Scanned pages/files
| Request | Server response | Status |
http://ponylane.com/ | 200 OK Content-Length: 67898 Content-Type: text/html | clean |
http://lite.piclens.com/current/piclens_optimized.js | 200 OK Content-Length: 21750 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/photosmash-galleries/js/bwbps.js?ver=1.0 | 200 OK Content-Length: 26896 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/photosmash-galleries/js/star.rating.js?ver=1.0 | 200 OK Content-Length: 9634 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/adsense-click-fraud-monitoring/js/checkclicks.js?ver=3.7.1 | 200 OK Content-Length: 49 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/adsense-click-fraud-monitoring/js/updateclicks.js?ver=3.7.1 | 200 OK Content-Length: 52 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/featured-posts-grid/js/fpg.js.php?ver=3.7.1 | 200 OK Content-Length: 8080 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var FeaturedPostsLib = this.FeaturedPostsLib || {}; FeaturedPostsLib.fpg = FeaturedPostsLib.fpg || {}; (function($j) { var animationLocked = new Array(); var autoscrollInterval = new Array(); FeaturedPostsLib.fpg.init = function() { $j('.fpg-wrapper').each(function() { $j(this).children('.fpg-page').slice(1).find('.fpg-item').css( {'margin-top':'3px','opacity':0.0}) { nextItem = $j(itemToShow).prev('.fpg-item'); } if (nextItem.length >0 ) fpgFadeInItems(nextItem, dir, callback); else callback(); } } ); } }(jQuery)) jQuery(document).ready(FeaturedPostsLib.fpg.init); Antivirus reports:
| ||
http://ponylane.com/wp-content/plugins/adsense-click-fraud-monitoring/js/check_min.js?ver=3.7.1 | 200 OK Content-Length: 13658 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/buddypress/bp-templates/bp-legacy/js/buddypress.js?ver=1.8.1 | 200 OK Content-Length: 54933 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/responsive-lightbox/assets/prettyphoto/js/jquery.prettyPhoto.js?ver=3.7.1 | 200 OK Content-Length: 22066 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/responsive-lightbox/js/front.js?ver=3.7.1 | 200 OK Content-Length: 4291 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/gravityforms/js/jquery.json-1.3.js?ver=1.7.12 | 200 OK Content-Length: 4884 Content-Type: application/x-javascript | clean |
http://ponylane.com/wp-content/plugins/gravityforms/js/gravityforms.js?ver=1.7.12 | 200 OK Content-Length: 32396 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ponylane.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=530337
Connection: close
Date: Thu, 11 Sep 2014 05:38:37 GMT
Accept-Ranges: bytes
ETag: "1093a-5029e206339a9"
Server: Apache/2.2.15 (CentOS) DAV/2 mod_fcgid/2.3.7 PHP/5.4.24
Vary: Accept-Encoding,Cookie
Content-Length: 67898
Content-Type: text/html; charset=UTF-8
Expires: Wed, 17 Sep 2014 08:57:35 GMT
Last-Modified: Tue, 09 Sep 2014 08:57:35 GMT
X-Pingback: http://ponylane.com/xmlrpc.php
...67898 bytes of data.
GET / HTTP/1.1
Host: ponylane.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=530337
Connection: close
Date: Thu, 11 Sep 2014 05:38:37 GMT
Accept-Ranges: bytes
ETag: "1093a-5029e206339a9"
Server: Apache/2.2.15 (CentOS) DAV/2 mod_fcgid/2.3.7 PHP/5.4.24
Vary: Accept-Encoding,Cookie
Content-Length: 67898
Content-Type: text/html; charset=UTF-8
Expires: Wed, 17 Sep 2014 08:57:35 GMT
Last-Modified: Tue, 09 Sep 2014 08:57:35 GMT
X-Pingback: http://ponylane.com/xmlrpc.php
...67898 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ponylane.com
Referer: http://www.google.com/search?q=ponylane.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ponylane.com
Referer: http://www.google.com/search?q=ponylane.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ponylane.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ponylane.com/
Result: ponylane.com is not infected or malware details are not published yet.
Result: ponylane.com is not infected or malware details are not published yet.