Have you been hacked?

I’ve returned from the long parental leave. Checking telemetry for this blog I noticed the new dependency call

Here is how it looks on Application map:

It scared me as there are no AJAXes in the blog. So my first thought - my blog was hacked.

Diving deeper - it is a call to http://api4.adsrun.net/post. Looks even scarier. Quick internet search showed that this is a malware installed on visitor’s computer. This malware injects malicious code into jquery script that browser loads. So apmtips.com is safe, it’s visitor’s computer has a security problem.

Looking into All available telemetry for this user session I found some details of the visitor. So if you are visiting from the city of Sangli in India using Firefox - check your computer for malware.