Facebook hellocdn.html?v=1 browser popup. Not a virus.

-
tl;dr Not a virus. Its popup from Facebook Messenger application to ping the CDN.

-----

I noticed that from time to time, especially when my left comp is idle overnight, I'll have these blank pages opened in my browser window the next day.

https://fbcdn-creative-a.akamaihd.net/hads-ak-prn1/hellocdn.html?v=1

My first thought was like... gosh, is there's malware on my comp? Then I started to inspect my comp.

First Question. Is the CDN address valid?

Did a search on the list of CDN addresses and found this stackoverflow page. Seems like its "fbcdn-creative-a.akamaihd.net" is one of the Facebook CDN. Furthermore, akamaihd.net is a reliable CDN provider.

Next Question. If the CDN address is valid, could it be that Facebook CDN got compromised?

So I inspect the page elements, and resources (js files).


Seems like pretty OK, the URL that the script call is actually defined in the "result_endpoint " variable.
// hardcode the return url var result_endpoint = "https://www.facebook.com/hellocdn/results";

More Google Searches

According to nerdanswer and reddit, seems like there are others who faced this issue as well. As few of them confirmed that its caused by Facebook Messenger application.

I've also found a couple of suspicious post that tells visitors that this is caused by virus, and suggest them to install some other "antivirus" to remove the "virus".
Well, you shouldn't trust any antivirus other than Microsoft Security Essentials (MSE). Any maybe AVG, and Norton. But I would recommend MSE, for various reasons.


Conclusion

So all good!

Hope this helps!


Comments

Post a Comment

Popular posts from this blog

[Azure Websites PHP] Cross Domain request results in blank response page after Preflight HTTP OPTIONS

-
Image
THE PROBLEM I've deployed a REST API application ( CodeIgniter with Phil Sturgeon's Rest-Server library ) on Azure Websites. Although I've set the Access-Control-* header in my PHP application: header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept'); (If you need a working test file, here's the gist for the test file) But Azure Websites server doesn't return the headers in response. And thus all requests to the server failed with the error message: Origin http://example.azurewebsites.net is not allowed by Access-Control-Allow-Origin.   In order to make sure there's no problem with my application, I've deployed the same code to Appfog.com . And as expected, the application works just fine. The same application d
Read more

[Magento] Create Contact Form with Dynamic Recipient

-
There are many ways of creating contact forms to email to multiple recipient. I'm going to describe a way that uses Javascript a the frontend to change the target recipient. Advantage of this method: Easy to add in new emails in the future. Disadvantage of this method: For those who are particularly concern email privacy, you might not want to use this method. You can modify the email checking to the backend (controller) instead. Okay enough talking, lets get started. Step 1: Set up HTML form fields I'm going to use an example of drop down select to change the email. Of course, this is fairly easy to modify with other forms as well. Open up app/design/frontend/default/<theme>/template/contacts/contacts.phtml Insert the following snippets anywhere between the <form>...</form> tag. <select name="interest" id="interest" title="<?php echo Mage::helper('contacts')->__('Please select department t
Read more