Facebook Phish – bestspace.be
Lets take a look at a facebook phish I received recently. I received this message from a friend:
XXXXX sent you a message.
Subject: Hi
“Look at bestspace.be”
I’ve included a screenshot of the site below, note that it looks like the facebook login page complete with poor spelling of “helps”.
bestspace.be
The form sends your stolen credentials back to bestspace.be for processing:
<form method=”POST” action=”/?login_attempt=1″>
Digging a little deeper we find this site is hosted onĀ 211.95.78.98 which hosts a few other malicious domains as well:
degunter.cn
daratop.cn
Doing a quick search for daratop.cn yields more hostile activity in the form of malware. Honeynet.cz has more information and so does the Malware Domains List.
The registrant of daratop.cn is steven_lucas_2000@yahoo.com, a couple of searches for this email reveals many different attacks that this individual has been involved in.
In closing, all of these sites are hostile and should be blocked and avoided.
