JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link 6e7391ecf012edcbd4e6c4c8185e0bbc31155d2e (Received 2018-02-13 05:37:19, http://jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575 )

URLStatus
jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575 saved 28653 bytes 33d2f51a6bb9e8f65bbe37df0c7171315f802f5b

PokeHuntr.com/assets/img/icons malicious status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)

(ipaddr:104.25.219.28) (shellcode) PokeHuntr.com/assets/img/icons status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)

(https?:/ status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)

status: (referer=http:/www.ask.com/web?q=puppies)saved 9 bytes d205cbd6783332a212c5ae92d73c77178c2d2f28 status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)

from PokeHuntr.com/assets/img/icons (580 bytes status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)

status: (referer=http:/www.ask.com/web?q=puppies)saved 580 bytes 6b8e9ab8f363df658be25413ce6d3c3304e909ff status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)

api.pokehuntr.com/cdn-cgi/scripts/cf.common.js status: (referer=api.pokehuntr.com/api/ malicious)

a name="api.pokehuntr.com/api/" status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)

(ipaddr:104.25.218.28) (shellcode) api.pokehuntr.com/api/ status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)failure: nonnumeric port: '104.25.218.28) (shellcode) api.pokehuntr.com'

: file: saved PokeHuntr.com/assets/img/icons to (6b8e9ab8f363df658be25413ce6d3c3304e909ff) status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)failure: nonnumeric port: ' saved PokeHuntr.com'

from api.pokehuntr.com/api/ (9 bytes) status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)failure: <urlopen error [Errno -5] No address associated with hostname>

: file: saved api.pokehuntr.com/api/ to (d205cbd6783332a212c5ae92d73c77178c2d2f28) status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)failure: nonnumeric port: ' saved api.pokehuntr.com'

a class="id" href="https:/poketoolset.com/pokemon/ status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)failure: <urlopen error [Errno -3] Temporary failure in name resolution>

api.pokehuntr.com/cdn-cgi/scripts/zepto.min.js status: (referer=api.pokehuntr.com/api/ malicious)

a name="PokeHuntr.com/assets/img/icons" status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)failure: <urlopen error [Errno -2] Name or service not known>

api.pokehuntr.com/cdn-cgi/scripts/jquery.min.js status: (referer=api.pokehuntr.com/api/ malicious)

