JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 41886ad3ccd54d36842ff1844e0c322c891d9e25 (Received 2012-08-21 01:40:27, http://91.121.87.136:84/promo.php?compte=356159704679&path=002032&lg=en&cat=arts&sous_cat=cinema&lg_nav=en )

URLStatus
91.121.87.136:84/promo.php?compte=356159704679&path=002032&lg=en&cat=arts&cat=cinema&nav=en saved 11194 bytes e879485aaf833ad1819040b83e49f75ba71357c7

cachewww.21nova.com/ status: (referer=www.21nova.fr/demarrer.php)

www.21nova.fr/ status: (referer=www.21nova.fr/demarrer.php)

cachewww.21nova.com?sjs=testab/ status: (referer=91.121.87.136:84/)

tickers.playtech.com/jackpots/jackpot.swf?info=2&casino=32vegas&up=32vegas&face=arial&size=22&color=3d0000&currency=eur&align=right&color=F9F9F9&bold=1 status: (referer=91.121.87.136:84/)

banner.21nova.com/casinoclient.html? status: (referer=www.21nova.fr/demarrer.php)

cachewww.21nova.com?sjs=shared:ajax:common:swfobject:floater:accordion:exp:rafform&js=1_7_min:jquery.cookie:project:fr-lang:se:seoref/ status: (referer=www.21nova.fr/demarrer.php)

All Malicious or Suspicious Elements of Submission

None
91.121.87.136:84/promo.php?compte=356159704679&path=002032&lg=en&cat=arts&cat=cinema&nav=en benign
[nothing detected] 91.121.87.136:84/promo.php?compte=356159704679&path=002032&lg=en&cat=arts&cat=cinema&nav=en
     status: (referer=http:/www.twitter.com/trends/)saved 11194 bytes e879485aaf833ad1819040b83e49f75ba71357c7
     info: [script] 91.121.87.136:84/scripts/lp.js
     info: [iframe] 91.121.87.136:84/
     info: [img] 91.121.87.136:84/./logo.png
     info: [img] 91.121.87.136:84/./greencheck.png
     info: [img] images.scanalert.com/meter/www.ilivid.com/22.gif
     info: [iframe] www.facebook.com/plugins/like.php?locale=US&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FIlivid%2F121626371218107&layout=standard&faces=false&width=526&action=like&colorscheme=light&height=55
     info: [img] 91.121.87.136:84/images/406/popupClose.gif
     info: [img] 91.121.87.136:84/images/406/popupBtn.gif
     info: [decodingLevel=0] found JavaScript
     error: undefined variable initPage
     error: undefined function initPage
     file: e879485aaf833ad1819040b83e49f75ba71357c7: 11194 bytes

Decoded Files
e879/485aaf833ad1819040b83e49f75ba71357c7 from 91.121.87.136:84/promo.php?compte=356159704679&path=002032&lg=en&cat=arts&cat=cinema&nav=en (11194 bytes, 1674 hidden) download


91.121.87.136:84/ benign
[nothing detected] (iframe) 91.121.87.136:84/
     status: (referer=91.121.87.136:84/promo.php?compte=356159704679&path=002032&lg=en&cat=arts&cat=cinema&nav=en)saved 19795 bytes 7b882eee605aadcdae87267d34cd0fc785eaad1d
     info: [javascript variable] URL=www.21nova.fr
     info: [javascript variable] URL=cachewww.21nova.com
     info: [javascript variable] URL=banner.21nova.com/casinoclient.html?
     info: [javascript variable] URL=banner.21nova.com/cgi-bin/SetupCasino.exe
     info: [javascript variable] URL=www.21nova.fr/demarrer.php
     info: [script] cachewww.21nova.com?js=module&debug
     info: [script] cachewww.21nova.com?sjs=shared:ajax:common:swfobject:floater:smooth:browserdetect:module&js=1_7_min:jquery.cookie:project:fr-lang:se:seoref
     info: [script] cachewww.21nova.com?sjs=testab
     info: [script] cachewww.21nova.com?js=fr-cooltool
     info: [img] cachewww.21nova.com/skin/default/images/logo.gif
     info: [img] cachewww.21nova.com/skin/default/images/left.gif
     info: [embed] tickers.playtech.com/jackpots/jackpot.swf?info=2&casino=32vegas&up=32vegas&face=arial&size=22&color=3d0000&currency=eur&align=right&color=F9F9F9&bold=1
     info: [img] cachewww.21nova.com/media/images/pix.gif
     info: [embed] cachewww.21nova.com/skin/default/payments/main.swf
     info: [decodingLevel=0] found JavaScript
     error: undefined variable L
     error: undefined variable L[SITELANG]
     error: line:1: SyntaxError: missing ; before statement:
          error: line:1: var L[SITELANG] = 1;<