# facebook.order81923712831901.shop — SUSPICIOUS

> Domain facebook.order81923712831901.shop impersonates Facebook with a fake login page. Resolves to IP 188.114.96.3. Users should avoid entering credentials.

## Summary
Domain facebook.order81923712831901.shop has been flagged for brand impersonation targeting Facebook users. This active scam hosts a fake login page designed to harvest credentials and sensitive data under the guise of a legitimate Facebook portal. The threat is immediate, as unsuspecting users may input their login details, exposing themselves to account takeovers and further social engineering attacks. The domain was seeded under identifier 1022cc, indicating a tracked pattern of abuse.  

This domain exhibits multiple red flags consistent with malicious activity. It resolves to IP address 188.114.96.3 and utilizes a Let’s Encrypt SSL certificate to appear legitimate. VirusTotal currently reports 0/95 detections, suggesting it has not yet been widely flagged, though this is common with newly deployed infrastructure. The domain is registered under a privacy-protected registrar with no public creation date visible, and it remains absent from major blocklists like Google Safe Browsing and PhishTank at the time of writing. Trust scores from domain intelligence platforms (e.g., Cisco Talos, Spamhaus) are not available or indicate low reputation, reinforcing its suspicious nature.  

To mitigate risk, users must immediately cease any interaction with this domain, including clicking links or entering credentials. Organizations should block the domain at DNS and network levels using threat intelligence feeds. Employees and the public should be alerted to this scam via internal communications, emphasizing verification of URLs before login. Consider reporting the domain to Facebook’s abuse team and to cybersecurity platforms like VirusTotal or PhishTank to accelerate takedown. Monitor network traffic for connections to 188.114.96.3 or related infrastructure. Proactive domain monitoring and user training remain critical defenses against evolving impersonation tactics.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Facebook

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/321738f4-df09-42ea-ad9d-20769a9c04a1
- PhishDestroy: https://phishdestroy.io/domain/facebook.order81923712831901.shop/
- LLM endpoint: https://phishdestroy.io/domain/facebook.order81923712831901.shop/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/facebook.order81923712831901.shop/
Last updated: 2026-04-01