# facebook.gapesta.my.id — MALICIOUS > Beware: fake Facebook login at facebook.gapesta.my.id is harvesting credentials. VirusTotal flags 21 of 95 engines. Verify this site on PhishDestroy. ## Summary PhishDestroy identifies facebook.gapesta.my.id as a live fake Facebook login portal engineered to steal user credentials. Visitors are presented with a convincing clone of the official Facebook sign-in interface that captures entered email and password pairs and immediately relays them to a backend controlled by the threat actor. Security researchers observed this domain resolving to 128.199.207.95 and serving a valid Let’s Encrypt SSL certificate, tactics that increase perceived legitimacy among unsuspecting users. Blocklist aggregation shows that 21 of 95 VirusTotal security vendors currently flag the page, and Google Safe Browsing lists the domain under the SOCIAL_ENGINEERING category, confirming active abuse for credential theft. This domain was flagged by PhishDestroy immediately upon detection on seed 20c4f6. Registrar details point to a privacy-protected shell entity that obscures true ownership; creation records indicate the site went live within the past 90 days, allowing the threat actor to operate below typical detection thresholds for brand-impersonation campaigns. The site’s infrastructure sits behind shared hosting in an IP range previously associated with credential-phishing clusters, reinforcing the likelihood of coordinated malicious activity. Despite the SSL certificate appearing legitimate, the mismatch between the domain name and the official facebook.com namespace serves as the clearest indicator of fraudulent intent. Users who visited facebook.gapesta.my.id should assume their Facebook credentials—if entered—are compromised and reset the password immediately via the official site at facebook.com using a clean device and network. Enable two-factor authentication if not already active, revoke any unfamiliar sessions under Settings > Security, and scan local machines for keyloggers or browser extensions that may have captured further personal data. Report the incident to Facebook’s phishing portal and consider changing passwords on other accounts that share the same or similar credentials. PhishDestroy advises verifying any questionable link by hovering to confirm the destination before interaction. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Facebook ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 128.199.207.95 ## Detection Status - VirusTotal: 21 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/faa7d775-3109-48f1-a7a8-bee2ed1ebb76 - PhishDestroy: https://phishdestroy.io/domain/facebook.gapesta.my.id/ - LLM endpoint: https://phishdestroy.io/domain/facebook.gapesta.my.id/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/facebook.gapesta.my.id/ Last updated: 2026-03-24