{"report_id":"1c0f8345-fa11-4161-9b26-d135b2bc3530","version":6,"status":"done","tags":[],"date":"2026-04-14T20:04:43Z","url":{"schema":"https","addr":"facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","fqdn":"facebook-authentication.secure-datalink.org","domain":"secure-datalink.org","tld":"org"},"ip":{"addr":"99.81.53.186","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"final":{"url":{"schema":"https","addr":"facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","fqdn":"facebook-authentication.secure-datalink.org","domain":"secure-datalink.org","tld":"org"},"title":"Facebook Login","dom":{"size":11388,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1109)","md5":"0844d1438003f0438c24781ce76b802b","sha1":"3e96d921f57a396380018cdd2301c423c00116ab","sha256":"e9abf4374e8f1342724f4557e5738a987d1a689c75ea3e99619d50f12ab4cd2b","sha512":"ed51af97fc5c28c5fba271e97ea0c711608ec0c607b76876962218ffad97425f0aec9cc1a902642be045e93a548b21f61f1bd194155381713b83df9c8183ad92","ssdeep":"192:JJ0PA70RPYAUsIjrqREJkqKp3wlqFILIMI/ICIaIWDIkIAIuI4I5IfEIKIQITICN:gRUtyDZ40","tlshash":"9f3235399582260a653a64fcfe52bfabc273413647110ff0aba91577f24dab018b43dd","dom_hash":"domhashc1da1ee02997f106aa25903b0a1add59","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","fqdn":"facebook-authentication.secure-datalink.org","domain":"secure-datalink.org","tld":"org"},"ip":{"addr":"99.81.53.186","port":0,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-19T20:04:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-14","alert":"Phishing Block","trigger":"facebook-authentication.secure-datalink.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"facebook-authentication.secure-datalink.org","ip":{"addr":"54.228.132.16","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2019-01-18","domain_rank":0,"first_seen":"2025-12-29T19:13:01.270539Z","last_seen":"2026-04-08T21:07:51.107111Z","alert_count":15,"request_count":3,"received_data":16605,"sent_data":1835,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.infosecinstitute.com","ip":{"addr":"23.44.35.228","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2003-10-17","domain_rank":740533,"first_seen":"2017-01-30T05:56:32Z","last_seen":"2026-04-08T21:07:50.781534Z","alert_count":0,"request_count":1,"received_data":1507,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"Akamai Bot Manager","description":"Akamai Bot Manager detect bots using device fingerprinting bot signatures.","website":"https://www.akamai.com/us/en/products/security/bot-manager.jsp","common_platform_enumeration":"","icon":"Akamai.svg","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","fqdn":"facebook-authentication.secure-datalink.org","domain":"secure-datalink.org","tld":"org"},"ip":{"addr":"54.228.132.16","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"introduction_type":"scriptElement","is_inline":true,"md5":"a4087294d08b2a96a079dfe0deb7010b","sha1":"3c7d145f4f4229812e7f7c4354efd36e6fa6d4e0","sha256":"d419084917713042dfebc6df5317ea85da573bb07339a8dd0f321344440369b4","sha512":"cc4b14cc909f12c2fbb3c2ef0ff64cc57fc893363f223459b01dd9adac4d50b6a9c77a427bd83abbc6612987f80d4ce6a6ac53887b891cdc720913ce3e83bcd8","ssdeep":"","tlshash":"25d02ba7257204b04bdb622e934babc83272249b184460143e0d8e249f64a6b51a6685","size":282,"data":"","first_seen":"2026-03-31T15:03:09.993216Z","last_seen":"2026-04-14T20:04:43.982575Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","fqdn":"facebook-authentication.secure-datalink.org","domain":"secure-datalink.org","tld":"org"},"ip":{"addr":"54.228.132.16","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-14T20:04:21.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"secure-datalink.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 22 Sep 2025 00:00:00 GMT","end":"Wed, 21 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CF:A6:DA:48:4B:C0:2F:FD:7F:F0:A1:C0:B1:32:E8:9C:9A:3C:D5:86","sha256":"19:CE:3E:E9:A5:CB:74:A8:E1:E4:29:A7:12:B8:DA:C6:34:B4:8A:40:06:6E:7D:AB:83:03:0B:44:45:74:98:3A"}}},"request":{"raw":"GET /landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919 HTTP/1.1\r\nHost: facebook-authentication.secure-datalink.