JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link a4f7a35729c54379c8e7f0a679c3ddb603d51ada (Received 2018-04-16 10:13:02, http://www.odinvoll.com )

URLStatus
www.odinvoll.com saved 6627 bytes dffefa7e79729f0fdc78fd8e5008df20d2eb714b

count1.51yes.com/sa.htm?id=11972966&refe=undefined&location=[object Object]&color=undefinedx&resolution=undefinedxundefined&returning=0&language=en&ua=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; . status: (referer=count1.51yes.com/click.aspx?id=11972966&logo=12)

count1.51yes.com/sa.htm?id=11972966 status: (referer=count1.51yes.com/click.aspx?id=11972966&logo=12)

count50.51yes.com/sa.htm?id=507436082 status: (referer=count50.51yes.com/click.aspx?id=507436082&logo=1)

All Malicious or Suspicious Elements of Submission

None
www.3rfm.com/ip.php?=https:/www.baidu.com/ benign
[nothing detected] (script) www.3rfm.com/ip.php?=https:/www.baidu.com/
     status: (referer=www.3rfm.com/tz.js)saved 291 bytes 278c70ee6f5f2211df57e5f3958586eb7312e335
     info: [decodingLevel=0] found JavaScript
     file: 278c70ee6f5f2211df57e5f3958586eb7312e335: 291 bytes

Decoded Files
278c/70ee6f5f2211df57e5f3958586eb7312e335 from www.3rfm.com/ip.php?=https:/www.baidu.com/ (291 bytes) download


count50.51yes.com/click.aspx?id=507436082&logo=12 benign
[nothing detected] (script) count50.51yes.com/click.aspx?id=507436082&logo=12
     status: (referer=www.3rfm.com/tz.js)saved 1694 bytes d7c446e281f18d2586be1e4ee2f9c9093f6901f0
     info: [iframe] count50.51yes.com/sa.htm?id=507436082
     info: [decodingLevel=0] found JavaScript
     info: Decoding option browser=IE8/Vista,      675 bytes
     info: Decoding option browser=Opera,      480 bytes
     info: Decoding option browser=Firefox,      564 bytes
     info: Decoding option navigator.systemLanguage=en and browser=IE7/XP,      547 bytes
     info: Decoding option navigator.systemLanguage=zh-cn,      550 bytes
     info: DecodedIframe detected
     info: [iframe] count50.51yes.com/sa.htm?id=507436082&refe=undefined&location=%5Bobject%20Object%5D&color=undefinedx&resolution=undefinedxundefined&returning=0&language=en&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.0%3B%20Trident/4.0%3B%20.NET%20CLR%201.1.4322%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.04506.648%3B%20.NET%20CLR%203.5.21022%3B%20.NET%20CLR%203.0.4506.2152%3B%20.NET%20CLR%203.5.30729%29
     info: [decodingLevel=1] found JavaScript
     file: d7c446e281f18d2586be1e4ee2f9c9093f6901f0: 1694 bytes
     file: 9aaf5a44b40561b75609c5b63005d4711922f5e7: 675 bytes

Decoded Files
d7c4/46e281f18d2586be1e4ee2f9c9093f6901f0 from count50.51yes.com/click.aspx?id=507436082&logo=12 (1694 bytes, 29 hidden) download

9aaf/5a44b40561b75609c5b63005d4711922f5e7 from count50.51yes.com/click.aspx?id=507436082&logo=12 (675 bytes, 20 hidden) download


www.3rfm.com/tz.js benign
[nothing detected] (script) www.3rfm.com/tz.js
     status: (referer=www.odinvoll.com/)saved 415 bytes 6c16af66dd50c52f414725ac36360153643a999a
     info: [script] count1.51yes.com/click.aspx?id=11972966&logo=12
     info: [script] count50.51yes.com/click.aspx?id=507436082&logo=12
     info: [script] www.3rfm.com/ip.php?=https:/www.baidu.com/
     info: [decodingLevel=0] found JavaScript
     info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista and browser=Opera and browser=Firefox,      0 bytes
     info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista and browser=Opera and browser=Firefox,      358 bytes
     info: [decodingLevel=1] found JavaScript
     error: line:7: SyntaxError: missing ; before statement:
          error: line:7: <script language="javascript" src="http:/count50.51yes.com/click.aspx?id=507436082&logo=12" charset="gb2312"></script>
          error: line:7: .^
     file: 6c16af66dd50c52f414725ac36360153643a999a: 415 bytes
     file: 0ba16ea253c58954ba81603cdbf62fa826713921: 358 bytes

Decoded Files
6c16/af66dd50c52f414725ac36360153643a999a from www.3rfm.com/tz.js (415 bytes, 2 hidden) download

0ba1/6ea253c58954ba81603cdbf62fa826713921 from www.3rfm.com/tz.js (358 bytes) download


www.odinvoll.com/tj.js benign
[nothing detected] (script) www.odinvoll.com/tj.js
     status: (referer=www.odinvoll.com/)saved 1163 bytes aef448ce5500e3734059ec285cf6ec0b547075f2
     info: [0] no JavaScript
     file: aef448ce5500e3734059ec285cf6ec0b547075f2: 1163 bytes

