By now, you have most likely heard about Survey-smiles.com malware. They appear on all browsers, even when all add-ons have been disabled. If your machine gets infected with this malware, every time you open a new web page and select the address bar, you will get this malware address supplied “http://www1.survey-smiles.com/”.
Most security vendors classify this website as malicious and can block all associated traffic easily.
![](https://cdn.prod.website-files.com/6208b9b7b3a3551c72cfc1c9/63262ee98894df1dcdcaf9c0_Screen%20Shot%202022-09-17%20at%2023.32.15.png)
But, things are not that easy! Each day, attackers find a new way to bypass these blockages. DNSSense has discovered a new Survey-smiles.com attack associated with more than 650k domains.
These 650k malicious domains have the following features in common: when visited, they get redirected to a different address on almost every visit. Moreover, when a request is made using the HEAD method, you will get the Status Code 400 (Bad Request Error) with the end.url: survey-smiles.com.
Let’s look at expressexpense.com as an example. No other security vendor has identified this address as a potential threat:
![](https://cdn.prod.website-files.com/6208b9b7b3a3551c72cfc1c9/63262f2e7de6106f1e074c19_Screen%20Shot%202022-09-17%20at%2023.33.29.png)
Thanks to our AI-native domain classification platform, Cyber X-Ray, you can now easily detect these malicious domains and protect your business.
![](https://cdn.prod.website-files.com/6208b9b7b3a3551c72cfc1c9/63262f6fcd40a86453fb7761_Screen%20Shot%202022-09-17%20at%2023.34.36.png)
DNSSense is the easiest way to be secure.