Malware Domain List

Site Related => Site / Forum Discussion => Topic started by: GaryDee on March 31, 2012, 10:41:54 am

Title: JSUNPACK
Post by: GaryDee on March 31, 2012, 10:41:54 am
Hi. Does anyone know if JSUNPACK ist having some problems at the moment ? Thx

http://jsunpack.jeek.org/?list=1
Title: Re: JSUNPACK
Post by: SysAdMini on March 31, 2012, 01:02:36 pm
I don't see a problem. What's wrong ?
Title: Re: JSUNPACK
Post by: GaryDee on March 31, 2012, 02:46:09 pm
I don't see a problem. What's wrong ?

Take a look at the screenshots i made just a few minutes ago. On the right List Recent Malicious URLs and uploads it looks like that since yesterday evening, although i already uploaded some suspicious scripts, but it does not show them as suspicious. Also whatever Page i open there is no suspicous upload (or URL) anymore shown.
Title: Re: JSUNPACK
Post by: GaryDee on March 31, 2012, 02:46:48 pm
Forgot the 3rd one

Title: Re: JSUNPACK
Post by: SysAdMini on March 31, 2012, 03:06:36 pm
I sent Blake a message.
Title: Re: JSUNPACK
Post by: GaryDee on April 01, 2012, 04:31:20 pm
Thx. I guess it seems to look like a abuse/attack or so. Did he reply ?
Title: Re: JSUNPACK
Post by: SysAdMini on April 01, 2012, 04:38:50 pm
Not yet.
Title: Re: JSUNPACK
Post by: dlipman on April 02, 2012, 09:45:07 pm
JSunpack crashed with Python errors for me this morning.

BTW:  The last communique I had with Blake, I had him allow a user entered field so we can use our own referral address and override the default address.
This should be helpful for Backhole Exploits.
Title: Re: JSUNPACK
Post by: Amishrabbit on April 04, 2012, 05:47:58 pm
I sent Blake a message.

Thank you.

If, or when, he replies, could you also let him know his SVN download is broken for some reason, so it's not possible to retrieve the source of jsunpack-n at the moment.

EDIT: svn/  trunk/ depends/ js-1.8.0-rc1-src.tar.gz (https://code.google.com/p/jsunpack-n/source/browse/trunk/depends/js-1.8.0-rc1-src.tar.gz) is corrupted or has been deleted from the repository, as well. It shows as 0 bytes.

-=A
Title: Re: JSUNPACK
Post by: SysAdMini on April 04, 2012, 06:04:24 pm
I don't see a problem. What's wrong ?

Take a look at the screenshots i made just a few minutes ago. On the right List Recent Malicious URLs and uploads it looks like that since yesterday evening, although i already uploaded some suspicious scripts, but it does not show them as suspicious. Also whatever Page i open there is no suspicous upload (or URL) anymore shown.


Blake replied that he was altering some of the suspicious detections a few days ago.
So it's not a bug.
Title: Re: JSUNPACK
Post by: SysAdMini on April 04, 2012, 06:05:37 pm

If, or when, he replies, could you also let him know his SVN download is broken for some reason, so it's not possible to retrieve the source of jsunpack-n at the moment.

EDIT: svn/  trunk/ depends/ js-1.8.0-rc1-src.tar.gz (https://code.google.com/p/jsunpack-n/source/browse/trunk/depends/js-1.8.0-rc1-src.tar.gz) is corrupted or has been deleted from the repository, as well. It shows as 0 bytes.

Reported to Blake.
Title: Re: JSUNPACK
Post by: GaryDee on April 06, 2012, 10:35:30 am
I guess (as far as i remember) i was online at JSUNPACK at the moment when it happened, and i remember clearly, that after refreshing several times the page, all the colours (red, orange, in the right list changed to black for several moments) after that they changed color back again, intorose and yellow. And something else i noticed, that in the left list there were several dozens of links from
Code: [Select]
phichit.net (see in the 3rd Screenshot above)
Title: Re: JSUNPACK
Post by: blake2 on April 09, 2012, 02:31:09 pm
I guess (as far as i remember) i was online at JSUNPACK at the moment when it happened, and i remember clearly, that after refreshing several times the page, all the colours (red, orange, in the right list changed to black for several moments) after that they changed color back again, intorose and yellow.

I was modifying the color scheme recently so that would explain this behavior. If you have any other concerns let me know and I can try to address them.
Blake