Analysis report for http://www.mediafire.com/error.php?errno=320

Sample Overview

URL http://www.mediafire.com/error.php?errno=320
Domainwww.mediafire.com
Analysis Started 2012-09-07 09:55:57
Report Generated 2012-09-07 09:56:26
Jsand version 2.3.4

See the report for domain www.mediafire.com.

Detection results

DetectorResult
Jsand 2.3.4 benign

Exploits

No exploits were identified.

Deobfuscation results

Evals

No evals.

Writes

Network Activity

Requests

URL StatusContent Type
http://www.mediafire.com/error.php?errno=320 200text/html

Redirects

FromTo
http://r1-ads.ace.advertising.com/site=837333/size=728090/u=2/bnum=8350327/wkhr=129/hr=9/hl=2/c=2/scres=4/swh=1024x768/tile=1/f=1/r=1/optn=1/fv=9/aolexp=1/dref=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320http://r1-ads.ace.advertising.com/ctst=1/site=837333/size=728090/u=2/bnum=8350327/wkhr=129/hr=9/hl=2/c=2/scres=4/swh=1024x768/tile=1/f=1/r=1/optn=1/fv=9/aolexp=1/dref=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320
http://ebay.adnxs.com/ttj?id=863854&cb=1804574607&pt1=0000837333&pt2=0001246502&pt3=1235&pt4=1347036967:1804574607:0000837333:0001246502:1235:0:pG530013470369670006&imp_id=v2:I:1347036967:1804574607:0000837333:0001246502:1235:0&pubclick=http://r1-ads.ace.advertising.com/click/site=0000837333/mnum=0001246502/cstr=8350327=_504a2727,1804574607,837333_1246502_1235_0,1_/xsxdata=$XSXDATA/bnum=8350327/optn=64?trg=http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D863854%26cb%3D1804574607%26pt1%3D0000837333%26pt2%3D0001246502%26pt3%3D1235%26pt4%3D1347036967%3A1804574607%3A0000837333%3A0001246502%3A1235%3A0%3ApG530013470369670006%26imp_id%3Dv2%3AI%3A1347036967%3A1804574607%3A0000837333%3A0001246502%3A1235%3A0%26pubclick%3Dhttp%3A%2F%2Fr1-ads.ace.advertising.com%2Fclick%2Fsite%3D0000837333%2Fmnum%3D0001246502%2Fcstr%3D8350327%3D_504a2727%2C1804574607%2C837333_1246502_1235_0%2C1_%2Fxsxdata%3D%24XSXDATA%2Fbnum%3D8350327%2Foptn%3D64%3Ftrg%3D
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?rt=iframehttp://pixel.invitemedia.com/rubicon_sync?publisher_user_id=e9ff5ab73a4345f5ff2fe552412670a44efd76c3&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/

ActiveX controls

Shellcode

No shellcode was identified.

Malware

Additional (potential) malware:

URLTypeHashAnalysis
http://rover.ebay.com/rover/1/711-155813-2042-4/4?mpt%3d35766%26ir_DAP_M2%3D1026 9858%26mpcr%3D10269858&clickTag=http%3a//ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAA AAAAAEAzM8M%5fAAAAAAAAAAAAAAAAAAAAAJL8ECHTufNT42zMe%5fZQVi4nJ0pQAAAAAG4uDQBkAAAA ZAAAAAIAAABLHSgAh7wAAAAAAQBVU0QAVVNEANgCWgAO8gAAUioAAgMCAQUAAIIA4BPd8QAAAAA./cnd %3d%2521cAWQLwi-mRwQy7qgARiH-QIgBA../referrer%3dhttp%253A%252F%252Fwww.mediafire .com%252Ftemplates%252Flinkto%252Fdefault-729x91-default.php/clickenc%3dhttp%253 A%252F%252Fr1-ads.ace.advertising.com%252Fclick%252Fsite%253D0000837333%252Fmnum %253D0001246502%252Fcstr%253D8350327%253D%5f504a2727%252C1804574607%252C837333%5 f1246502%5f1235%5f0%252C1%5f%252Fxsxdata%253D%2524XSXDATA%252Fbnum%253D8350327%2 52Foptn%253D64%253Ftrg%253Dhttp://rover.ebay.com/rover/1/711-155813-2042-4/4?mpt %3d35766%26ir_DAP_M2%3D10269858%26mpcr%3D10269858&clickTag1=http%3a//ib.adnxs.co m/click?AAAAAAAAAAAAAAAAAAAAAAAAAEAzM8M%5fAAAAAAAAAAAAAAAAAAAAAJL8ECHTufNT42zMe% 5fZQVi4nJ0pQAAAAAG4uDQBkAAAAZAAAAAIAAABLHSgAh7wAAAAAAQBVU0QAVVNEANgCWgAO8gAAUioA AgMCAQUAAIIA4BPd8QAAAAA./cnd%3d%2521cAWQLwi-mRwQy7qgARiH-QIgBA../referrer%3dhttp %253A%252F%252Fwww.mediafire.com%252Ftemplates%252Flinkto%252Fdefault-729x91-def ault.php/clickenc%3dhttp%253A%252F%252Fr1-ads.ace.advertising.com%252Fclick%252F site%253D0000837333%252Fmnum%253D0001246502%252Fcstr%253D8350327%253D%5f504a2727 %252C1804574607%252C837333%5f1246502%5f1235%5f0%252C1%5f%252Fxsxdata%253D%2524XS XDATA%252Fbnum%253D8350327%252Foptn%253D64%253Ftrg%253Dhttp://rover.ebay.com/rov er/1/711-155813-2042-4/4?mpt%3d35766%26ir_DAP_M2%3D10269858%26mpcr%3D10269858&ur l=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320 HTML document text d49fe3ef1690a38fa5138c7ec4908018
FEEDBACK

Comments