Find out who visits your Facebook profile: it is a fake, the link redirects to malicious websites

We have noted recently various messages posted by Facebook users that promote few methods to find out who visits your Facebook profile. At the end of the message there is a link to a Bit.ly shortened URL, as you can see from this image:

Facebook Dangerous URL

The shortened URL redirects the users to a malicious URL:

HTTP/1.1 301 Moved
Server: nginx
Date: Mon, 13 Feb 2012 23:18:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: _bit=4f399a30-002d0-041e9-281cf10a;domain=.bit.ly;expires=Sat Aug 11 23:18:08 2012;path=/; HttpOnly
Cache-control: private; max-age=90
Location: hxxp:// pabulums .info/nukiy.bnw
MIME-Version: 1.0
Content-Length: 122

Extracted malicious URL:

hxxp:// pabulums .info/nukiy.bnw

Domain details:

The website pabulums .info is hosted at SingleHop and its current IP address is 184.154.106.126 (r90.servebyte.com). The server machine is located in – (-) and in the same server there are hosted other 1 websites. The domain is registered with the suffix INFO and the name pabulums. The organization is Servebyte.

URLVoid report:

http://urlvoid.com/scan/pabulums.info

When the malicious URL is visited, there is a new redirect:

HTTP/1.1 302 OK
Date: Mon, 13 Feb 2012 23:18:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Location: hxxp:// alexins .co.cc/170588/nukiy.bnw
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 786

Extracted malicious URL:

hxxp:// alexins .co.cc/170588/nukiy.bnw

Domain details:

The website alexins .co.cc is hosted at SingleHop and its current IP address is 184.154.106.125 (r90.servebyte.com). The server machine is located in – (-) and in the same server there are hosted other 1 websites. The domain is registered with the suffix CO.CC and the name alexins. The organization is Servebyte.

URLVoid report:

http://urlvoid.com/scan/alexins.co.cc

Remember to do not click in unknown URLs, posted by known and unknown Facebook users, even if they are in your friends list. Most of the Facebook virus can hijack with javascript the login session and they can automatically put “Likes” on malicious Facebook pages or they can post a message containing malicious link in your profile or in the profile of all your friends, so pay attention when you click with the mouse!

Random Posts

Previous Posts