See: http://quttera.com/detailed_report/www.jpimg.com
See: https://www.virustotal.com/en/url/bda106301b438973149ac72258c04b105c089b787556dae6e3ed2b55853330da/analysis/1415882764/
https://asafaweb.com/Scan?Url=jpimg.com
How to check the hash dos patch? Re: http://www.troyhunt.com/2011/12/has-hash-dos-patch-been-installed-on.html (link art. author >Troy Hunt) check → -https://isnot.asafaweb.com/
Site potentially harmful and blacklisted by Google Safebrowsing and Quttera’s.
It is in the DNS-BH malicious domains list, some malware hosts also reported on the urlquery dot net result page: https://urlquery.net/queued.php?id=86650356
Host: t.ku63 dot com & js.users dot 51 dot la
and : https://urlquery.net/report.php?id=1415883816072

Also see: http://jsunpack.jeek.org/?report=0a96ee0182f153bbde5a20601dce1d6ac7978d43
For security research only, open link with <NoScript active and in a VM/sandbox.

Code hick-up: e.70e dot com/img.asp?u=33459&m=6&n=&px=1 benign
[nothing detected] (script) e.70e dot com/img.asp?u=33459&m=6&n=&px=1
status: (referer=www.jpimg dot com/js/main.js)saved 418 bytes dca381745a4b650aec0337b4f3afb824422ec07d
info: [decodingLevel=0] found JavaScript
suspicious:
Malicious: http://zulu.zscaler.com/submission/show/0622269162321cedce80e94dca948834-1415884112
I get an error here: htxp://www.70e.com/err/404.html
For this htxp://f.ku63.com/f.asp?u=33459&m=0&n=%27%20charset=%27gb2312
I get:

document.writeln(""); document.writeln("  N.B.*
¶Ô²»Æð£¬ÇëÕýȷͶ·ÅÄúµÄ´úÂ룡
70e dot com
")

Blocked by admin: file:///aspx/downkey.aspx%3Fcmd=down
and htXp://aprv.eu/proxy_neris/index.php/YUhSMGNEb3ZMM2QzZHk1emIzSjBiMnd1WTI5dEx3PT0/
produced “Error displaying the error page: Application Instantiation Error: Could not connect to MySQL.” .

polonus

N.B. * Always encode at point of output, or name my variable in such as way to indicate that it has already been encoded. But still exploitable since nothing used in the string concatenation comes from user input, so even without encodeHTML, it couldn’t be exploited in a useful way.

Damian

“78 virus, 25 trojan(s), 10 exploit(s).”

Now… Too google, is a virus a self replicating, pain in the * file? Or is it the common name assigned to anything in todays world (Like Edeals virus, which is actually a PUP)?

If, it’s virut, or Sality. UH OH! That’s bad news bear…

http://www.google.com/safebrowsing/diagnostic?site=qq163hao123.com/

Hao123 was linked to a Zbot case I did… Absolutely horrible to remove -_-. … (The network I found off of MDL actually). I wouldn’t be suprised to see ZA or ZBot activity offf of that ASN.

Hi Michael,

Well we should be glad not everything is a nasty ruining file infector like Virut is. I am not aware at the moment what the Google Safeweb Reports will qualify as malcode, also injections and code added by malcreants.
There are mainly two categories now, trojans and other malcreations that aren’t trojans.
Well the bundling crap and adware risk code like BHO’s can also be very persistent and a pain in the proverbial parts for the victim. Many a Conduit infestation has to be cleansed through qualified removal help else it will pester on or may welcome some unwelcome friends onto your OS… ;D ;D ;D

polonus

Interesting. OK.

Regardless, the verdict. Stay WELL clear from those sites!