Report - huggingface.co/baqu2213/PoemForSmallFThings/resolve/97698cdb3fd07f3f1a1f4a577c5c475045cab0b5/Danbooru%20Prompt%20Selector/prompt%20selector

Report Overview

Submitted URL
huggingface.co/baqu2213/PoemForSmallFThings/resolve/97698cdb3fd07f3f1a1f4a577c5c475045cab0b5/Danbooru%20Prompt%20Selector/prompt%20selector_1118.exe?download=true
IP
143.204.55.75
ASN
#16509 AMAZON-02
Submitted
2024-05-10 05:37:39
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
huggingface.co	111951	2016-07-18	2016-09-18	2024-05-08	616 B	4.7 kB	143.204.55.85
cdn-lfs.huggingface.co	unknown	2016-07-18	2023-01-06	2024-05-08	1.7 kB	8.7 MB	54.230.111.126

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	cdn-lfs.huggingface.co/repos/86/ac/86ac42525810004664805f7103356c1319e7823e87852bd7bb0d64dd79e3ce5f/591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27prompt%2520selector_1118.exe%3B+filename%3D%22prompt+selector_1118.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1715578633&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNTU3ODYzM319LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy5odWdnaW5nZmFjZS5jby9yZXBvcy84Ni9hYy84NmFjNDI1MjU4MTAwMDQ2NjQ4MDVmNzEwMzM1NmMxMzE5ZTc4MjNlODc4NTJiZDdiYjBkNjRkZDc5ZTNjZTVmLzU5MWRjYThjZGY4Y2E5YTczZjM1Nzk2YjA1Y2U0NmNmOTM3MDYwZTFlNDNkMWM0MmI4ZGE4YWUyYmVjOTZmNTU%7EcmVzcG9uc2UtY29udGVudC1kaXNwb3NpdGlvbj0qJnJlc3BvbnNlLWNvbnRlbnQtdHlwZT0qIn1dfQ__&Signature=pymGkpWqFGFDVj6%7EJdy21LBCogqjHA%7E5rV8BV2BJsDqGel8mYagVYLdoMTRVjU%7E3gQyKIWUVgLSlbWvXZHBkVGCwBklrOg4UdrYlR4eBWwf14PSmWtj7wLpYYbp5tEHbVETQd1NQvTNr8AlROwO2uE-oPwxbISJskGQWP2aQDE8OLy9WIR3xw27rvaaHoc9KdGsYu9%7EtR%7E0V1Nsyqpf0-AH1FFImgSD4zi2NUSeKlT33KBHEknK8sLqmfd4hdY4yI4fhnbb-nttzy08As-kykDgo73bGf4tzveKkYh1%7Eu4vBrQ0U6A-QdHEYo%7EyLjkvFkk9cFog52RdTsfkv-4j5FA__&Key-Pair-Id=KVTP0A1DKRTAX	Identifies executable converted using PyInstaller.

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn-lfs.huggingface.co/repos/86/ac/86ac42525810004664805f7103356c1319e7823e87852bd7bb0d64dd79e3ce5f/591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27prompt%2520selector_1118.exe%3B+filename%3D%22prompt+selector_1118.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1715578633&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNTU3ODYzM319LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy5odWdnaW5nZmFjZS5jby9yZXBvcy84Ni9hYy84NmFjNDI1MjU4MTAwMDQ2NjQ4MDVmNzEwMzM1NmMxMzE5ZTc4MjNlODc4NTJiZDdiYjBkNjRkZDc5ZTNjZTVmLzU5MWRjYThjZGY4Y2E5YTczZjM1Nzk2YjA1Y2U0NmNmOTM3MDYwZTFlNDNkMWM0MmI4ZGE4YWUyYmVjOTZmNTU%7EcmVzcG9uc2UtY29udGVudC1kaXNwb3NpdGlvbj0qJnJlc3BvbnNlLWNvbnRlbnQtdHlwZT0qIn1dfQ__&Signature=pymGkpWqFGFDVj6%7EJdy21LBCogqjHA%7E5rV8BV2BJsDqGel8mYagVYLdoMTRVjU%7E3gQyKIWUVgLSlbWvXZHBkVGCwBklrOg4UdrYlR4eBWwf14PSmWtj7wLpYYbp5tEHbVETQd1NQvTNr8AlROwO2uE-oPwxbISJskGQWP2aQDE8OLy9WIR3xw27rvaaHoc9KdGsYu9%7EtR%7E0V1Nsyqpf0-AH1FFImgSD4zi2NUSeKlT33KBHEknK8sLqmfd4hdY4yI4fhnbb-nttzy08As-kykDgo73bGf4tzveKkYh1%7Eu4vBrQ0U6A-QdHEYo%7EyLjkvFkk9cFog52RdTsfkv-4j5FA__&Key-Pair-Id=KVTP0A1DKRTAX
IP
54.230.111.126
ASN
#16509 AMAZON-02

