And what is out here? See:
https://www.virustotal.com/en/url/c081057796c239fe0347c942bda398cb85e0912941f182214fa52d8fbaf12bd1/analysis/1361988982/and
http://urlquery.net/report.php?id=1173917phish and spam (iframe) reg.163 dot com/all.do
status: (referer=wXw.lofter.com/mailEntry.do?blogad=1&blog)
code hick-up:
b1.bst.126 dot net/newpage/r/j/pc.js?v=1361935498086 benign
[nothing detected] (script) b1.bst.126 dot net/newpage/r/j/pc.js?v=1361935498086
status: (referer=byleilei.blog.163 dot com/blog/static/2168350572013112545795/)saved 166831 bytes 7654abe071adb5888582ea8d1db40b0636103b03
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [javascript variable] URL=t.163.com/service/newMessage/
info: [javascript variable] URL=msg.mail.163 dot com
info: [javascript variable] URL=msg dot mail.
info: [javascript variable] URL=api.blog.163 dot com/cap/captcha.jpgx?parentId=
info: [iframe] b1.bst.126 dot net/newpage/r/j/
info: [iframe] blog.163 dot com/pub/services/msnconnectnew.html
info: [img] b1.bst.126 dot net/newpage/r/j/
info: [img] b.bst.126 dot net/style/common/loading.gif
info: [iframe] blog.163 dot com/pub/services/aipaiSpread.html?t=
info: [decodingLevel=0] found JavaScript
suspicious:
Here we may have what we were looking for:
http://www.threatexpert.com/report.aspx?md5=f4b981cbfedfec6ea63d228f2b2ad0fc....Trojan.Win32.Sasfis
pol