JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security
researchers and computer professionals
Submission permanent link 1f174dda49bcc854e2488354d184265b0da332e0 (Received 2012-12-30 10:59:04, http://freshscent.net46.net/?page_id=146 )
| URL | Status |
| freshscent.net46.net/?id=146 | saved 17599 bytes 5faad5bff2f07e89b8345fcd34d2ea058d6ff583 |
|
| stats.hosting24.com/count.php | status: (referer=freshscent.net46.net/?id=146) |
|
All Malicious or Suspicious Elements of Submission
None
ulock.it/nojs benign[nothing detected] (metarefresh) ulock.it/nojs
status: (referer=freshscent.net46.net/?id=146)saved 1175 bytes 4930b3c0b5e5aa30fe8291157b6183b5c287d9d6
info: [0] no JavaScript
file: 4930b3c0b5e5aa30fe8291157b6183b5c287d9d6: 1175 bytes
Decoded Files4930/b3c0b5e5aa30fe8291157b6183b5c287d9d6 from ulock.it/nojs (1175 bytes, 32 hidden)
download
freshscent.net46.net/wp-includes/js/comment-reply.js?ver=3.4.1 benign[nothing detected] (script) freshscent.net46.net/wp-includes/js/comment-reply.js?ver=3.4.1
status: (referer=freshscent.net46.net/?id=146)saved 786 bytes 6185b986af821a054a3019dc326fc42420b63009
info: [decodingLevel=0] found JavaScript
file: 6185b986af821a054a3019dc326fc42420b63009: 786 bytes
Decoded Files6185/b986af821a054a3019dc326fc42420b63009 from freshscent.net46.net/wp-includes/js/comment-reply.js?ver=3.4.1 (786 bytes)
download
www.google-analytics.com/ga.js benign[nothing detected] (script) www.google-analytics.com/ga.js
status: (referer=freshscent.net46.net/wp-includes/js/jquery/undefined)saved 37362 bytes 142a9875c4bd7e15ce6ac8b5bb181fb29ed08ba5
info: [decodingLevel=0] found JavaScript
file: 142a9875c4bd7e15ce6ac8b5bb181fb29ed08ba5: 37362 bytes
Decoded Files142a/9875c4bd7e15ce6ac8b5bb181fb29ed08ba5 from www.google-analytics.com/ga.js (37362 bytes)
download
freshscent.net46.net/wp-includes/js/jquery/undefined benign[nothing detected] (element) freshscent.net46.net/wp-includes/js/jquery/undefined
status: (referer=freshscent.net46.net/wp-includes/js/jquery/jquery.js?ver=1.7.2)saved 17196 bytes 8d2dc6081eb5e2db4cc52bcfad71cc35d87217a5
info: [img] freshscent.net46.net/images/locale/EN/header.gif
info: [img] freshscent.net46.net/images/icons/menu1.gif
info: [img] freshscent.net46.net/images/icons/main1.gif
info: [img] freshscent.net46.net/images/icons/main5.gif
info: [img] freshscent.net46.net/images/icons/small.gif
info: [img] freshscent.net46.net/images/icons/small.gif
info: [img] freshscent.net46.net/images/icons/menu11.jpg
info: [img] freshscent.net46.net/images/icons/menu13.gif
info: [img] freshscent.net46.net/images/locale/EN/signup.gif
info: [img] freshscent.net46.net/images/icons/upgrade.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/uncheck.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/check.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/ordernow1.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/icons/main1.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/icons/main2.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/icons/main3.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/icons/main4.gif
info: [img] freshscent.net46.net/wp-includes/js/jquery/images/icons/main5.gif
info: [img] freshscent.net46.net/images/l6.jpg
info: [decodingLevel=0] found JavaScript
info: [var gaJsHost] URL=www.
info: [var newurl] URL=www.
