Analysis report for http://www.mediafire.com/error.php?errno=320

Sample Overview

URL http://www.mediafire.com/error.php?errno=320
Domainwww.mediafire.com
Analysis Started 2012-08-15 01:28:08
Report Generated 2012-08-15 01:29:22
Jsand version 2.3.4

See the report for domain www.mediafire.com.

Detection results

DetectorResult
Jsand 2.3.4 suspicious

Exploits

No exploits were identified.

Deobfuscation results

Evals

Writes

Network Activity

Requests

URL StatusContent Type
http://www.mediafire.com/error.php?errno=320 200text/html

Redirects

FromTo
http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/?rt=iframehttp://pixel.invitemedia.com/rubicon_sync?publisher_user_id=ed29267ded1a8a13f37c951c1cabd28bd5db5ae2&publisher_dsp_id=2101&publisher_call_type=iframe&publisher_redirecturl=http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/
http://us-ads.openx.net/w/2.0/ajs?o=2078021405&auid=245698&ju=http%3A//www.mediafire.com/error.php%3Ferrno%3D320&jr=http%3A//phonenumbersguard.info/index/down/&res=1024x768x24&plg=swf,sl,pdf,qt,wmp,shk,rp&tz=420http://us-ads.openx.net/w/2.0/ajs?cc=1&o=2078021405&auid=245698&ju=http%3A//www.mediafire.com/error.php%3Ferrno%3D320&jr=http%3A//phonenumbersguard.info/index/down/&res=1024x768x24&plg=swf,sl,pdf,qt,wmp,shk,rp&tz=420
http://us-ads.openx.net/w/2.0/ajs?cc=1&o=2078021405&auid=245698&ju=http%3A//www.mediafire.com/error.php%3Ferrno%3D320&jr=http%3A//phonenumbersguard.info/index/down/&res=1024x768x24&plg=swf,sl,pdf,qt,wmp,shk,rp&tz=420http://u.openx.net/w/1.0/sc?r=http%3A%2F%2Fus-ads.openx.net%2Fw%2F2.0%2Fajs%3Fcc%3D1%26o%3D2078021405%26auid%3D245698%26ju%3Dhttp%253A%2F%2Fwww.mediafire.com%2Ferror.php%253Ferrno%253D320%26jr%3Dhttp%253A%2F%2Fphonenumbersguard.info%2Findex%2Fdown%2F%26res%3D1024x768x24%26plg%3Dswf%2Csl%2Cpdf%2Cqt%2Cwmp%2Cshk%2Crp%26tz%3D420
http://u.openx.net/w/1.0/sc?r=http%3A%2F%2Fus-ads.openx.net%2Fw%2F2.0%2Fajs%3Fcc%3D1%26o%3D2078021405%26auid%3D245698%26ju%3Dhttp%253A%2F%2Fwww.mediafire.com%2Ferror.php%253Ferrno%253D320%26jr%3Dhttp%253A%2F%2Fphonenumbersguard.info%2Findex%2Fdown%2F%26res%3D1024x768x24%26plg%3Dswf%2Csl%2Cpdf%2Cqt%2Cwmp%2Cshk%2Crp%26tz%3D420http://u.openx.net/w/1.0/sc?cc=1&r=http%3A%2F%2Fus-ads.openx.net%2Fw%2F2.0%2Fajs%3Fcc%3D1%26o%3D2078021405%26auid%3D245698%26ju%3Dhttp%253A%2F%2Fwww.mediafire.com%2Ferror.php%253Ferrno%253D320%26jr%3Dhttp%253A%2F%2Fphonenumbersguard.info%2Findex%2Fdown%2F%26res%3D1024x768x24%26plg%3Dswf%2Csl%2Cpdf%2Cqt%2Cwmp%2Cshk%2Crp%26tz%3D420
