# facebook-authentication.secure-datalink.org — MALICIOUS > PhishDestroy identifies secure-datalink.org as a brand impersonation threat impersonating Facebook. Scanned by 21/95 security vendors and flagged by Google. ## Summary PhishDestroy identifies active brand impersonation on the domain secure-datalink.org designed to steal Facebook login credentials and compromise accounts. This high-risk site masquerades as Facebook’s authentication portal, tricking users into entering sensitive information that attackers harvest for account takeover, data theft, or crypto drainer campaigns. The domain leverages SSL encryption from Amazon to appear legitimate, but it is flagged by 21 out of 95 security vendors on VirusTotal and explicitly labeled by Google Safe Browsing as a social engineering attack. This domain is engineered for credential theft. It was registered through Amazon Registrar, Inc. on January 18, 2019, and currently resolves to IP address 54.195.100.142. The low entropy in the domain name—using 'secure-datalink' in place of 'facebook'—is a classic tactic to bypass spam filters and mimic legitimate security infrastructure. Such domains often spread via fake login pop-ups on compromised websites or through social media DMs. Given the age of the domain and the presence of a valid Amazon SSL certificate, it has likely been operational for years, exploiting user trust in recognizable registrars and certificate authorities. If you visited secure-datalink.org or entered any information, act immediately: change your Facebook password using a secure, trusted device, enable two-factor authentication, and scan your device with updated antivirus software. Avoid clicking any links or downloading files from this domain. Report the incident to Facebook and to PhishDestroy to help block further abuse. Stay vigilant—brands are frequently mimicked, and even seemingly legitimate domains can be traps. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) - Target brand: Facebook ## Domain Intelligence - Registered: 2019-01-18 13:51:11 - Registrar: Amazon Registrar, Inc. - IP: 54.195.100.142 ## Detection Status - VirusTotal: 21 vendors flagged - Google Safe Browsing: FLAGGED - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/6e02ed23-e4fc-4686-8040-b1f784212d99 - PhishDestroy: https://phishdestroy.io/domain/facebook-authentication.secure-datalink.org/ - LLM endpoint: https://phishdestroy.io/domain/facebook-authentication.secure-datalink.org/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/facebook-authentication.secure-datalink.org/ Last updated: 2026-03-23