Analysis report for http://www.mediafire.com/error.php?errno=320

Sample Overview

URL http://www.mediafire.com/error.php?errno=320
Domainwww.mediafire.com
Analysis Started 2012-09-07 09:55:57
Report Generated 2012-09-07 09:56:26
Jsand version 2.3.4

See the report for domain www.mediafire.com.

Detection results

DetectorResult
Jsand 2.3.4 benign

Exploits

No exploits were identified.

Deobfuscation results

Evals

No evals.

Writes

Network Activity

Requests

URL StatusContent Type
http://www.mediafire.com/error.php?errno=320 200text/html
http://www.google-analytics.com/ga.js 200text/javascript
about:blank 200text/html
http://connect.facebook.net/en_US/all.js 200application/x-javascript
http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.js 200text/javascript
http://cdn.mediafire.com/css/mfv3_82944.php?ver=nonssl 200text/css
http://cdn.mediafire.com/css/mfv4_82944.php?ver=nonssl 200text/css
https://fonts.googleapis.com/css?family=Open+Sans:800,400,700 200text/css
http://cdn.mediafire.com/css/ie_82944.css?ver=nonssl 200text/css
http://cdn.mediafire.com/css/ie7_82944.css?ver=nonssl 200text/css
http://cdn.mediafire.com/js/master_82944.js 200text/javascript
http://rts.sparkstudios.com/Publishers/e95076fd0c.js?ver=async&random=95531635&millis=1347036964272 200empty
http://cdn.engine.adsupply.com/Scripts/infinity.js.aspx 200application/x-javascript
http://engine.adsupply.com/Tag.engine?guid=5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0&rand0.43571154827889647&ver=async&time=420 200application/json
http://www.google-analytics.com/__utm.gif?utmwv=5.3.5&utms=1&utmn=211502750&utmhn=www.mediafire.com&utmcs=-&utmsr=1024x768&utmvp=1256x1983&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=9.0%20r115&utmdt=Free%20Cloud%20Storage%20-%20MediaFire&utmhid=1417554647&utmr=-&utmp=%2Ferror.php%3Ferrno%3D320&utmac=UA-340518-28&utmcc=__utma%3D1.1742271160.1347036964.1347036964.1347036964.1%3B%2B__utmz%3D1.1347036964.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=qBAg~ 200image/gif
http://www.google-analytics.com/__utm.gif?utmwv=5.3.5&utms=2&utmn=1261857017&utmhn=www.mediafire.com&utmt=event&utme=5(Engine*ScriptLoad*5ff0fb62-0643-4ff1-aaee-c737f9ffc0e0)&utmcs=-&utmsr=1024x768&utmvp=1256x1983&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=9.0%20r115&utmdt=Free%20Cloud%20Storage%20-%20MediaFire&utmhid=1417554647&utmr=-&utmp=%2Ferror.php%3Ferrno%3D320&utmac=UA-340518-28&utmcc=__utma%3D1.1742271160.1347036964.1347036964.1347036964.1%3B%2B__utmz%3D1.1347036964.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6BAg~ 200image/gif
http://cdn.mediafire.com/blank.html 200text/html
http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FMediaFire&send=false&layout=button_count&width=180&show_faces=false&action=like&colorscheme=light&font&height=80 200text/html
http://b.static.ak.fbcdn.net/rsrc.php/v2/y4/r/YAV6Ce5hx-Z.js 200application/x-javascript
http://platform.twitter.com/widgets/follow_button.html?screen_name=MediaFire&show_count=true&show_screen_name=false 200text/html
http://www.mediafire.com/templates/linkto/default-161x601-default.php 200text/html
http://optimized-by.rubiconproject.com/a/3196/3346/9685-9.js?cb=0.09066178955858661&fr=true 200application/x-javascript
http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=3196/3346&geo=na&co=us 200text/html
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?rt=iframe 302text/html
http://pixel.invitemedia.com/rubicon_sync?publisher_user_id=e9ff5ab73a4345f5ff2fe552412670a44efd76c3&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/ 200text/html
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js 200text/javascript
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/page_parser.js?d=www.mediafire.com 200text/javascript
http://b.scorecardresearch.com/beacon.js 200application/x-javascript
http://www.mediafire.com/templates/linkto/default-729x91-default.php 200text/html
http://ads.rubiconproject.com/ad/3196.js?cb=0.4663331058368708 200text/javascript
http://optimized-by.rubiconproject.com/a/3196/3346/9685-2.js?cb=0.5170936317843917&tk_st=1&tk_sf=1&rf=http%3A//www.mediafire.com/error.php%3Ferrno%3D320 200application/x-javascript
http://uac.advertising.com/wrapper/aceUAC.js 200application/x-javascript
http://r1-ads.ace.advertising.com/site=837333/size=728090/u=2/bnum=8350327/wkhr=129/hr=9/hl=2/c=2/scres=4/swh=1024x768/tile=1/f=1/r=1/optn=1/fv=9/aolexp=1/dref=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320 302text/html
http://r1-ads.ace.advertising.com/ctst=1/site=837333/size=728090/u=2/bnum=8350327/wkhr=129/hr=9/hl=2/c=2/scres=4/swh=1024x768/tile=1/f=1/r=1/optn=1/fv=9/aolexp=1/dref=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320 200application/x-javascript
http://ebay.adnxs.com/ttj?id=863854&cb=1804574607&pt1=0000837333&pt2=0001246502&pt3=1235&pt4=1347036967:1804574607:0000837333:0001246502:1235:0:pG530013470369670006&imp_id=v2:I:1347036967:1804574607:0000837333:0001246502:1235:0&pubclick=http://r1-ads.ace.advertising.com/click/site=0000837333/mnum=0001246502/cstr=8350327=_504a2727,1804574607,837333_1246502_1235_0,1_/xsxdata=$XSXDATA/bnum=8350327/optn=64?trg= 302text/html
http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D863854%26cb%3D1804574607%26pt1%3D0000837333%26pt2%3D0001246502%26pt3%3D1235%26pt4%3D1347036967%3A1804574607%3A0000837333%3A0001246502%3A1235%3A0%3ApG530013470369670006%26imp_id%3Dv2%3AI%3A1347036967%3A1804574607%3A0000837333%3A0001246502%3A1235%3A0%26pubclick%3Dhttp%3A%2F%2Fr1-ads.ace.advertising.com%2Fclick%2Fsite%3D0000837333%2Fmnum%3D0001246502%2Fcstr%3D8350327%3D_504a2727%2C1804574607%2C837333_1246502_1235_0%2C1_%2Fxsxdata%3D%24XSXDATA%2Fbnum%3D8350327%2Foptn%3D64%3Ftrg%3D 200text/javascript
http://rover.ebay.com/ar/1/711-155813-2042-4/4?mpt=1347036967&Perf_Tracker_1=0000837333&Perf_Tracker_2=0001246502&Perf_Tracker_3=1235&ext_id=6049383040932707474&ff6=1347036967:1804574607:0000837333:0001246502:1235:0:pG530013470369670006&siteid=0&icep_siteid=0&ipn=admain2&adtype=3&size=728x90&placement=15738&mpvc=http%3A%2F%2Fib.adnxs.com%2Fclick%3FAAAAAAAAAAAAAAAAAAAAAAAAAEAzM8M_AAAAAAAAAAAAAAAAAAAAAJL8ECHTufNT42zMe_ZQVi4nJ0pQAAAAAG4uDQBkAAAAZAAAAAIAAABLHSgAh7wAAAAAAQBVU0QAVVNEANgCWgAO8gAAUioAAgMCAQUAAIIA4BPd8QAAAAA.%2Fcnd%3D%2521cAWQLwi-mRwQy7qgARiH-QIgBA..%2Freferrer%3Dhttp%253A%252F%252Fwww.mediafire.com%252Ftemplates%252Flinkto%252Fdefault-729x91-default.php%2Fclickenc%3Dhttp%253A%252F%252Fr1-ads.ace.advertising.com%252Fclick%252Fsite%253D0000837333%252Fmnum%253D0001246502%252Fcstr%253D8350327%253D_504a2727%252C1804574607%252C837333_1246502_1235_0%252C1_%252Fxsxdata%253D%2524XSXDATA%252Fbnum%253D8350327%252Foptn%253D64%253Ftrg%253D 200text/html
http://img-cdn.mediaplex.com/0/documentwrite.js 200application/x-javascript
http://js.dmtry.com/antenna2.js?0_2612_71115581320424_0 200application/x-javascript
http://img-cdn.mediaplex.com/0/711/dapAdChoice.js 200text/html
http://edpn.ebay.com/engagement?INIT=384424594214%7C10269858%7C71115581320424%7C1%7C11%7C0%7C%7Chttp://www.mediafire.com/error.php?errno=320 200text/xml
http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1 200text/html
http://r1-ads.ace.advertising.com/site=837331/size=300250/u=2/bnum=46778862/wkhr=129/hr=9/hl=2/c=2/scres=4/swh=1024x768/tile=1/f=1/r=1/optn=1/fv=9/aolexp=1/dref=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320 200application/x-javascript
http://ad.doubleclick.net/adj/N6921.134363.ADVERTISING.COM-PLA/B5746730.10;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000837331/mnum=0001062031/cstr=46778862=_504a2729,7371572180,837331_1062031_1235_0,1_/xsxdata=$xsxdata/bnum=46778862/optn=64?trg=;ord=7371572180? 200application/x-javascript
http://img-cdn.mediaplex.com/0/711/155813/86608_US_2012_Q1_Instant_Sale_New_iPad_Default_728x90.swf?ir_DAP_M0=0&ir_DAP_M1=71115581320424&ir_DAP_M2=10269858&ir_DAP_M3=&ir_DAP_M4=Santa%20Barbara&ir_DAP_M5=&ir_DAP_M6=0&ir_DAP_M7=www.mediafire.com&ir_DAP_M8=&ir_DAP_M9=US&ir_DAP_M10=805&&dap3_template_id=10269858&rvr_id=384424594214 200application/x-shockwave-flash
http://www.mediafire.com/templates/linkto/default-337x281-default.php 200text/html
http://optimized-by.rubiconproject.com/a/3196/3346/9685-15.js?cb=0.8463241175238363&fr=true 200application/x-javascript
http://www.mediafire.com/templates/linkto/default-337x281-default2.php 200text/html
http://optimized-by.rubiconproject.com/a/3196/3346/27309-15.js?cb=0.1241273885804478&fr=true 200application/x-javascript

Redirects

FromTo
http://r1-ads.ace.advertising.com/site=837333/size=728090/u=2/bnum=8350327/wkhr=129/hr=9/hl=2/c=2/scres=4/swh=1024x768/tile=1/f=1/r=1/optn=1/fv=9/aolexp=1/dref=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320http://r1-ads.ace.advertising.com/ctst=1/site=837333/size=728090/u=2/bnum=8350327/wkhr=129/hr=9/hl=2/c=2/scres=4/swh=1024x768/tile=1/f=1/r=1/optn=1/fv=9/aolexp=1/dref=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320
http://ebay.adnxs.com/ttj?id=863854&cb=1804574607&pt1=0000837333&pt2=0001246502&pt3=1235&pt4=1347036967:1804574607:0000837333:0001246502:1235:0:pG530013470369670006&imp_id=v2:I:1347036967:1804574607:0000837333:0001246502:1235:0&pubclick=http://r1-ads.ace.advertising.com/click/site=0000837333/mnum=0001246502/cstr=8350327=_504a2727,1804574607,837333_1246502_1235_0,1_/xsxdata=$XSXDATA/bnum=8350327/optn=64?trg=http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D863854%26cb%3D1804574607%26pt1%3D0000837333%26pt2%3D0001246502%26pt3%3D1235%26pt4%3D1347036967%3A1804574607%3A0000837333%3A0001246502%3A1235%3A0%3ApG530013470369670006%26imp_id%3Dv2%3AI%3A1347036967%3A1804574607%3A0000837333%3A0001246502%3A1235%3A0%26pubclick%3Dhttp%3A%2F%2Fr1-ads.ace.advertising.com%2Fclick%2Fsite%3D0000837333%2Fmnum%3D0001246502%2Fcstr%3D8350327%3D_504a2727%2C1804574607%2C837333_1246502_1235_0%2C1_%2Fxsxdata%3D%24XSXDATA%2Fbnum%3D8350327%2Foptn%3D64%3Ftrg%3D
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?rt=iframehttp://pixel.invitemedia.com/rubicon_sync?publisher_user_id=e9ff5ab73a4345f5ff2fe552412670a44efd76c3&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/

ActiveX controls

Shellcode

No shellcode was identified.

Malware

Additional (potential) malware:

URLTypeHashAnalysis
http://rover.ebay.com/rover/1/711-155813-2042-4/4?mpt%3d35766%26ir_DAP_M2%3D1026 9858%26mpcr%3D10269858&clickTag=http%3a//ib.adnxs.com/click?AAAAAAAAAAAAAAAAAAAA AAAAAEAzM8M%5fAAAAAAAAAAAAAAAAAAAAAJL8ECHTufNT42zMe%5fZQVi4nJ0pQAAAAAG4uDQBkAAAA ZAAAAAIAAABLHSgAh7wAAAAAAQBVU0QAVVNEANgCWgAO8gAAUioAAgMCAQUAAIIA4BPd8QAAAAA./cnd %3d%2521cAWQLwi-mRwQy7qgARiH-QIgBA../referrer%3dhttp%253A%252F%252Fwww.mediafire .com%252Ftemplates%252Flinkto%252Fdefault-729x91-default.php/clickenc%3dhttp%253 A%252F%252Fr1-ads.ace.advertising.com%252Fclick%252Fsite%253D0000837333%252Fmnum %253D0001246502%252Fcstr%253D8350327%253D%5f504a2727%252C1804574607%252C837333%5 f1246502%5f1235%5f0%252C1%5f%252Fxsxdata%253D%2524XSXDATA%252Fbnum%253D8350327%2 52Foptn%253D64%253Ftrg%253Dhttp://rover.ebay.com/rover/1/711-155813-2042-4/4?mpt %3d35766%26ir_DAP_M2%3D10269858%26mpcr%3D10269858&clickTag1=http%3a//ib.adnxs.co m/click?AAAAAAAAAAAAAAAAAAAAAAAAAEAzM8M%5fAAAAAAAAAAAAAAAAAAAAAJL8ECHTufNT42zMe% 5fZQVi4nJ0pQAAAAAG4uDQBkAAAAZAAAAAIAAABLHSgAh7wAAAAAAQBVU0QAVVNEANgCWgAO8gAAUioA AgMCAQUAAIIA4BPd8QAAAAA./cnd%3d%2521cAWQLwi-mRwQy7qgARiH-QIgBA../referrer%3dhttp %253A%252F%252Fwww.mediafire.com%252Ftemplates%252Flinkto%252Fdefault-729x91-def ault.php/clickenc%3dhttp%253A%252F%252Fr1-ads.ace.advertising.com%252Fclick%252F site%253D0000837333%252Fmnum%253D0001246502%252Fcstr%253D8350327%253D%5f504a2727 %252C1804574607%252C837333%5f1246502%5f1235%5f0%252C1%5f%252Fxsxdata%253D%2524XS XDATA%252Fbnum%253D8350327%252Foptn%253D64%253Ftrg%253Dhttp://rover.ebay.com/rov er/1/711-155813-2042-4/4?mpt%3d35766%26ir_DAP_M2%3D10269858%26mpcr%3D10269858&ur l=http%253A%252F%252Fwww.mediafire.com%252Ferror.php%253Ferrno%253D320 HTML document text d49fe3ef1690a38fa5138c7ec4908018
FEEDBACK

Comments