# facedook.services — MALICIOUS

> Facedook.services is actively engaged in high-risk phishing attacks. Stay alert and verify website safety before sharing sensitive info.

## Summary
PhishDestroy has identified facedook.services as a high-risk generic phishing domain actively targeting unsuspecting users. The phishing page is titled "Security Check," a common tactic to deceive victims into submitting personal or login information. The domain impersonates popular social media branding to increase legitimacy, triggering warnings from Google Safe Browsing under the SOCIAL_ENGINEERING category.

Technical analysis reveals that facedook.services resolves to IP address 43.205.243.177. VirusTotal data indicates that 25 out of 95 security vendors detect malicious activity associated with this domain, reinforcing its classification as a credible threat. Its infrastructure and phishing kit signatures align with known patterns used to harvest credentials or distribute malware. The domain's registration details and hosting environment further support the likelihood of ongoing malicious campaigns leveraging this site.

Currently, facedook.services remains active and continues to pose a significant risk. PhishDestroy recommends blocking access to this domain and monitoring related IP addresses for suspicious activity. Researchers and users should exercise caution and verify URLs carefully. Ongoing monitoring and threat intelligence sharing will be critical to mitigating the impact of this persistent phishing operation.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Security Check

## Domain Intelligence
- Registered: 2026-03-10 13:07:01
- IP: 43.205.243.177
- IP Country: IN
- IP City: Mumbai
- IP Org: AS16509 Amazon.com, Inc.
- Nameservers: ns69.domaincontrol.com ns70.domaincontrol.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 26 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "Certego", "Chong Lua Dao", "Cluster25", "CRDF", "CyRadar", "Ermes", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "Seclookup", "SOCRadar", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd79a-6e0c-734d-9fce-a44b4e688290.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/f646102d-0877-4576-a290-1ceeca685565
- PhishDestroy: https://phishdestroy.io/domain/facedook.services/
- LLM endpoint: https://phishdestroy.io/domain/facedook.services/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/facedook.services/
Last updated: 2026-03-19