# facebook-downloader.czhyk.biz.id — SUSPICIOUS

> Disguised as Facebook's downloader tool, this domain (resolving to 15.235.206.12) harvests credentials.

## Summary
Domain facebook-downloader.czhyk.biz.id is currently under active investigation for engaging in brand impersonation, specifically targeting Facebook users with a counterfeit downloader service. The site is confirmed active and operates under the guise of providing legitimate Facebook content extraction tools, luring victims into entering credentials or downloading malicious payloads. This deception is a direct attempt to exploit user trust in the Facebook brand for credential harvesting or malware distribution.  

This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis, indicating it has evaded immediate detection by most antivirus engines. The domain resolves to IP address 15.235.206.12 and is secured with a Let's Encrypt SSL certificate, which may enhance its perceived legitimacy. The seed identifier 6f3a78 correlates this domain to a broader campaign of brand impersonation scams, though detailed registrar or blocklist data remains unavailable. The lack of detections suggests this threat is either newly deployed or employs sophisticated evasion techniques to bypass initial security scans.  

Current status indicates this threat is active and evolving, with potential for escalation if undetected. Users are strongly advised to avoid interacting with this domain or any linked pages, particularly those requesting login credentials or downloads. Conduct a VirusTotal scan of the domain (0/95 detections as of analysis) to verify its status, and report the domain to relevant cybersecurity authorities or blocklist maintainers. Organizations should update firewall rules to block IP 15.235.206.12 and monitor network traffic for connections to this domain or its subdomains. Exercise heightened caution with domains offering free services tied to high-value brands like Facebook, as these are frequent vectors for credential theft and malware delivery.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Facebook

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 15.235.206.12

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3ba16acf-cc03-40a2-8984-9be3321e3673
- PhishDestroy: https://phishdestroy.io/domain/facebook-downloader.czhyk.biz.id/
- LLM endpoint: https://phishdestroy.io/domain/facebook-downloader.czhyk.biz.id/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/facebook-downloader.czhyk.biz.id/
Last updated: 2026-04-01