It's already 2 days I saw the weird interface of unencrypted facebook page. Facebook phishing while using freegate, did freegate did this? or they have been hacked by someone or government to serve the phishing page? hmm no one knows about it 🙂
This happen yesterday August 30, 2013 when I open my facebook account, usually I always use the "remember me" feature that will store the cookies on our computer so we don't need to do log in process every time we open facebook. But yesterday is different, when I type facebook.com on browser address bar, the address not redirect to the https://facebook.com, but the page redirected to http://www.facebook.com.gos.saveinter.net/.
In this post we will try to analyze about this fake facebook page.
1. This is the interface screenshot when this morning I open facebook.com this morning.
see the URL carefully, it's not from facebook but from another domain called saveinter.net.
2. The second step we try to find out who is actually saveinter.net? after whoIS-ing on this web page http://whois.domaintools.com/saveinter.net, we got some information about this domain.
In the meta description written there the dongtaiwang (using the chinese character), it is the company that provide the Freegate. The logo in the website title is also the company that provide freegate for free.
3. Because I still can't believe that this freegate company doing facebook phishing to their users, I try to look at to servers stats and find out is it real the freegate?.
Ouch!! yes it come from freegate servers…
4. I still have the positive thinking, maybe there's someone who impersonating the freegate and act looks like them. So I try to check my public ip address when using freegate service by visiting whatismyipaddress.com web page.
5. Again….I still can't believe about all of this, I just says to myself that "I hope they are in different network address" 😛
Now I start to surf to http://whois.arin.net and check whether they are in the same network or different network. And here is the result.
Ouch!! yes they are the one who did facebook phishing on freegate network, on their own network.
Here is the video while we do the step by step checking the validity of the domain:
1. Watch carefully the address bar URL while you're surfing and browsing the website. If there's something wrong or mistype on the address bar URL, just leave it and do not continue.
2. For the facebook page that phished by freegate, you can bypass it by adding https:// to the prefix of the address, so it become https://www.facebook.com. Again…just make sure the address bar URL is correct.
3. Oops!! I've already input my username and password there 😛. Quickly change your username and password as soon as possible, and change all the password if your facebook password was the same with your e-mail password.
Hope it's useful 🙂