# facebookaccountrecovery.blogspot.com — MALICIOUS > PhishDestroy flags facebookaccountrecovery.blogspot.com: impostor login stealing Facebook credentials. VT score 19/95. Block now. ## Summary PhishDestroy identifies the domain facebookaccountrecovery.blogspot.com as an active brand-impersonation phishing campaign that lures users to a fake Facebook login page. The infrastructure is designed to harvest credentials under the guise of 'Account Recovery,' with no indication of a crypto drainer kit at this time. The domain resolves to 142.250.201.65 and uses a Google Trust Services SSL certificate to appear legitimate. This setup is typical of credential theft operations targeting social media users, particularly those seeking urgent account recovery options. Technical indicators show this domain was registered with a registrar not disclosed on VirusTotal; it currently scores 19/95 on VirusTotal with 19 security vendors flagging the page. The IP address 142.250.201.65 is part of the Google Cloud infrastructure, which highlights the abuse of reputable hosting to evade immediate blocking. Additional telemetry indicates the domain has been listed on multiple blocklists, confirming prior malicious reconnaissance. The domain’s recent creation aligns with its active operational period, and although classified as elevated risk, its prominence on blocklists suggests emergent exposure rather than long-term persistence. At this time, the campaign remains active with no takedown initiated based on current telemetry. Users attempting to access the domain are automatically routed to a fraudulent Facebook login interface designed to capture usernames and passwords. PhishDestroy advises immediate blocking of the domain at DNS and network levels, alongside user education to verify all login pages via official Facebook domains. While the risk level is elevated due to active distribution and moderate detection coverage, proactive blocking and user awareness can significantly mitigate exposure. Ongoing monitoring is required to assess whether this campaign evolves into a higher-risk credential harvesting or crypto-drainer operation. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Facebook ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 142.250.201.65 ## Detection Status - VirusTotal: 19 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b6f2196f-5bb6-474f-bc0e-b5be24cd86b5 - PhishDestroy: https://phishdestroy.io/domain/facebookaccountrecovery.blogspot.com/ - LLM endpoint: https://phishdestroy.io/domain/facebookaccountrecovery.blogspot.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/facebookaccountrecovery.blogspot.com/ Last updated: 2026-03-21