token=&toolhandler_redirect=0&ip=pnbindia.co.in The contact person for PNBIndia.in and PNBIndia.co.in <http://pnbindia.co.in/> is same. "Tarun Shahani" On Wed, Jan 13, 2010 at 4:28 PM, Soi, Dhruv <[email protected]> wrote: Oops! PNB officials are already on the list. Though I forwarded to him directly with Cc to GM IT. Some action is hopeful. By the way, The phishing form redirects to pnbindia.com <http://pnbindia.com/> . So it not only collects the credit card numbers but also compromise the victim through drive-by-download method which seems to be taken off at the moment. From: atul jha [mailto:[email protected]] Sent: 13 January 2010 16:20 To: [email protected] Cc: [email protected] Subject: Re: [Owasp-delhi] Fwd: PNB phishing page. I wonder how come a government/nationalized bank can have such poor security for online transaction.I was unable to see the pages correctly on firefox as that is the only browser i have apart from this the portal has no secure signing authority like verisign or thawte. This is simply unacceptable.Lots of poor peoples account are unsafe.We know rthe trick so we are safe what about others. The worst part is one of the contct-us page mail id bounces back. #shit #poor #irony On Wed, Jan 13, 2010 at 4:10 PM, Soi, Dhruv <[email protected]> wrote: Wow! Just to add further: Watch for: pnbindia.com <http://pnbindia.com/> pnbindia.in <http://pnbindia.in/> Can you see the difference? Dig and whois can be helpful and this link can add more: http://safeweb.norton.com/report/show?url=pnbindia.com. Though, Infected links seem to have removed. I have got some good links in PNB, let me help them out with this. Phish the Fish! ;-) From: [email protected] [mailto:[email protected]] On Behalf Of atul jha Sent: 13 January 2010 10:22 To: [email protected] Subject: [Owasp-delhi] Fwd: PNB phishing page. Morning all, Well moments ago saw this mail and its not marked as spam a crafted e-mail. I tried my best to contact PNB guys but unfortunately there was no link for phishing report on website of PNB. I am sure more than 100 customers must have been fooled so far submitting there credit card PIN. I have attached screenshot alongwith. ---------- Forwarded message ---------- From: Punjab National Bank <[email protected]> Date: 2010/1/13 Subject: Get your Refund Amount To: [email protected] You have get a Tax Refund on your Punjab National Bank MasterCard. Complete the formular, and get your Refund Tax. (Your Refund Amount Is 3200 rupees) Complete Formular bellow : http://lindsaysunley.eu/pnbindia/online.html Copyright Š 2010 - Punjab National Bank. All rights reserved. regards, atul jha -- www.atuljha.com <http://www.atuljha.com/> 9953555890 <-- is my new number. "Beer is proof that God loves us and wants us to be happy. " - Benjamin Franklin -- www.atuljha.com <http://www.atuljha.com/> 9953555890 <-- is my new number. "Beer is proof that God loves us and wants us to be happy. " - Benjamin Franklin _______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi -- Regards, Chintan Dave, LinkedIn Profile: http://www.linkedin.com/in/chintandave Blog:http://www.chintandave.com <http://www.chintandave.com/> _______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