http://u.openx.net/w/1.0/sc?cc=1&r=http%3A%2F%2Fus-ads.openx.net%2Fw%2F2.0%2Fajs%3Fcc%3D1%26o%3D2078021405%26auid%3D245698%26ju%3Dhttp%253A%2F%2Fwww.mediafire.com%2Ferror.php%253Ferrno%253D320%26jr%3Dhttp%253A%2F%2Fphonenumbersguard.info%2Findex%2Fdown%2F%26res%3D1024x768x24%26plg%3Dswf%2Csl%2Cpdf%2Cqt%2Cwmp%2Cshk%2Crp%26tz%3D420http://us-ads.openx.net/w/2.0/ajs?mi=6d290605-0a61-4383-b5f3-fdde5afd1b28&mn=1&mc=1&cc=1&o=2078021405&auid=245698&ju=http%3A//www.mediafire.com/error.php%3Ferrno%3D320&jr=http%3A//phonenumbersguard.info/index/down/&res=1024x768x24&plg=swf,sl,pdf,qt,wmp,shk,rp&tz=420
http://b.scorecardresearch.com/p?c1=3&c2=5859724&c3=542896515&c4=82&c5=7012&c6=&c10=1&c11=&c12=p170037013&c13=&c16=rockyou&cj=1&ax_fwd=1&r=http://ar.voicefive.com/b/recruitBeacon.pli%3Fpid=p170037013%26PRAd=7012%26AR_C=82%26clid=5859724%26cid=542896514%26stid=%26sz=%26as=rockyou%26rn=27092http://b.scorecardresearch.com/p2?c1=3&c2=5859724&c3=542896515&c4=82&c5=7012&c6=&c10=1&c11=&c12=p170037013&c13=&c16=rockyou&cj=1&ax_fwd=1&r=http://ar.voicefive.com/b/recruitBeacon.pli%3Fpid=p170037013%26PRAd=7012%26AR_C=82%26clid=5859724%26cid=542896514%26stid=%26sz=%26as=rockyou%26rn=27092
http://b.scorecardresearch.com/p2?c1=3&c2=5859724&c3=542896515&c4=82&c5=7012&c6=&c10=1&c11=&c12=p170037013&c13=&c16=rockyou&cj=1&ax_fwd=1&r=http://ar.voicefive.com/b/recruitBeacon.pli%3Fpid=p170037013%26PRAd=7012%26AR_C=82%26clid=5859724%26cid=542896514%26stid=%26sz=%26as=rockyou%26rn=27092http://ar.voicefive.com/b/recruitBeacon.pli?pid=p170037013&PRAd=7012&AR_C=82&clid=5859724&cid=542896514&stid=&sz=&as=rockyou&rn=27092
http://ar.voicefive.com/b/recruitBeacon.pli?pid=p170037013&PRAd=7012&AR_C=82&clid=5859724&cid=542896514&stid=&sz=&as=rockyou&rn=27092http://b.voicefive.com/p?c1=4&c2=p170037013&c3=7012&c4=82&c5=&c6=1&c7=Wed%20Aug%2015%2008%3A28%3A21%202012&c8=&c9=&c10=&c11=&c12=542896514&c13=&c14=5859724&c15=&c16=rockyou&rn=1345019301
http://b.voicefive.com/p?c1=4&c2=p170037013&c3=7012&c4=82&c5=&c6=1&c7=Wed%20Aug%2015%2008%3A28%3A21%202012&c8=&c9=&c10=&c11=&c12=542896514&c13=&c14=5859724&c15=&c16=rockyou&rn=1345019301http://b.voicefive.com/p2?c1=4&c2=p170037013&c3=7012&c4=82&c5=&c6=1&c7=Wed%20Aug%2015%2008%3A28%3A21%202012&c8=&c9=&c10=&c11=&c12=542896514&c13=&c14=5859724&c15=&c16=rockyou&rn=1345019301
http://b.scorecardresearch.com/p?c1=3&c2=5859724&c3=542896515&c4=82&c5=7012&c6=&c10=1&c11=&c12=p170037013&c13=&c16=rockyou&cj=1&ax_fwd=1&r=http://ar.voicefive.com/b/recruitBeacon.pli%3Fpid=p170037013%26PRAd=7012%26AR_C=82%26clid=5859724%26cid=542896514%26stid=%26sz=%26as=rockyou%26rn=56795http://ar.voicefive.com/b/recruitBeacon.pli?pid=p170037013&PRAd=7012&AR_C=82&clid=5859724&cid=542896514&stid=&sz=&as=rockyou&rn=56795
http://ar.voicefive.com/b/recruitBeacon.pli?pid=p170037013&PRAd=7012&AR_C=82&clid=5859724&cid=542896514&stid=&sz=&as=rockyou&rn=56795http://b.voicefive.com/p?c1=4&c2=p170037013&c3=7012&c4=82&c5=&c6=2&c7=Wed%20Aug%2015%2008%3A28%3A21%202012&c8=&c9=&c10=&c11=&c12=542896514&c13=&c14=5859724&c15=&c16=rockyou&rn=1345019302
http://d.xp1.ru4.com/activity?_o=62795&_t=cm_rub_exhttp://pixel.rubiconproject.com/tap.php?v=5671&nid=2081&put=BI-00000001202934328&expires=30&next=http%3A%2F%2Fm.xp1.ru4.com%2Fmeta%3F_o%3D179638%26_t%3Ddm%26ssv_p%3Dru%26ssv_u%3DBI-00000001202934328
http://pixel.rubiconproject.com/tap.php?v=5671&nid=2081&put=BI-00000001202934328&expires=30&next=http%3A%2F%2Fm.xp1.ru4.com%2Fmeta%3F_o%3D179638%26_t%3Ddm%26ssv_p%3Dru%26ssv_u%3DBI-00000001202934328http://m.xp1.ru4.com/meta?_o=179638&_t=dm&ssv_p=ru&ssv_u=BI-00000001202934328
http://m.xp1.ru4.com/meta?_o=179638&_t=dm&ssv_p=ru&ssv_u=BI-00000001202934328http://m.xp1.ru4.com/activity?_o=62795&_t=xl_cm_x1&redirect=http%3A%2F%2Floadm.exelator.com%2Fload%2F%3Fp=204%26g=151%26j=0%26buid=~uk~
http://m.xp1.ru4.com/activity?_o=62795&_t=xl_cm_x1&redirect=http%3A%2F%2Floadm.exelator.com%2Fload%2F%3Fp=204%26g=151%26j=0%26buid=~uk~http://loadm.exelator.com/load/?p=204&g=151&j=0&buid=BI-00000001202934328
http://loadm.exelator.com/load/?p=204&g=151&j=0&buid=BI-00000001202934328http://loadm.exelator.com/load/?p=204&g=151&j=0&buid=BI-00000001202934328&xl8blockcheck=1
http://loadm.exelator.com/load/?p=204&g=151&j=0&buid=BI-00000001202934328&xl8blockcheck=1http://pixel.exelator.com/pixel.gif
http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/131615/0/vj?z=hpi&dim=63352&pos=1&pv=8448930006359009&nc=63486757&tz=420&url=http%3A%2F%2Fwww.mediafire.com%2Ferror.php%3Ferrno%3D320&refer=http%3A%2F%2Fwww.mediafire.com%2Ferror.php%3Ferrno%3D320http://hpi.rotator.hadj7.adjuggler.net/servlet/ajrotator/131615/0/vj?ajecscp=1345019345097&z=hpi&dim=63352&pos=1&pv=8448930006359009&nc=63486757&tz=420&url=http%3A%2F%2Fwww.mediafire.com%2Ferror.php%3Ferrno%3D320&refer=http%3A%2F%2Fwww.mediafire.com%2Ferror.php%3Ferrno%3D320

ActiveX controls

Shellcode

No shellcode was identified.

Malware

Additional (potential) malware:

URLTypeHashAnalysis
http://clk.atdmt.com/go/404650701/direct;wi.728;hi.90;ai.287255809;ct.$num$/01/& ArmClickToken=$num$ HTML document text d9c6df4aeae7f034bc39879ba5db86a9
FEEDBACK

Comments