Forum
Comments:
-
- on Mon 25 Aug 2008
- 10:41:00 PM UTC
Re: Another bad PhishTank hit
It's this one. The rating should improve shortly.
Edit: That's an interesting domain name scheme they've got going there. At least if they want their customers to become phishing victims, I mean.
It looks like the domains onlinecreditcenterN.com where N = { 2, 3, 4, 6 } are all owned by General Electric, but onlinecreditcenter5.com might be owned by someone else? The site redirects here, but why would General Electric use "Domain Discreet" to register this particular domain?
On the other hand, geonlineservice.com, which is advertised on gemoney.com is also registered via "Domain Discreet", so perhaps they're all legit. Except for onlinecreditcenter1.com, of course, which is parked and definitely not owned by GE.
-
- on Mon 25 Aug 2008
- 11:16:11 PM UTC
Stupid naming indeed
You'd think they hadn't heard of load balancing techniques. It really is an invitation for a phisher to jump on.
I'll take a look at the PhishTank API docs if I get a chance. See if I can spot anything to make it more reliable. The false positives are a pain, but it may actually be worth getting them occasionally if it stops even one person getting caught by a real phishing site.
If this one was reviewed by them, they messed up big time. A few whois and dig queries were all it took to identify the site as legit.
Edit to add, verified by 5 people furrfu.
edit to add more: I guess some folks aren't following the rules. All GE domains are supposed to be registered by a central corporate office that keeps track of renewals and registers other TLDs for the domains. They should all look like the information you get for ge.com.
-
- on Mon 25 Aug 2008
- 11:29:07 PM UTC
Tis not PT's fault
Tis not PhishTank's fault ......... they actually work similar to WOT in that it's the users that verify whether the site is a phish or not.
In this case, it's actually not surprising that their domain was seen as a phish. Yes they do use HTTPS instead of HTTP, however, there is no indication for the average user, that the page is actually processing at the request of the company involved, all they'll see is that it's not on the domain it is supposed to be on.
Further to this, hiding the WhoIs is always seen as suspicious, especially when it comes to companies hiding it (individuals we can understand).
-
- on Tue 26 Aug 2008
- 07:52:53 AM UTC
Same here.
My site is http://www.orgres-f.ru ... Actually the site of maintainer of all *orgres* brand sites :). I browsed PhishTank and there is no phishing reports so fare... (Strange indeed)
Concurrent doing, I wonder. -
- on Tue 26 Aug 2008
- 01:12:44 PM UTC
... and you've
.... linked your domain here because? ..... it certainly doesn't appear in this thread .....
-
- on Tue 26 Aug 2008
- 04:14:41 PM UTC
Understandable mistake!
If I saw these domain names below,
(and especially in a phistank-context)
I too would suspect fraud at once:onlinecreditcenter1.com
onlinecreditcenter2.com
onlinecreditcenter3.com
Et cetera...If they all were registered by "Domain Discreet"
or similar, my suspicions would only increase.And if all these domains were also created yesterday,
or last week, I would be almost 99,9% sure...I think reviewers mistake is quite understandable,
and also such naming is outright stupid;
they are an open invitation to phishing...
Another bad PhishTank hit
Somebody needs to look at the importing of FishTank listings. Looks like another reputable financial site got turned red by FishTank. Onlinecreditcenter2 listing. It's owned by General Electric and does credit for JC Penney's.