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 14 Apr 2026 20:04:21 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: nginx\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: unsafe-url\r\nset-cookie: csrf=SrKvAJxL88ZD6o%2F2sNTJyGJhZDM2Y2EzYTY3YWQ5ODEwOGIzNGFkZjkwY2NlNDQ0ZGMxYTgwMWU%3D; path=/; secure\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11436,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1113)","md5":"d81e98d9ae056f2963e5139b3f653f6a","sha1":"f5c8a558093ba6f15437f0d0b24a562ff94f66df","sha256":"867075803ef9e236a8a679c364ec801c8f6f0ed1329ef9759da3ab94c923c5d9","sha512":"7e98e85b6b00510510452d3a32b0afe7b9949d813210e6e6b5b14711560e652ed45eac6a99da25f83904f797dd8d8316cd09cd297cc0db7203295eda55cb01e6","ssdeep":"192:+J0sA70RP5APsI2rq8dJkq0p3wlUFILIMI/ICIaIWDIkIAIuI4I5IfEIKIQITICd:w4PU+DZ4g","tlshash":"f33236399582260a653aa4fcfd61bfabc273413647110ff0aba91577f24dab01cb42dd","first_seen":"2026-03-31T15:03:09.991185Z","last_seen":"2026-04-14T20:04:43.975891Z","times_seen":2,"resource_available":true,"data":null}},"time_used":389,"timings":{"blocked":132,"dns":26,"connect":33,"send":0,"wait":124,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-14","alert":"Phishing Block","trigger":"facebook-authentication.secure-datalink.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.infosecinstitute.com/uploads/general/facebook-logo.png","fqdn":"www.infosecinstitute.com","domain":"infosecinstitute.com","tld":"com"},"ip":{"addr":"23.44.35.228","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","date":"2026-04-14T20:04:21.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.infosecinstitute.com","organization":"Cengage Learning, Inc."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 12 May 2025 00:00:00 GMT","end":"Mon, 11 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"4C:CC:0B:88:07:64:10:80:07:EC:6C:E9:C6:88:98:94:FF:24:10:E0","sha256":"F9:4B:E9:3A:3C:4B:4F:2F:09:B1:74:92:57:19:B0:80:57:95:91:D9:46:83:A2:DE:C7:0A:71:0F:0E:00:8F:E3"}}},"request":{"raw":"GET /uploads/general/facebook-logo.png HTTP/1.1\r\nHost: www.infosecinstitute.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://facebook-authentication.secure-datalink.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: gzip\r\nlocation: https://www.infosecinstitute.com/errorhandler/?statusCode=404\r\npragma: no-cache\r\nrequest-context: appId=cid-v1:12416fc2-9765-4494-b701-a7b09395914a\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\ncontent-security-policy: frame-ancestors 'self' www.ed2go.com; upgrade-insecure-requests;\r\ncf-cache-status: MISS\r\nvary: Accept-Encoding\r\ncf-ray: 9ec551b60ae34b49-BOS\r\ncontent-length: 19581\r\ncache-control: no-cache, no-store\r\ndate: Tue, 14 Apr 2026 20:04:22 GMT\r\nserver-timing: cdn-cache; desc=MISS, edge; dur=511, origin; dur=343, ak_p; desc=\"1776197061562_388255492_168054926_85243_9155_1_32_12\";dur=1\r\nalt-svc: h3=\":443\"; ma=93600\r\nstrict-transport-security: max-age=15768000 ; includeSubDomains ; preload\r\nakamai-grn: 0.044f2417.1776197061.a04508e\r\nset-cookie: ak_bmsc=3837DBEBF682B9E31E6796205C4DE049~000000000000000000000000000000~YAAQBE8kFy+PDX+dAQAAOU+YjR9pKFi8ypthi+c7nfMrb/JH622wlTrkGrK5cG4b5/JwfEdUYH1KgyUBTS6f1XAINGTg0lQjneM/f/2+lWldIWVFPyAHAoMC9TPzEM37OYLlS8RT/I3CiuNtAty+vkva6oHIZIlIKCKil2Bt9P6znbD0cSeijcSjtxOBtK0ujIkJIDVd4qdcg3f5/cJVx3Z+A2QrMM3qcORet+6OBdzZhZzRjd6sb1vFNlC41jQ2bP0RHZKwbwXL5Nc4hJ0DZA8EaOmmtPmEvefck4LD1JPaJ5FdSn7e+8xbVbZarv3iK4BqRUcUVR/8H3mjFrzyjKiZLCUETIz8yLwuHy8oOGnHpQu440RlMcIh2ipKJazDstgvIEHMco+PQ4/EZCW3Ab0wn0s=; Domain=.infosecinstitute.com; Path=/; Expires=Tue, 14 Apr 2026 22:04:21 GMT; Max-Age=7199; HttpOnly\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Akamai Bot Manager","description":"Akamai Bot Manager detect bots using device fingerprinting bot signatures.","website":"https://www.akamai.com/us/en/products/security/bot-manager.jsp","common_platform_enumeration":"","icon":"Akamai.svg","categories":["Security"]},{"name":"Akamai","description":"Akamai is global content delivery network (CDN) services provider for media and software delivery, and cloud security solutions.","website":"https://akamai.com","common_platform_enumeration":"","icon":"Akamai.