All Malicious or Suspicious Elements of Submission

suspicious: shellcode of length 12314/12691
malicious: shellcode URL=a class="id" href="https:/poketoolset.com/pokemon/
malicious: shellcode URL=https:/PokeHuntr.com/assets/img/icons
malicious: shellcode URL=(https?:
malicious: shellcode URL=https:/api.pokehuntr.com/api/
malicious: shellcode URL=a name="PokeHuntr.com/assets/img/icons"
malicious: shellcode URL=PokeHuntr.com/assets/img/icons malicious
malicious: shellcode URL=(ipaddr:104.25.219.28) (shellcode) PokeHuntr.com/assets/img/icons
malicious: shellcode URL=status: (referer=http:/www.ask.com/web?q=puppies)saved 580 bytes 6b8e9ab8f363df658be25413ce6d3c3304e909ff
malicious: shellcode URL=: file: saved PokeHuntr.com/assets/img/icons to (6b8e9ab8f363df658be25413ce6d3c3304e909ff)
malicious: shellcode URL=from PokeHuntr.com/assets/img/icons (580 bytes
malicious: shellcode URL=a name="api.pokehuntr.com/api/"
malicious: shellcode URL=api.pokehuntr.com/api/ malicious
malicious: shellcode URL=(ipaddr:104.25.218.28) (shellcode) api.pokehuntr.com/api/
malicious: shellcode URL=status: (referer=http:/www.ask.com/web?q=puppies)saved 9 bytes d205cbd6783332a212c5ae92d73c77178c2d2f28
malicious: shellcode URL=: file: saved api.pokehuntr.com/api/ to (d205cbd6783332a212c5ae92d73c77178c2d2f28)
malicious: shellcode URL=from api.pokehuntr.com/api/ (9 bytes)
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
malicious: client download shellcode URL (non-executable) saved (d205cbd6783332a212c5ae92d73c77178c2d2f28)
jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575 malicious
[malicious:8] (ipaddr:204.152.206.106) jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575
     status: (referer=http:/www.ask.com/web?q=puppies)saved 28653 bytes 33d2f51a6bb9e8f65bbe37df0c7171315f802f5b
     suspicious: shellcode of length 12314/12691
     malicious: shellcode URL=a class="id" href="https:/poketoolset.com/pokemon/
     malicious: shellcode URL=https:/PokeHuntr.com/assets/img/icons
     malicious: shellcode URL=(https?:
     malicious: shellcode URL=https:/api.pokehuntr.com/api/
     malicious: shellcode URL=a name="PokeHuntr.com/assets/img/icons"
     malicious: shellcode URL=PokeHuntr.com/assets/img/icons malicious
     malicious: shellcode URL=(ipaddr:104.25.219.28) (shellcode) PokeHuntr.com/assets/img/icons
     malicious: shellcode URL=status: (referer=http:/www.ask.com/web?q=puppies)saved 580 bytes 6b8e9ab8f363df658be25413ce6d3c3304e909ff
     malicious: shellcode URL=: file: saved PokeHuntr.com/assets/img/icons to (6b8e9ab8f363df658be25413ce6d3c3304e909ff)
     malicious: shellcode URL=from PokeHuntr.com/assets/img/icons (580 bytes
     malicious: shellcode URL=a name="api.pokehuntr.com/api/"
     malicious: shellcode URL=api.pokehuntr.com/api/ malicious
     malicious: shellcode URL=(ipaddr:104.25.218.28) (shellcode) api.pokehuntr.com/api/
     malicious: shellcode URL=status: (referer=http:/www.ask.com/web?q=puppies)saved 9 bytes d205cbd6783332a212c5ae92d73c77178c2d2f28
     malicious: shellcode URL=: file: saved api.pokehuntr.com/api/ to (d205cbd6783332a212c5ae92d73c77178c2d2f28)
     malicious: shellcode URL=from api.pokehuntr.com/api/ (9 bytes)
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing ; before statement:
          error: line:3: PKCCLfoo)5d9e/50ff0de36fc20715085b852435d1ebe2c575PK=@AL0`nn)eee0/51b23d1812c311974c6b15ab098130cae51b
          error: line:3: ^
     info: file: saved jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575 to (33d2f51a6bb9e8f65bbe37df0c7171315f802f5b)
     file: 33d2f51a6bb9e8f65bbe37df0c7171315f802f5b: 28653 bytes
     file: 6d01f36e6629e2b26f427202acd7c5a4a5c8c8f6: 12314 bytes

Decoded Files
33d2/f51a6bb9e8f65bbe37df0c7171315f802f5b from jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575 (28653 bytes, 2090 hidden) download

6d01/f36e6629e2b26f427202acd7c5a4a5c8c8f6 from jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575 (12314 bytes, 50 hidden) download


PokeHuntr.com/assets/img/icons benign
[nothing detected] (shellcode) PokeHuntr.com/assets/img/icons
     status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)saved 580 bytes 6b8e9ab8f363df658be25413ce6d3c3304e909ff
     file: 6b8e9ab8f363df658be25413ce6d3c3304e909ff: 580 bytes

Decoded Files
6b8e/9ab8f363df658be25413ce6d3c3304e909ff from PokeHuntr.com/assets/img/icons (580 bytes, 13 hidden) download


