Scanned pages/files
| Request | Server response | Status |
http://www.pumptec.com/ | 200 OK Content-Length: 12777 Content-Type: text/html | clean |
http://www.pumptec.com/media/js/ea85b6785b753281e9b0743a2e9e2eee.js | 200 OK Content-Length: 300838 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Prototype = { Version: '1.7', Browser: (function(){ var ua = navigator.userAgent; var isOpera = Object.prototype.toString.call(window.opera) == '[object Opera]'; return { IE: !!window.attachEvent && !isOpera, Opera: isOpera, WebKit: ua.indexOf('AppleWebKit/') > -1, Gecko: ua.indexOf('Gecko') > -1 && ua.indexOf('KHTML') === -1, MobileSafari: /Appl onFailure: this._boundFailureHandler }); new Ajax.Updater({ success: this.element }, this.url, options); } else { var options = Object.extend({ method: 'get' }, this.options.ajaxOptions); Object.extend(options, { parameters: params, onComplete: this._boundWrapperHandler, onFailure: this._boundFailureHandler }); new Ajax.Request(this.url, options); } Antivirus reports:
| ||
http://www.pumptec.com/about-pumptec/ | 200 OK Content-Length: 13774 Content-Type: text/html | clean |
http://www.pumptec.com/pumptec-blog/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=31536000 Connection: close Date: Tue, 22 Jul 2014 16:04:59 GMT Pragma: no-cache Location: /blog Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html Expires: Wed, 22 Jul 2015 16:04:59 GMT X-Powered-By: PHP/5.2.17 | clean |
http://www.pumptec.com/blog | 200 OK Content-Length: 31306 Content-Type: text/html | clean |
http://www.pumptec.com/events/ | 200 OK Content-Length: 21947 Content-Type: text/html | clean |
http://www.pumptec.com/tech-pages/ | 200 OK Content-Length: 13202 Content-Type: text/html | clean |
http://www.pumptec.com/newsletter-signup/ | 200 OK Content-Length: 13139 Content-Type: text/html | clean |
http://www.formstack.com/forms/js.php?1295043-Osgy2LOdXb-v3&jsonp | 200 OK Content-Length: 21982 Content-Type: text/html | clean |
http://www.formstack.com/forms/\"http://www.formstack.com/forms/js/3/jquery.min.js\" | 404 Not Found Content-Length: 544 Content-Type: text/html | clean |
http://www.formstack.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.formstack.com/forms/\"http://www.formstack.com/forms/js/3/jquery-ui.min.js?20140508\" | 404 Not Found Content-Length: 544 Content-Type: text/html | clean |
http://www.formstack.com/forms/\"http://www.formstack.com/forms/js/3/scripts.js?20140516\" | 404 Not Found Content-Length: 544 Content-Type: text/html | clean |
http://www.formstack.com/forms/\"http://www.formstack.com/forms/js/3/analytics.js?20140409\" | 404 Not Found Content-Length: 544 Content-Type: text/html | clean |
http://www.pumptec.com/distributor-locator/ | 200 OK Content-Length: 16102 Content-Type: text/html | clean |
http://www.pumptec.com/pumps.html | 200 OK Content-Length: 39242 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pumptec.com
Result:
GET / HTTP/1.1
Host: pumptec.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: pumptec.com
Referer: http://www.google.com/search?q=pumptec.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pumptec.com
Referer: http://www.google.com/search?q=pumptec.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pumptec.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pumptec.com/
Result: pumptec.com is not infected or malware details are not published yet.
Result: pumptec.com is not infected or malware details are not published yet.