Twitter Phishing “Bad blog going around about you, heard or seen it yet?”

I received an unusual private message “Bad blog going around about you, heard or seen it yet?” from one of my followers. Unfortunately my follower fell into a traditional Twitter phishing and his account is surely now compromised.

As you can see in the screenshot the link point to ““, a domain name registered since the 2011-10-13 by “[email protected]“. The web site is hosted on in AS4134 ChinaNet GuiZhou Province and the hosting web server redirect you directly on ““.

HTTP/1.1 301 Moved Permanently
Server: nginx/1.0.6
Date: Sun, 16 Oct 2011 18:48:24 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
P3P: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"” domain name is registered since the 2011-09-23 by “yu zhang [email protected]“. The web site is hosted on in AS4134 China Telecom Yunnan Province. Some funny host name are hosted on the same name server than ““, like ““.

Accessing “” will redirect you to ““.

You will see this phishing page how is quiet good in term of design.

If you provide your login and password the form will post all your informations on “” and then redirect you to “” page, but it is to late.

If you access directly on the root directory of “” you will observe an chinese under-construction page 🙂