Find out who visits your Facebook profile: it is a fake, the link redirects to malicious websites
We have noted recently various messages posted by Facebook users that promote few methods to find out who visits your Facebook profile. At the end of the message there is a link to a Bit.ly shortened URL, as you can see from this image:
The shortened URL redirects the users to a malicious URL:
HTTP/1.1 301 Moved Server: nginx Date: Mon, 13 Feb 2012 23:18:08 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Set-Cookie: _bit=4f399a30-002d0-041e9-281cf10a;domain=.bit.ly;expires=Sat Aug 11 23:18:08 2012;path=/; HttpOnly Cache-control: private; max-age=90 Location: hxxp:// pabulums .info/nukiy.bnw MIME-Version: 1.0 Content-Length: 122 |
Extracted malicious URL:
hxxp:// pabulums .info/nukiy.bnw |
Domain details:
The website pabulums .info is hosted at SingleHop and its current IP address is 184.154.106.126 (r90.servebyte.com). The server machine is located in – (-) and in the same server there are hosted other 1 websites. The domain is registered with the suffix INFO and the name pabulums. The organization is Servebyte.
URLVoid report:
http://urlvoid.com/scan/pabulums.info
When the malicious URL is visited, there is a new redirect:
HTTP/1.1 302 OK Date: Mon, 13 Feb 2012 23:18:16 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Location: hxxp:// alexins .co.cc/170588/nukiy.bnw Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 786 |
Extracted malicious URL:
hxxp:// alexins .co.cc/170588/nukiy.bnw |
Domain details:
The website alexins .co.cc is hosted at SingleHop and its current IP address is 184.154.106.125 (r90.servebyte.com). The server machine is located in – (-) and in the same server there are hosted other 1 websites. The domain is registered with the suffix CO.CC and the name alexins. The organization is Servebyte.
URLVoid report:
http://urlvoid.com/scan/alexins.co.cc
Remember to do not click in unknown URLs, posted by known and unknown Facebook users, even if they are in your friends list. Most of the Facebook virus can hijack with javascript the login session and they can automatically put “Likes” on malicious Facebook pages or they can post a message containing malicious link in your profile or in the profile of all your friends, so pay attention when you click with the mouse!
