https://www.facebook.com/reel/999129036054145/?mibextid=Nif5oz
57.144.74.1 · Meta Platforms Ireland Limited
Ashburn, United States
10670 days
200 · 20.5s
Valid· DigiCert Global G2 TLS RSA SHA256 2020 CA1, DigiCert Inc, US
COMPLETED
Domain Intelligence: facebook.com
Scanned 9 times since Feb 17, 2026, 09:40 AM UTC
Registered-domain escalation
Submit facebook.com as the primary IOC, enriched with evidence from hostile subdomains like www.facebook.com.
No KB/IOK detections were recorded for this scan.
Social Media · 7/19/2026
The page presents Facebook branding and a login UI overlaid on a Facebook reel page, with two POST login endpoints and a visible login form including password fields. Despite the final URL being a Facebook domain, the screenshot and page structure suggest a credential-collection surface. The presence of a login form within a Facebook-like page on the official domain could indicate a phishing overlay or an impersonation variant, but the page content and network activity are consistent with legitimate Facebook behavior. Given the strong credential-related signals, this should be treated as potential credential phishing.
Capture
Stages: 2
Canonical: Settled Render
Changed: No
Credential Signals
Forms: 2
Password fields: 2
Late-stage login UI: No
Resource Signals
Resources: 74
Hosts: 8
Domains: 2
Suspicious Endpoints
hxxps://www[.]facebook[.]com/api/graphql/
hxxps://www[.]facebook[.]com/login/device-based/regular/login/?login_attempt=1
The scan shows a visible Facebook login UI within a Facebook reel context and credential collection signals (password field, login POSTs). While the domain and branding align with Facebook, the overlay could be part of a phishing attempt or a legitimate modal; however, the combination of credential fields and frequent authentication endpoints on the same domain increases the likelihood of a credential-collection surface. This warrants cautious handling and potential abuse reporting to monitor for misuse or impersonation, especially if unclear source of the overlay. Recommend heightened monitoring and prompt review of site context to confirm legitimate user flow versus spoofed surface.
Monitor