Decoded Files
aef4/48ce5500e3734059ec285cf6ec0b547075f2 from www.odinvoll.com/tj.js (1163 bytes, 129 hidden) download


www.odinvoll.com/ benign
[nothing detected] www.odinvoll.com/
     status: (referer=http:/www.google.com/)saved 6627 bytes dffefa7e79729f0fdc78fd8e5008df20d2eb714b
     info: [script] www.3rfm.com/tz.js
     info: [img] www.odinvoll.com/templets/default/img2013/img/logo.gif
     info: [img] www.odinvoll.com/templets/default/img2013/img/banner.jpg
     info: [img] www.odinvoll.com/templets/default/img2013/img/xwkx.jpg
     info: [img] www.odinvoll.com/images/defaultpic.gif
     info: [script] www.odinvoll.com/tj.js
     info: [script] count50.51yes.com/click.aspx?id=507436082&logo=1
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN" "http:/www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
          error: line:3: ...............^
     file: dffefa7e79729f0fdc78fd8e5008df20d2eb714b: 6627 bytes

Decoded Files
dffe/fa7e79729f0fdc78fd8e5008df20d2eb714b from www.odinvoll.com/ (6627 bytes, 2087 hidden) download


count1.51yes.com/click.aspx?id=11972966&logo=12 benign
[nothing detected] (script) count1.51yes.com/click.aspx?id=11972966&logo=12
     status: (referer=www.3rfm.com/tz.js)saved 1691 bytes 64023f5907461f3f63176dfd5d75ace6fab5c5e3
     info: [iframe] count1.51yes.com/sa.htm?id=11972966
     info: [decodingLevel=0] found JavaScript
     info: Decoding option browser=Firefox,      561 bytes
     info: Decoding option browser=IE8/Vista,      672 bytes
     info: Decoding option navigator.systemLanguage=zh-cn,      547 bytes
     info: Decoding option navigator.systemLanguage=en and browser=IE7/XP,      544 bytes
     info: Decoding option browser=Opera,      477 bytes
     info: DecodedIframe detected
     info: [iframe] count1.51yes.com/sa.htm?id=11972966&refe=undefined&location=%5Bobject%20Object%5D&color=undefinedx&resolution=undefinedxundefined&returning=0&language=en&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.0%3B%20Trident/4.0%3B%20.NET%20CLR%201.1.4322%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.04506.648%3B%20.NET%20CLR%203.5.21022%3B%20.NET%20CLR%203.0.4506.2152%3B%20.NET%20CLR%203.5.30729%29
     info: [decodingLevel=1] found JavaScript
     file: 64023f5907461f3f63176dfd5d75ace6fab5c5e3: 1691 bytes
     file: d8c872bedb8b501495e01be021eb1a774a62aebb: 672 bytes

Decoded Files
6402/3f5907461f3f63176dfd5d75ace6fab5c5e3 from count1.51yes.com/click.aspx?id=11972966&logo=12 (1691 bytes, 29 hidden) download

d8c8/72bedb8b501495e01be021eb1a774a62aebb from count1.51yes.com/click.aspx?id=11972966&logo=12 (672 bytes, 20 hidden) download


count50.51yes.com/click.aspx?id=507436082&logo=1 benign
[nothing detected] (script) count50.51yes.com/click.aspx?id=507436082&logo=1
     status: (referer=www.odinvoll.com/)saved 1777 bytes f373f8bcf6c6ee3bb703fdff0abdb13e6ee99550
     info: [img] count50.51yes.com/count1.gif
     info: [iframe] count50.51yes.com/sa.htm?id=507436082
     info: [decodingLevel=0] found JavaScript
     info: Decoding option navigator.systemLanguage=en and browser=IE7/XP,      630 bytes
     info: Decoding option browser=IE8/Vista,      758 bytes
     info: Decoding option navigator.systemLanguage=zh-cn,      633 bytes
     info: Decoding option browser=Firefox,      647 bytes
     info: Decoding option browser=Opera,      563 bytes
     info: DecodedIframe detected
     info: [iframe] count50.51yes.com/sa.htm?id=507436082&refe=undefined&location=%5Bobject%20Object%5D&color=undefinedx&resolution=undefinedxundefined&returning=0&language=en&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.0%3B%20Trident/4.0%3B%20.NET%20CLR%201.1.4322%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.04506.648%3B%20.NET%20CLR%203.5.21022%3B%20.NET%20CLR%203.0.4506.2152%3B%20.NET%20CLR%203.5.30729%29
     info: [decodingLevel=1] found JavaScript
     file: f373f8bcf6c6ee3bb703fdff0abdb13e6ee99550: 1777 bytes
     file: 45e501e096a654250909a0d79be108d762f83775: 758 bytes

Decoded Files
f373/f8bcf6c6ee3bb703fdff0abdb13e6ee99550 from count50.51yes.com/click.aspx?id=507436082&logo=1 (1777 bytes, 21 hidden) download

45e5/01e096a654250909a0d79be108d762f83775 from count50.51yes.com/click.aspx?id=507436082&logo=1 (758 bytes, 12 hidden) download


count50.51yes.com/sa.htm?id=507436082&refe=undefined&location=[object Object]&color=undefinedx&resolution=undefinedxundefined&returning=0&language=en&ua=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; benign
[nothing detected] (iframe) count50.51yes.com/sa.htm?id=507436082&refe=undefined&location=[object Object]&color=undefinedx&resolution=undefinedxundefined&returning=0&language=en&ua=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
     status: (referer=count50.51yes.com/click.aspx?id=507436082&logo=1)saved 20 bytes 49a60bed2070015f972688f688f92cfc80cd77e5
     info: [0] no JavaScript
     file: 49a60bed2070015f972688f688f92cfc80cd77e5: 20 bytes

Decoded Files
49a6/0bed2070015f972688f688f92cfc80cd77e5 from count50.51yes.com/sa.htm?id=507436082&refe=undefined&location=[object Object]&color=undefinedx&resolution=undefinedxundefined&returning=0&language=en&ua=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; (20 bytes) download