MalwareTips
Security Review

Is v3.jiathis.com legit or a scam?

Our verdict:Dangerous· 20/100

Compromised JavaScript CDN delivering multi-stage malware payloads and exploit-kit redirects via supply-chain attack on art-template npm package.

Top reasons
Confirmed supply-chain attack: v3.jiathis.com/code/jia.js and /code/art.js served malicious JavaScript payloads in 2026 via compromised art-template npm package.Multi-stage payload delivery: scripts used Referer-header filtering to evade detection and injected Baidu Analytics tracking plus hidden iframes targeting iOS Safari browsers.Exploit-kit redirection: payloads redirected iOS users to utaq.cfww.shop to deliver the Coruna exploit kit, affecting thousands of downstream websites.
v3.jiathis.comScanned 1h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 44·MT 8
Category tags
malwaresupply-chain-attack#Malware#Data Harvester95% MT confidence
Warning signals (1)
2 of 92 engines flagged

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
2/92
Engines flagged this URL
Domain Age
17 years old
Registered Apr 30, 2009
MT Intelligence
Dangerous
Critical likelihood · 95% confidence
DANGEROUS

Critical risk detected

Compromised JavaScript CDN delivering multi-stage malware payloads and exploit-kit redirects via supply-chain attack on art-template npm package. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of v3.jiathis.com
LIVE RENDER
v3.jiathis.com

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust8/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
v3.jiathis.com is a legitimate Chinese social-sharing widget provider (founded ~2009, 17+ years old) whose infrastructure was compromised in early 2026. Security researchers documented that the domain's /code/jia.js and /code/art.js files were maliciously tampered with to serve multi-stage payloads. The attack used Referer-header filtering to evade detection: direct requests return benign responses, but requests from browser <script> tags receive malicious code that injects Baidu Analytics tracking and hidden iframes targeting iOS Safari browsers (versions 11.0–17.2) to deliver the Coruna exploit kit. Multiple Chinese institutions (ShanghaiTech University, security researchers) issued warnings in February 2026 about the compromised jia.js file. The domain's current "Scheduled Maintenance" page and the two suspicious detections in our antivirus network align with ongoing remediation efforts, but the historical compromise and documented payload delivery make this a confirmed malware vector.
Full dossier
Analysis complete

Page Content

The page displays a generic "Scheduled Maintenance" message attributed to Cloudflare, with no legitimate business contact information, no email, phone, or address. The body text references infrastructure upgrades and a maintenance window (01:00–05:00 AM GMT+8). This maintenance page is consistent with a compromised domain undergoing remediation.

Infrastructure

Hosted on Cloudflare edge network (IP 172.67.184.213, abuse score 0/100, no abuse reports). SSL certificate valid and issued by Google Trust Services with 62 days to expiry. The clean IP reputation and valid SSL do not indicate malice — they reflect Cloudflare's legitimate hosting. However, the domain's JavaScript files were weaponized despite this infrastructure.

Domain History

Registered approximately 6,255 days ago (~2009) via GoDaddy.com, LLC. The domain is the official v3 subdomain of jiathis.com, a historically legitimate Chinese social-sharing widget service used by thousands of websites to embed QQ, Weibo, and other social buttons. The age and historical legitimacy make this a supply-chain compromise, not a newly-created scam domain.

Web Reputation

Security researchers at safedep.io and socket.dev documented that v3.jiathis.com/code/art.js and /code/jia.js delivered multi-stage payloads when requested with a Referer header (as browser script tags send). The payloads injected Baidu Analytics and used hidden iframe chains to redirect iOS Safari users to utaq.cfww.shop, which hosted the Coruna exploit kit. ShanghaiTech University IT department issued a public warning in February 2026 that the jia.js file had been maliciously tampered with, creating risk for all websites using the component. Independent trust aggregators rate the domain 3/100 (high risk). Two antivirus engines (Certego and SOCRadar) flag it as suspicious.

Risk Factors
7
  • Confirmed supply-chain attack: v3.jiathis.com/code/jia.js and /code/art.js served malicious JavaScript payloads in 2026 via compromised art-template npm package.
  • Multi-stage payload delivery: scripts used Referer-header filtering to evade detection and injected Baidu Analytics tracking plus hidden iframes targeting iOS Safari browsers.
  • Exploit-kit redirection: payloads redirected iOS users to utaq.cfww.shop to deliver the Coruna exploit kit, affecting thousands of downstream websites.
  • Public warnings issued: ShanghaiTech University IT and multiple security researchers documented the compromise in February 2026.
  • Antivirus detections: Certego and SOCRadar both flag the domain as suspicious.
  • Trust aggregator score: 3/100 (high risk) from independent review sites.
  • Widespread downstream impact: the domain serves JavaScript to thousands of Chinese websites, amplifying the attack surface.
Positive Signals
5
  • Domain age 17+ years: registered ~2009, historically legitimate social-sharing widget provider.
  • Valid SSL certificate: issued by Google Trust Services, not self-signed.
  • Clean hosting IP: abuse score 0/100 with no abuse reports on the Cloudflare edge IP.
  • Registered business: Beijing Jiathis.com Co Ltd is an active, registered company in China.
  • No malware in current sandbox: our sandbox did not flag the current page content.
AI Recommendation
Do not visit this domain or use any JavaScript from v3.jiathis.com. If you operate a website that historically loaded social-sharing widgets from jiathis.com, audit your site for injected malicious code and consider migrating to an alternative widget provider. If you are an iOS user, ensure your Safari browser is fully patched to the latest version to mitigate exploit-kit attacks.
Scam network detected
1 linked domain correlated

v3.jiathis.com was part of a 2026 supply-chain attack chain: compromised art-template npm package → v3.jiathis.com/code/jia.js and /code/art.js → hidden iframe redirects → utaq.cfww.shop (Coruna exploit kit watering hole). The attack targeted iOS Safari users and injected Baidu Analytics on all visitors.

