# authfacebook.hb.gwfaoli.com — MALICIOUS

> Beware of authfacebook.hb.gwfaoli.com phishing site flagged for social engineering. Avoid sharing credentials or personal info on this fake Facebook login page.

## Summary
PhishDestroy identifies authfacebook.hb.gwfaoli.com as a high-risk phishing domain designed to deceive users into revealing sensitive information. This domain was created recently, on February 15, 2026, and is registered through IONOS SE. Google Safe Browsing has flagged it for social engineering, indicating it attempts to trick users into unsafe actions.

This phishing campaign works by mimicking Facebook’s authentication interface to steal login credentials. When users visit authfacebook.hb.gwfaoli.com, they are likely prompted to enter their Facebook username and password, which attackers then capture for unauthorized access or further exploitation. The domain currently resolves to IP address 216.250.125.37 and is detected by 13 out of 95 security vendors on VirusTotal, confirming its malicious intent.

If you have visited this site, immediately change your Facebook password and enable multi-factor authentication. Monitor your accounts for suspicious activity and avoid clicking on links from unknown or suspicious sources. Reporting this domain to your IT department or cybersecurity provider can help contain its spread and protect others from falling victim.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 530)
- Page title: Facebook - log in or sign up

## Domain Intelligence
- Registered: 2026-03-06 11:07:01
- Registrar: IONOS SE
- Country: DE
- IP: 216.250.125.37
- IP Country: US
- IP City: Kansas City
- IP Org: AS8560 IONOS SE
- Nameservers: ["ns1.fanoermano.info", "ns2.fanoermano.info"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 13 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "Ermes", "Emsisoft", "Fortinet", "G-Data", "Google Safebrowsing", "Kaspersky", "Mimecast", "Netcraft", "Sophos", "Trustwave"]
- Google Safe Browsing: FLAGGED
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc284-5039-732f-a99f-d3cd5d9c37ad.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/authfacebook.hb.gwfaoli.com
- Wayback Machine: https://web.archive.org/web/https://authfacebook.hb.gwfaoli.com
- PhishDestroy: https://phishdestroy.io/domain/authfacebook.hb.gwfaoli.com/
- LLM endpoint: https://phishdestroy.io/domain/authfacebook.hb.gwfaoli.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/authfacebook.hb.gwfaoli.com/
Last updated: 2026-03-16