JSUNPACK
A Generic JavaScript Unpacker
CAUTION: jsunpack was designed for security researchers and computer professionals
Enter a single URL (or paste JavaScript to decode):

Upload a PDF, pcap, HTML, or JavaScript file
Private? Help: privacy | uploads
Default Referer
Description

Submission permanent link f15575a477164742373357f9920e8dc1c53cf145 (Received 2012-10-25 16:30:27, http://webmail.excite.com/c55d4374/gds/index_rich.php )

URLStatus
webmail.excite.com/c55d4374/gds/rich.php saved 22709 bytes 4d2b4547bb6f5e9361ef5d7e0509079be9233da3

ae.excite.com/ status: (referer=www1.excite.com/security/0,17167,,00.html)

excitedegrees.elearners.com/qdfIframe.aspx?tsource=ccdec2&cssurl=http:/s3.amazonaws.com/degreesexcite/css/iframe-widget-left.css status: (referer=www1.excite.com/security/0,17167,,00.html)

movies.excite.com/ status: (referer=docs1.excite.com/myfunctions.js)

boards.excite.com/ status: (referer=docs1.excite.com/myfunctions.js)

publish.vx.roo.com/excitemini/miniplaylist/ status: (referer=docs1.excite.com/myfunctions.js)

www.google-analytics.com/urchin.js status: (referer=www.excite.com/)

utm.trk.excite.com/__utm.gif status: (referer=utm.excite.com/u.js)

ad.doubleclick.net/adj/5480.iac.excite/about:blank status: (referer=ad.doubleclick.net/adj/5480.iac.excite/LOGIN;tile=1;sz=300x250;pos=bom;s=ex;ord=562667)

docs1.excite.com/iframe.html status: (referer=www.excite.com/)

www.excite.com/education/financial-aid/pell-grants-application status: (referer=www.excite.com/)

docs1.excite.com/ie.js status: (referer=www.excite.com/)

rd.excite.com/sp/em status: (referer=docs1.excite.com/myfunctions.js)

www.excite.com/tv/favs.jsp status: (referer=docs1.excite.com/myfunctions.js)

docs1.excite.com/exUni.js status: (referer=www1.excite.com/security/0,17167,,00.html)

registration.excite.com/excitereg/register.jsp/excitereg/register.jsp status: (referer=docs1.excite.com/myfunctions.js)

www1.excite.com/home/toolbar/overview/1,3755,,00.html status: (referer=docs1.excite.com/myfunctions.js)

www1.excite.com/home/horoscope/index/0,1854,_L0_0_0_1,00.html status: (referer=docs1.excite.com/myfunctions.js)

www1.excite.com/security/ status: (referer=www1.excite.com/security/0,17167,,00.html)

pagead2.googlesyndication.com/pagead/js/r20121023/r20110914/abg.js status: (referer=ad.doubleclick.net/adj/5480.iac.excite/LOGIN;tile=1;sz=300x250;pos=bom;s=ex;ord=562667)

docs1.excite.com/ie.js status: (referer=www.excite.com/)

sports.excite.com/ status: (referer=docs1.excite.com/myfunctions.js)

service.urchin.com/__utm.gif status: (referer=utm.excite.com/u.js)

today.excite.com/celebbday.html status: (referer=docs1.excite.com/myfunctions.js)

docs1.excite.com/functions.js status: (referer=www.excite.com/)

ad.doubleclick.net/adj/5480.iac.excite/<html><head><script> status: (referer=ad.doubleclick.net/adj/5480.iac.excite/LOGIN;tile=1;sz=300x250;pos=bom;s=ex;ord=562667)

s0.2mdn.net/879366/1_2.js status: (referer=ad.doubleclick.net/adj/5480.iac.excite/LOGIN;tile=1;sz=300x250;pos=bom;s=ex;ord=562667)

www.excite.com/tv/prog.jsp? status: (referer=docs1.excite.com/myfunctions.js)

Warning: reading file /storagefiles/2ce1//58a82a9204be5ad4bdc78e54659602e0459b failed
Warning: reading file /storagefiles/366a//a48f91ec5214058d2fcf4650593c555e0899 failed

All Malicious or Suspicious Elements of Submission

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
www1.excite.com/security/0,17167,,00.html benign
[nothing detected] (metarefresh) www1.excite.com/security/0,17167,,00.html
     status: (referer=webmail.excite.com/c55d4374/gds/rich.php)saved 24917 bytes 11bc8d16204d03ddeac6d14eee3014f3bc071a30
     info: [javascript variable] URL=ae.excite.com
     info: [img] ak.imgfarm.com/ex/logo.gif
     info: [img] ak.imgfarm.com/images/spacer.gif
     info: [iframe] excitedegrees.elearners.com/qdfIframe.aspx?tsource=ccdec2&amp;cssurl=http:/s3.amazonaws.com/degreesexcite/css/iframe-widget-left.css
     info: [iframe] www1.excite.com/security/
     info: [script] docs1.excite.com/exUni.js
     info: [decodingLevel=0] found JavaScript
     error: line:8: SyntaxError: missing ; before statement:
          error: line:8:            Javascript enabled browsers
          error: line:8: .................^
     file: 11bc8d16204d03ddeac6d14eee3014f3bc071a30: 24917 bytes

Decoded Files
11bc/8d16204d03ddeac6d14eee3014f3bc071a30 from www1.excite.com/security/0,17167,,00.html (24917 bytes, 968 hidden) download