To start with - Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
That said I don’t find it strange the page loading as only the infected element the fvrhaa.js file is blocked from download and not allowed to run. So the rest of the hotmail-login.html page will load.
What I would ask is what the hell is that site/page (hotmail-login.html) meant to be about as it is total gibberish and did you intentionally visit that page ?
What I would ask is what the hell is that site/page (hotmail-login.html) meant to be about as it is total gibberish and did you intentionally visit that page ?
yes, I get the same warning message, but when I click ok, the page loads, instead of aborting completely. That my only concern.
The link I got it by email.
Not sure of the relevance of the top picture at URLQuery as it isn’t for the same URL. It appears to be following a possible redirect from the hotmail-login.html and that can’t be found image2 (as this also looks old 2011-10-27).
I’m on about the actual content of the hotmail-login.html page as it is total cr4p and I would wonder what anyone would go there intentionally for.
@ mysstic
As I have already said:
That said I don't find it strange the page loading as only the infected element the fvrhaa.js file is blocked from download and not allowed to run. So the rest of the hotmail-login.html page will load.
Visiting links in unsolicited emails are a high risk activity, don’t open attachments of click on links in unsolicited emails, even if they supposedly come from friends, it is easy to fake the from address.
Yes, but it has nothing to do with the cr4p content that I’m talking about on the hotmail-login.html page and why anyone in their right mind would visit it.
So at mysstic has mentioned he clicked in the link in an email, perhaps it is time for a user name change for mysstic ;D
So the content on hotmail-login.html page is just filler cr4p, with the intent just to get people there and hit them with the javascript file (vt results). The other connect attempt isn’t what I’m on about and is a bit of a red herring as that site is down.