utaq.cfww.shop
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for v3.jiathis.com, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
17 yrs
Registered Apr 2009
Business registration
Active · China
Site traces back to an actively registered business.
Independent review aggregators
3/100 · low trust
Average across 1 independent review aggregator.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
3 scam reports
Web ratings
Scores pulled directly from third-party trust & review sites
ScamAdviser
3/100
High riskopen
Key findings
7 headline facts from open-web research
  • v3.jiathis.com/code/jia.js and /code/art.js served malicious JavaScript payloads in 2026 as part of a supply-chain attack via compromised art-template npm package (versions 4.13.5 and 4.13.6)
  • The scripts implement Referer-based filtering: returns benign/empty response without Referer header (as in direct curl), but delivers multi-stage payload with Referer (as sent by <script> tags)
  • Payload injected Baidu Analytics on all visitors and used hidden iframe chains targeting iOS Safari (iOS 11.0–17.2) to deliver the Coruna exploit kit via watering-hole at utaq.cfww.shop
  • February 2026 warnings from Chinese institutions (e.g. ShanghaiTech University) reported the jia.js file was maliciously tampered with, risking malicious link injection on using sites; code later reported fixed
  • Domain age over 17 years (registered ~2009); historically used by thousands of Chinese websites for social sharing buttons (QQ, Weibo, etc.)
  • jiathis.com main site currently shows "Scheduled Maintenance - Cloudflare Hosted"; company registered in Beijing, China
  • Older sandbox reports (2019) flagged the domain in some malware chains, and some blocklists included it
Scam reports (3)
Direct quotes from public scam databases, forums, and news.
  • safedep.ioopen

    "The external domain (v3.jiathis[.]com) serves a multi-stage payload when the request includes a Referer header (as browser <script> tags do)"

  • socket.devopen

    "v3.jiathis.com/code/art.js (injected by art-template@4.13.6); redirects to utaq.cfww.shop/gooll/gooll.html (watering hole); embeds Coruna exploit kit"

  • ShanghaiTech University ITopen

    "其官方组件服务JavaScript代码(http://v3.jiathis.com/code/jia.js)遭攻击者恶意篡改,使用该组件的网站存在被植入恶意链接的风险"

Business registration
Status: active · China

Beijing Jiathis.com Co Ltd (JiaThis), founded ~2009, historically legitimate Chinese social sharing service

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Security researchers at safedep.io and socket.dev documented a confirmed 2026 supply-chain attack targeting v3.jiathis.com. The domain's /code/jia.js and /code/art.js files were maliciously tampered with to serve multi-stage payloads when requested with a Referer header (as browser script tags do). The payloads injected Baidu Analytics tracking and used hidden iframe chains to redirect iOS Safari browsers (versions 11.0–17.2) to utaq.cfww.shop, which hosted the Coruna exploit kit. ShanghaiTech University IT department issued a public warning in February 2026 alerting users that the jia.js file had been compromised, creating malicious-link injection risk for all websites using the component. The attack affected thousands of downstream websites relying on jiathis.com's social-sharing widgets.

Antivirus Engines

Detection matrix · live
2 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

0Malicious2Suspicious59Harmless92Engines
0
of 92
Certego
Suspicious· suspicious
SOCRadar
Suspicious· suspicious

2 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age17 years old
RegistrarGoDaddy.com, LLC
RegisteredApr 30, 2009
ExpiresApr 30, 2030
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresAug 17, 2026 (62d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with v3.jiathis.com

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

static.cloudflareinsights.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags v3.jiathis.com as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — v3.jiathis.com scored 20/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. v3.jiathis.com presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 62 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • v3.jiathis.com is 17.1 years old, registered on 4/30/2009 through GoDaddy.com, LLC. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 2 out of 92 antivirus engines in our malware network flagged v3.jiathis.com as malicious or suspicious. Even one detection is a meaningful signal.
  • No. v3.jiathis.com is not currently listed on the major browser blocklist feeds that modern browsers use.
  • v3.jiathis.com resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Independent trust-rating sites currently show the following for v3.jiathis.com: ScamAdviser: 3/100. Those scores come from user reviews and their own heuristics, so they are worth comparing against our verdict.

Final Verdict

0
Trust / 100
Final Verdict·v3.jiathis.com
DANGEROUS

This domain served malicious JavaScript payloads as part of a 2026 supply-chain attack via a compromised npm package. The scripts targeted iOS devices with exploit-kit payloads and injected tracking code on thousands of websites.

Do not visit this domain or use any JavaScript from v3.jiathis.com. If you operate a website that historically loaded social-sharing widgets from jiathis.com, audit your site for injected malicious code and consider migrating to an alternative widget provider. If you are an iOS user, ensure your Safari browser is fully patched to the latest version to mitigate exploit-kit attacks.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust41
hurawatch.cc
18m ago
Read the review
Dangeroustrust1
asranigroup.com
31m ago
Read the review
Dangeroustrust35
moviesflixer.org
33m ago
Read the review
Dangeroustrust33
movieorca.cam
33m ago
Read the review
Dangeroustrust30
www.gog-games.to
1h ago
Read the review
Dangeroustrust1
poeshop.ru
2h ago
Read the review
Dangeroustrust1
xoilac.hot
4h ago
Read the review
Dangeroustrust1
jocurismechere.com
5h ago
Read the review
Dangeroustrust1
nswpedia.com
5h ago
Read the review
Dangeroustrust1
site-4hencvzd9.godaddysites.com
5h ago
Read the review
Dangeroustrust24
repeg-apyxfi.app
5h ago
Read the review
Dangeroustrust1
scibbl.io
5h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.