benign trace
Understanding of the trace
1. BRM1 has a hidden operation which is to send a cross-domain message from Facebook domain to livingsocial.com/login page. The message contains
access_token, and the secret token
signed_request. Upon receiving the message, livingsocial.com/login writes access_token, signed_request, along with other data into a cookie field
fbls_48187595837, in which the number part is the relying party website's ID. In addition, it also creates another cookie field
fbsr_48187595837, which stores another secret.