info: [script] www.google-analytics.com/ga.js
info: [decodingLevel=1] found JavaScript
file: 8d2dc6081eb5e2db4cc52bcfad71cc35d87217a5: 17196 bytes
file: b240dfcd5be575459a1fe6cdb8d7d441337ac0c3: 192 bytes
Decoded Files8d2d/c6081eb5e2db4cc52bcfad71cc35d87217a5 from freshscent.net46.net/wp-includes/js/jquery/undefined (17196 bytes, 2229 hidden)
downloadb240/dfcd5be575459a1fe6cdb8d7d441337ac0c3 from freshscent.net46.net/wp-includes/js/jquery/undefined (192 bytes)
download
freshscent.net46.net/?id=146 benign[nothing detected] freshscent.net46.net/?id=146
status: (referer=http:/www.ask.com/web?q=puppies)saved 17599 bytes 5faad5bff2f07e89b8345fcd34d2ea058d6ff583
info: [meta refresh] URL=ulock.it/nojs
info: [script] freshscent.net46.net/wp-includes/js/jquery/jquery.js?ver=1.7.2
info: [script] freshscent.net46.net/wp-includes/js/comment-reply.js?ver=3.4.1
info: [img] www.filecrop.com/images/image.gif
info: [img] 1.gravatar.com/avatar/14efccd7b043faeb26ee248e914a6b38?s=32&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D32&r=G
info: [img] 0.gravatar.com/avatar/4c8e5130de3b0fca6540e206943214af?s=32&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D32&r=G
info: [img] 1.gravatar.com/avatar/359297c23f972ce92310be585d23c3d9?s=32&d=http%3A%2F%2F1.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D32&r=G
info: [img] 0.gravatar.com/avatar/a82e3f004a7c2d01bcd82fd55e1cd66e?s=32&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D32&r=G
info: [img] 0.gravatar.com/avatar/666570ad4581e5f5e1c4d25ed4bb6189?s=32&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D32&r=G
info: [img] 0.gravatar.com/avatar/c1d9989f6b645a3a518687c30585eafa?s=32&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D32&r=G
info: [img] 0.gravatar.com/avatar/2c070f0e070d8fc8b695dd231d59f741?s=32&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D32&r=G
info: [img] freshscent.net46.net/wp-content/themes/target/images/sidebar-top.png
info: [img] freshscent.net46.net/wp-content/themes/target/images/sidebar-bottom.png
info: [img] freshscent.net46.net/wp-content/themes/target/images/youtube.png
info: [img] freshscent.net46.net/wp-content/themes/target/images/Twitter.png
info: [img] freshscent.net46.net/wp-content/themes/target/images/facebook.png
info: [img] freshscent.net46.net/wp-content/uploads/2012/08/9698-1-miscellaneous-digital-art-blue1.jpg
info: [script] stats.hosting24.com/count.php
info: [decodingLevel=0] found JavaScript
error: line:69: SyntaxError: missing ; before statement:
error: line:69: if (ulockld == false) { window.location = "http:/ulock.it/adblock/"pWWlp2k/ZJicZqc }
error: line:69: ..........................................^
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN" "http:/www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
error: line:3: ...............^
file: 5faad5bff2f07e89b8345fcd34d2ea058d6ff583: 17599 bytes
Decoded Files5faa/d5bff2f07e89b8345fcd34d2ea058d6ff583 from freshscent.net46.net/?id=146 (17599 bytes, 1218 hidden)
download
freshscent.net46.net/wp-includes/js/jquery/jquery.js?ver=1.7.2 benign[nothing detected] (script) freshscent.net46.net/wp-includes/js/jquery/jquery.js?ver=1.7.2
status: (referer=freshscent.net46.net/?id=146)saved 94861 bytes 3ba6e35885d3a796a5b5579a51065d7d70d75296
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined function p.getElementsByTagName
error: undefined variable p
info: [element] URL=freshscent.net46.net/wp-includes/js/jquery/undefined
info: [1] no JavaScript
file: 3ba6e35885d3a796a5b5579a51065d7d70d75296: 94861 bytes
file: d5dba94a76a67a54f2b98b16227da20414542fd9: 72 bytes
Decoded Files3ba6/e35885d3a796a5b5579a51065d7d70d75296 from freshscent.net46.net/wp-includes/js/jquery/jquery.js?ver=1.7.2 (94861 bytes)
downloadd5db/a94a76a67a54f2b98b16227da20414542fd9 from freshscent.net46.net/wp-includes/js/jquery/jquery.js?ver=1.7.2 (72 bytes)
download