So, I work for a USG agency, and they're sticklers about things like code injection.

The 404 page for the base website (i.e. https://vdi.your.org  - the one that presents the client download or HTML login) apparently has code in it to include the "fake" page you asked for ( https://vdi.your.org/fake_page_call_212_555_1212_for_why ) in the 404 page presented.

Does anybody know where the code for this error is?