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-14T23:55:33.269117Z","times_seen":13761163,"resource_available":true,"data":null}},"time_used":1122,"timings":{"blocked":127,"dns":94,"connect":1,"send":0,"wait":865,"receive":1,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"facebook-authentication.secure-datalink.org/css/data-entry.css","fqdn":"facebook-authentication.secure-datalink.org","domain":"secure-datalink.org","tld":"org"},"ip":{"addr":"54.228.132.16","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","date":"2026-04-14T20:04:21.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"secure-datalink.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 22 Sep 2025 00:00:00 GMT","end":"Wed, 21 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CF:A6:DA:48:4B:C0:2F:FD:7F:F0:A1:C0:B1:32:E8:9C:9A:3C:D5:86","sha256":"19:CE:3E:E9:A5:CB:74:A8:E1:E4:29:A7:12:B8:DA:C6:34:B4:8A:40:06:6E:7D:AB:83:03:0B:44:45:74:98:3A"}}},"request":{"raw":"GET /css/data-entry.css HTTP/1.1\r\nHost: facebook-authentication.secure-datalink.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: csrf=SrKvAJxL88ZD6o%2F2sNTJyGJhZDM2Y2EzYTY3YWQ5ODEwOGIzNGFkZjkwY2NlNDQ0ZGMxYTgwMWU%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 14 Apr 2026 20:04:21 GMT\r\ncontent-type: text/css\r\ncontent-length: 3937\r\nserver: nginx\r\nlast-modified: Tue, 14 Apr 2026 10:20:17 GMT\r\netag: \"69de14e1-f61\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3937,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3936)","md5":"c800d6fca6ae0c7fe49ed1716a705728","sha1":"a2b1fd8e4ae83555e91ee84b8a17b2f9cd4edaa6","sha256":"ed326405b9a515973dff807c04e2be725b5205b1d8837f8dc7b0b3ee8200410f","sha512":"e54060036476b29f6e2563278024a852ac173fd7db943481ff131815275db0705eeec0fd0d8345fc97ecc27b688c36c14344c9e6ef6779f906c868ce6c7c4450","ssdeep":"","tlshash":"bf8130677e28221db527861edced129963347511b7570beffc94e2248bcede23427a02","first_seen":"2026-04-10T13:57:58.41037Z","last_seen":"2026-04-14T20:04:43.980466Z","times_seen":23,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-14","alert":"Phishing Block","trigger":"facebook-authentication.secure-datalink.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"facebook-authentication.secure-datalink.org/favicon.ico","fqdn":"facebook-authentication.secure-datalink.org","domain":"secure-datalink.org","tld":"org"},"ip":{"addr":"54.228.132.16","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919","date":"2026-04-14T20:04:21.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"secure-datalink.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 22 Sep 2025 00:00:00 GMT","end":"Wed, 21 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CF:A6:DA:48:4B:C0:2F:FD:7F:F0:A1:C0:B1:32:E8:9C:9A:3C:D5:86","sha256":"19:CE:3E:E9:A5:CB:74:A8:E1:E4:29:A7:12:B8:DA:C6:34:B4:8A:40:06:6E:7D:AB:83:03:0B:44:45:74:98:3A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: facebook-authentication.secure-datalink.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://facebook-authentication.secure-datalink.org/landing/form/153b78e5-1561-4e47-bbfe-9b95859a1919\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: csrf=SrKvAJxL88ZD6o%2F2sNTJyGJhZDM2Y2EzYTY3YWQ5ODEwOGIzNGFkZjkwY2NlNDQ0ZGMxYTgwMWU%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Tue, 14 Apr 2026 20:04:21 GMT\r\ncontent-type: text/html\r\nserver: nginx\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-14T23:53:09.587944Z","times_seen":487793,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-14","alert":"Phishing Block","trigger":"facebook-authentication.secure-datalink.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-14","alert":"Sinkholed","trigger":"facebook-authentication.secure-datalink.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}