api.pokehuntr.com/api/ malicious benign
[nothing detected] (shellcode) api.pokehuntr.com/api/ malicious
     status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)saved 5851 bytes 7ddb267ad16e48edbf50149ef97ab6bd530c99ba
     info: [script] api.pokehuntr.com/cdn-cgi/scripts/jquery.min.js
     info: [script] api.pokehuntr.com/cdn-cgi/scripts/zepto.min.js
     info: [script] api.pokehuntr.com/cdn-cgi/scripts/cf.common.js
     info: [decodingLevel=0] found JavaScript
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
     file: 7ddb267ad16e48edbf50149ef97ab6bd530c99ba: 5851 bytes
     file: d1a2f0f6b28b2e818d0f0efd3a8ed559c73d2584: 16892 bytes
     file: 38e73c2c3aae061ae02473f9a405a5c53e778b6f: 16898 bytes
     file: 9cb51131342745da391ba09bd418321d0b57d0dc: 17107 bytes
     file: 003e659b32a10a9a7af378db289eb2ab981ef0ff: 17299 bytes
     file: b0cb51b83614b0f326909e0656ce2c5ecefe5556: 17013 bytes
     file: 70c1c96ec7b2a2e338fa10e2ffc13a101eba2591: 17137 bytes
     file: ff672aaedc2aad5f9bfa906026e88372eb6b7b57: 6069 bytes
     file: d169f1db7bcc223372b79feb9ce2b11e0ddd8546: 6075 bytes
     file: 6b539560e12653d60f1b786c337ec5ecbeffea13: 6284 bytes
     file: 597d80805703ac5c71744bc2427a19fd0a11790d: 6476 bytes
     file: b2797823cb532a6b6f53756414b3a905c831ed83: 6190 bytes
     file: c039affd4b936896b975da8c1cc2e37c1ec64425: 6314 bytes

Decoded Files
7ddb/267ad16e48edbf50149ef97ab6bd530c99ba from api.pokehuntr.com/api/ malicious (5851 bytes, 587 hidden) download

d1a2/f0f6b28b2e818d0f0efd3a8ed559c73d2584 from api.pokehuntr.com/api/ malicious (16892 bytes) download

38e7/3c2c3aae061ae02473f9a405a5c53e778b6f from api.pokehuntr.com/api/ malicious (16898 bytes) download

9cb5/1131342745da391ba09bd418321d0b57d0dc from api.pokehuntr.com/api/ malicious (17107 bytes) download

003e/659b32a10a9a7af378db289eb2ab981ef0ff from api.pokehuntr.com/api/ malicious (17299 bytes) download

b0cb/51b83614b0f326909e0656ce2c5ecefe5556 from api.pokehuntr.com/api/ malicious (17013 bytes) download

70c1/c96ec7b2a2e338fa10e2ffc13a101eba2591 from api.pokehuntr.com/api/ malicious (17137 bytes) download

ff67/2aaedc2aad5f9bfa906026e88372eb6b7b57 from api.pokehuntr.com/api/ malicious (6069 bytes, 587 hidden) download

d169/f1db7bcc223372b79feb9ce2b11e0ddd8546 from api.pokehuntr.com/api/ malicious (6075 bytes, 587 hidden) download

6b53/9560e12653d60f1b786c337ec5ecbeffea13 from api.pokehuntr.com/api/ malicious (6284 bytes, 587 hidden) download

597d/80805703ac5c71744bc2427a19fd0a11790d from api.pokehuntr.com/api/ malicious (6476 bytes, 587 hidden) download

b279/7823cb532a6b6f53756414b3a905c831ed83 from api.pokehuntr.com/api/ malicious (6190 bytes, 587 hidden) download

c039/affd4b936896b975da8c1cc2e37c1ec64425 from api.pokehuntr.com/api/ malicious (6314 bytes, 587 hidden) download


api.pokehuntr.com/api/ malicious
[malicious:6] (ipaddr:104.25.218.28) (shellcode) api.pokehuntr.com/api/
     status: (referer=jsunpack.jeek.org/dec/getfile?hash=5d9e/50ff0de36fc20715085b852435d1ebe2c575)saved 9 bytes d205cbd6783332a212c5ae92d73c77178c2d2f28
     malicious: client download shellcode URL (non-executable) saved (d205cbd6783332a212c5ae92d73c77178c2d2f28)
     info: file: saved api.pokehuntr.com/api/ to (d205cbd6783332a212c5ae92d73c77178c2d2f28)
     file: d205cbd6783332a212c5ae92d73c77178c2d2f28: 9 bytes

Decoded Files
d205/cbd6783332a212c5ae92d73c77178c2d2f28 from api.pokehuntr.com/api/ (9 bytes) download