Report - api.metaskins.gg/storage/6iRpo8WULl3eul5f2yRsqdcDETOTPAfbFhmvcNPo.exe

Report Overview

Visitedpublic

2025-04-05 21:18:01

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
api.metaskins.gg	unknown	2025-03-25	2025-04-05	2025-04-05	537 B	1.5 MB	104.21.2.85

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-05	medium	api.metaskins.gg/storage/6iRpo8WULl3eul5f2yRsqdcDETOTPAfbFhmvcNPo.exe	bumblebee_win_generic

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

api.metaskins.gg/storage/6iRpo8WULl3eul5f2yRsqdcDETOTPAfbFhmvcNPo.exe

IP / ASN

104.21.2.85

#13335 CLOUDFLARENET

File Overview

File TypePE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Size1.5 MB (1490728 bytes)

MD5da3f8ac9aeea2931c655ca33d0b4a7c4

SHA104b10aa54f2f80fdea61a41ffc71efc9c37cf930

SHA25626295cdc39ec335323a74ee2c5d3df238926cd4e4a53aa39cfc15232165262f2

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	bumblebee_win_generic

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET api.metaskins.gg/storage/6iRpo8WULl3eul5f2yRsqdcDETOTPAfbFhmvcNPo.exe

104.21.2.85

200 OK

1.5 MB

URL

api.metaskins.gg/storage/6iRpo8WULl3eul5f2yRsqdcDETOTPAfbFhmvcNPo.exe

IP / ASN

104.21.2.85

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typePE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

First Seen2025-03-09

Last Seen2025-04-19

Times Seen4

Size1.5 MB (1490728 bytes)

MD5da3f8ac9aeea2931c655ca33d0b4a7c4

SHA104b10aa54f2f80fdea61a41ffc71efc9c37cf930

SHA25626295cdc39ec335323a74ee2c5d3df238926cd4e4a53aa39cfc15232165262f2

Certificate Info

IssuerGoogle Trust Services

Subjectmetaskins.gg

Fingerprint47:C2:EC:E8:3E:5D:76:59:E8:55:98:8B:AC:4C:03:05:D5:22:57:0E

ValidityTue, 25 Mar 2025 19:30:36 GMT - Mon, 23 Jun 2025 20:28:58 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	bumblebee_win_generic

HTTP Headers

GET /storage/6iRpo8WULl3eul5f2yRsqdcDETOTPAfbFhmvcNPo.exe HTTP/1.1
Host: api.metaskins.gg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Apr 2025 21:17:38 GMT
content-type: application/octet-stream
content-length: 1490728
last-modified: Thu, 03 Apr 2025 20:06:14 GMT
etag: "67eeea36-16bf28"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7EcDo7lItuongPhNAeq3SZruxL7HIgPyY1ADbs0YoQUDpcojWXhIM4fDWGRGtJyMm0wpURH5iybsXgBqAUPXsaFOGvODk1dIJO1j%2FNhzOYD%2FEhh37JSgVH4IVvVsyHeuh1wC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92bc12cccf7b56a4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6471&min_rtt=567&rtt_var=11225&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3204&recv_bytes=1166&delivery_rate=5671018&cwnd=237&unsent_bytes=0&cid=44d8417b6566a1e7&ts=247&x=0"
X-Firefox-Spdy: h2