Hi razoreqx,
If giving a link there, I would like to see it broken, because there is live malware out there in this case up and infectious. The innocent and not so security savvy visitors could easily get themselves infected by not using the precautions we do and click a wrong link. That is why I present these finds rather via VT or other scan results, and give parts of suspicious code in jsunpack without giving direct page links. Even taking these direct precautions when doing cold reconnaisance needs browser protection of some sort, that is ample script blocking (noscript or NotScripts and running the browser in a sandbox or VM). Users do not know that skimming through malware source code even via a proxy in the browser can get them infected without their av solution detecting (always scan your browser files in the aftermath), so give suspicious links always like -wwww etc. Live malware code always to be presented as an image to avoid unnessary alerts and other risks. To view code use jsunpack with ample script protection or the malzilla browser sandboxed. So the analyst also should introduce SafeHex! And remember the malcreant is also an avast forum visitor....
polonus
