Report - airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe

Report Overview

Visited public
2025-05-06 10:17:39
Tags
URL
airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe
Finishing URL
airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe
IP / ASN
3.164.68.78
#16509 AMAZON-02
Title
airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
airscreen-download.skybox.xyz	unknown	unknown	No data	No data	1.4 kB	1.8 kB	108.157.229.47

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-06 10:17:08	high	Client IP	108.157.229.47	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

airscreen-download.skybox.xyz/favicon.ico

108.157.229.47

403 Forbidden

243 B

URL GET
airscreen-download.skybox.xyz/favicon.ico
IP
108.157.229.47:80
ASN
#16509 AMAZON-02

Requested by
http://airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe

File type
XML 1.0 document, ASCII text
Size
243 B (243 bytes)
Hash
f47e751011bfc9d73d2e8331b8f8de48
aa8e2617dc5ffab51c42c23453ff7bf7c20943fd
264693365379c712d09ba5f17810f221f6f4735a0a99ea3613f198198d96cb2a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: airscreen-download.skybox.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
Server: AmazonS3
Date: Tue, 06 May 2025 10:17:08 GMT
X-Cache: Error from cloudfront
Via: 1.1 269b0fad85dfd450220cf6573a2d384e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: Zow6eoyF2Ck16VIxEXtpV-1QxSHJmr8UmKxF-9WoHRczg_78elND7A==

airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe

108.157.229.47

403 Forbidden

243 B

URL User Request GET
airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe
IP
108.157.229.47:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectskybox.xyz
FingerprintBF:B5:83:F7:A9:40:FA:49:DE:B0:B4:0F:5D:DC:81:1A:66:A9:81:03
ValiditySun, 23 Feb 2025 00:00:00 GMT - Tue, 24 Mar 2026 23:59:59 GMT

File type
XML 1.0 document, ASCII text
Size
243 B (243 bytes)
Hash
0087f018a749389a143054eb5b1e4957
3c81454d9718b461cbb89e2099b839af2dd71c90
fd2c8e056b36bbbcf02925745e0cc2857780bc819851fc6e8ff1336082bbfc3f

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /prerelease/win/skybox-x64.exe HTTP/1.1
Host: airscreen-download.skybox.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
content-type: application/xml
server: AmazonS3
date: Tue, 06 May 2025 10:17:07 GMT
x-cache: Error from cloudfront
via: 1.1 f803b0b1a33d6ee945ec151c2ca0acaa.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: kO_LBp2yqhyyjM21qwS5cIqm44Vf_Y3hHI_D0AxGmHijMnCmaYYRcw==
X-Firefox-Spdy: h2

airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe

108.157.229.47

403 Forbidden

243 B

URL User Request GET
airscreen-download.skybox.xyz/prerelease/win/skybox-x64.exe
IP
108.157.229.47:80
ASN
#16509 AMAZON-02

File type
XML 1.0 document, ASCII text
Size
243 B (243 bytes)
Hash
189558a147c157783c12c588a0b250a2
190a08df08cd52f5ca53881e14a266edf509fd8f
be0df89bb9c8bef3aa9983a09d74a976129d5641de631defd4f33d42f14ab389

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016

HTTP Headers

GET /prerelease/win/skybox-x64.exe HTTP/1.1
Host: airscreen-download.skybox.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Content-Type: application/xml
Transfer-Encoding: chunked
Connection: keep-alive
Server: AmazonS3
Date: Tue, 06 May 2025 10:17:08 GMT
X-Cache: Error from cloudfront
Via: 1.1 269b0fad85dfd450220cf6573a2d384e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: 7YiNm1q-MGKh52QQXJrM-flmNOeG5Ll4G0EHpLL3kTOOW14rI6nM4g==

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (3)

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers