See: http://exposure.easyaudit.org/analysis/www.fhkj999.cn
Nothing here: https://www.virustotal.com/nl/url/ec4e019c7a9f26f73a412d2a5f1573c54bc7acbac6c157b15d772ef46c88a6ba/analysis/1443275112/
Malware detected: https://urlquery.net/report.php?id=1443275189982 on a link to Host: -js.users.51.la
Nothing on Sucuri’s: https://sitecheck.sucuri.net/results/www.fhkj999.cn
Alerted: “src='” + cnzz_protocol + “s95.cnzz.com/z_stat.php%3Fid%3D1253162364%26show%3Dpic1’ type=‘text/javascript’%3E%3C/script%3E”));"
Result Results from scanning URL: http://s95.cnzz.com/
Number of sources found: 0
Number of sinks found: 0
cnzz.com detected via: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.fhkj999.cn
with Sucuri to flag here: https://www.virustotal.com/nl/url/1a838c40036f88242d62b79966c359502ad3035f19823836de347c98ed0ae97c/analysis/
This malicious website is immedeately blocked by MBAM: -http://t.ikito.cn/tan/3.js?v=
where VT misses it miserably: https://www.virustotal.com/nl/url/ad295c281064eaec7806d2057b58c8af347efed7d2aacd56984dca1371b28790/analysis/1443275951/
XSS code %3E%3C/script%3E has various samples: https://www.netsparker.com/xss-and-sql-injection-vulnerabilities-in-dbhcms/ also read the full article on Blind SQL - an effective trial and error method, but a bit of pereparing reconnaissance will always help the misnomers that try it out on the innocent and vulnerable. 8) like: http://m.wcuckoo.com/search/k/z+stat.php - with similar abuse reported here: https://sitecheck.sucuri.net/results/bahrainmassagegirl.com
polonus (volunteer website security analyst and website error-hunter)