Stunner, a page from Facebook, posted about Friendster being back on social media. Thousands of people have already signed up for the “new” Friendster. However, CERT-PH has assessed that the said website is possibly used for phishing.
______________________________
A. Nature of the Attack
The “new” Friendster appears to be a legitimate website but upon initial investigation, the current IP address hosting the website (23.106.120.84) had previous reports about phishing, brute force and DDoS attacks, hacking, and host exploitations. The link provided in the post uses a non-popular top-level domain (.click). Also, it does not include an “About Us” page which could tell who developed the website. Furthermore, the website uses WordPress for its main service, which is not used for social networking platforms since it is a content management system.
Having said that, there is a possibility that the said website is being used for phishing.
______________________________
B. Indicators of Compromise
List of Indicators of Compromise:
- IP address of the domain: 23.106.120.84
- See links for more information:
- <https://www.virustotal.com/gui/ip-address/23.106.120.84>
- <https://www.abuseipdb.com/check/23.106.120.84>
- See links for more information:
- Domain: friendster.click
- See link for more information:
______________________________
C. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Do not click suspicious links to avoid future potential threats.
- Do not register to this website because your data may be compromised.
- In addition, providing and capacitating employees with cybersecurity knowledge and information to minimize threats.