Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=midcontinentalgroup.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://midcontinentalgroup.com/ | 200 OK Content-Length: 41699 Content-Type: text/html | clean |
http://midcontinentalgroup.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://midcontinentalgroup.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://midcontinentalgroup.com/wp-content/themes/TheCorporation/js/jquery.cycle.all.min.js | 200 OK Content-Length: 29256 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){var ver="2.65";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length==0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing slideshow");$(function(){$(o.s,o.c).cycle(options,arg2);});return this;}log("terminating; zero ele Antivirus reports:
| ||
http://midcontinentalgroup.com/wp-content/themes/TheCorporation/js/jquery.easing.1.3.js | 200 OK Content-Length: 9473 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur Antivirus reports:
| ||
http://midcontinentalgroup.com/wp-content/themes/TheCorporation/js/superfish.js | 200 OK Content-Length: 5090 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men Antivirus reports:
| ||
http://midcontinentalgroup.com/wp-content/themes/TheCorporation/epanel/page_templates/js/fancybox/jquery.fancybox-1.2.6.pack.js?ver=1.3.2 | 200 OK Content-Length: 10898 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(';(p($){$.q.1Q=p(){J O.2n(p(){n b=$(O).u(\'2o\');8(b.1d(/^3i\\(["\']?(.*\\.2p)["\']?\\)$/i)){b=3j.$1;$(O).u({\'2o\':\'3k\',\'1e\':"3l:3m.3n.3o(3p=D, 3q="+($(O).u(\'3r\' Antivirus reports:
| ||
http://midcontinentalgroup.com/wp-content/themes/TheCorporation/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 5103 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a[class^='fancybox']").fancybox({ 'overlayOpacity' : 0.7, 'overlayColor' : '#000000', 'zoomSpeedIn' : 500, 'zoomSpeedOut' : 500 }); var $portfolioItem = jQuery('.et_pt_gallery_entry'); $portfolioItem.find('.et_pt_item_image').css('background-color','#000000'); jQuery('.zoom-icon, .more-icon').css({'opacity':'0','visibility':'visible'}); $portfolioItem.hover(function(){ jQuery( Antivirus reports:
| ||
http://midcontinentalgroup.com/new-client-registration/ | 200 OK Content-Length: 28364 Content-Type: text/html | clean |
http://midcontinentalgroup.com/about-2/ | 200 OK Content-Length: 24550 Content-Type: text/html | clean |
http://midcontinentalgroup.com/new-client-registration/new-client-registration-2/ | 200 OK Content-Length: 28898 Content-Type: text/html | clean |
http://midcontinentalgroup.com/new-client-registration/invoicing-and-payment-procedures/ | 200 OK Content-Length: 29724 Content-Type: text/html | clean |
http://midcontinentalgroup.com/products/ | 200 OK Content-Length: 25105 Content-Type: text/html | clean |
http://midcontinentalgroup.com/products/special-offering/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://midcontinentalgroup.com/test404page.js | 404 Not Found Content-Length: 23069 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: midcontinentalgroup.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 22:09:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://midcontinentalgroup.com/xmlrpc.php
GET / HTTP/1.1
Host: midcontinentalgroup.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 25 Dec 2014 22:09:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://midcontinentalgroup.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: midcontinentalgroup.com
Referer: http://www.google.com/search?q=midcontinentalgroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: midcontinentalgroup.com
Referer: http://www.google.com/search?q=midcontinentalgroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.