Jonathan sent me an e-mail earlier, refering a domain involved in phishing. This particular one however, contains several interesting aspects.
Most notably, it not only asks for your Facebook credentials, it also leads to what claims to be a legit software developer, and this "legit" developer, is offering a Conduit toolbar, claiming it to be a "Facebook toolbar". msbitsoftware.com is an Israel based firm, and had it not been for this, I'd have likely considered them legit.
Anyway, getting back to it, the first page you see, is veramigos.com, shown top left. This is the page that asks for your Facebook credentials. The "Free Download" for the Facebook toolbar, leads through Google/DoubleClick adverts;
Which leads you to;
This page leads to;
Current IP*: 188.8.131.52
IP PTR: server.veramigos.com
ASN: 32475 184.108.40.206/17 SINGLEHOP-INC - SingleHop
Current IP*: 220.127.116.11
IP PTR: trunghocpleiku.com
ASN: 20021 18.104.22.168/17 LNH-INC - HostMySite