# auth.facebook.agmteknik.com — MALICIOUS

> auth.facebook.agmteknik.com is a high-risk phishing domain. Avoid entering credentials and verify site authenticity immediately.

## Summary
PhishDestroy identifies auth.facebook.agmteknik.com as a high-risk phishing domain designed to impersonate Facebook authentication portals. This generic phishing threat aims to steal user credentials by mimicking legitimate login interfaces, potentially compromising sensitive personal and financial information. The domain’s suspicious nature is amplified by its recent creation date and deceptive naming structure that falsely suggests affiliation with Facebook.

Technically, auth.facebook.agmteknik.com was registered on December 22, 2025, using Cloudflare, Inc. as the registrar, which is commonly leveraged by malicious actors for anonymity and fast domain setup. The domain resolves to IP address 185.107.74.34. VirusTotal analysis reveals 15 out of 95 security vendors flag this domain for malicious activity, underscoring its threat potential. The use of a subdomain within a non-Facebook controlled domain further indicates a crafted attempt to mislead victims.

Currently, this domain remains active and poses a significant risk to users attempting to access Facebook services. PhishDestroy strongly advises against interacting with or submitting any personal information on auth.facebook.agmteknik.com. Users should verify official URLs, enable multi-factor authentication, and report suspected phishing attempts to appropriate security teams. Continuous monitoring and domain blocking measures are recommended to mitigate exposure to this ongoing threat.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: 404 Not Found

## Domain Intelligence
- Registered: 2026-03-06 13:07:01
- Registrar: Cloudflare, Inc.
- Country: US
- IP: 185.107.74.34
- IP Country: SE
- IP City: Stockholm
- IP Org: AS200430 WEBO LLC
- Nameservers: ["bonnie.ns.cloudflare.com", "woz.ns.cloudflare.com"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "Ermes", "ESET", "Emsisoft", "Fortinet", "G-Data", "Kaspersky", "Lionic", "Netcraft", "Seclookup", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc31c-70be-70b2-a412-c1f0e71c7c89.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/auth.facebook.agmteknik.com
- Wayback Machine: https://web.archive.org/web/https://auth.facebook.agmteknik.com
- PhishDestroy: https://phishdestroy.io/domain/auth.facebook.agmteknik.com/
- LLM endpoint: https://phishdestroy.io/domain/auth.facebook.agmteknik.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/auth.facebook.agmteknik.com/
Last updated: 2026-03-19