File type
PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
Size
8.7 MB (8682025 bytes)
Hash
f797a9aa59240aced91fed4f152a46e5
535c13a7bfae8068a0606a60bf0b08f191f6a85b
591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

huggingface.co/baqu2213/PoemForSmallFThings/resolve/97698cdb3fd07f3f1a1f4a577c5c475045cab0b5/Danbooru%20Prompt%20Selector/prompt%20selector_1118.exe?download=true

143.204.55.85

302 Found

2.5 kB

URL User Request GET HTTP/2
huggingface.co/baqu2213/PoemForSmallFThings/resolve/97698cdb3fd07f3f1a1f4a577c5c475045cab0b5/Danbooru%20Prompt%20Selector/prompt%20selector_1118.exe?download=true
IP
143.204.55.85:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecthuggingface.co
Fingerprint5E:E9:95:38:5E:8D:B5:4C:22:78:A8:D3:68:AD:BC:17:0B:1F:2C:06
ValidityTue, 13 Jun 2023 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (2514), with no line terminators
Size
2.5 kB (2514 bytes)
Hash
4647daa6291e8d2e6426e5ae9da1efde
e428e5dd5ddada265052213cdc7f683e131f0460
6a7bdc0cb45636a01924e48d06c993d70f51efea6675790b29086231abff5fe0

HTTP Headers

GET /baqu2213/PoemForSmallFThings/resolve/97698cdb3fd07f3f1a1f4a577c5c475045cab0b5/Danbooru%20Prompt%20Selector/prompt%20selector_1118.exe?download=true HTTP/1.1
Host: huggingface.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 2514
location: https://cdn-lfs.huggingface.co/repos/86/ac/86ac42525810004664805f7103356c1319e7823e87852bd7bb0d64dd79e3ce5f/591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27prompt%2520selector_1118.exe%3B+filename%3D%22prompt+selector_1118.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1715578633&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNTU3ODYzM319LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy5odWdnaW5nZmFjZS5jby9yZXBvcy84Ni9hYy84NmFjNDI1MjU4MTAwMDQ2NjQ4MDVmNzEwMzM1NmMxMzE5ZTc4MjNlODc4NTJiZDdiYjBkNjRkZDc5ZTNjZTVmLzU5MWRjYThjZGY4Y2E5YTczZjM1Nzk2YjA1Y2U0NmNmOTM3MDYwZTFlNDNkMWM0MmI4ZGE4YWUyYmVjOTZmNTU%7EcmVzcG9uc2UtY29udGVudC1kaXNwb3NpdGlvbj0qJnJlc3BvbnNlLWNvbnRlbnQtdHlwZT0qIn1dfQ__&Signature=pymGkpWqFGFDVj6%7EJdy21LBCogqjHA%7E5rV8BV2BJsDqGel8mYagVYLdoMTRVjU%7E3gQyKIWUVgLSlbWvXZHBkVGCwBklrOg4UdrYlR4eBWwf14PSmWtj7wLpYYbp5tEHbVETQd1NQvTNr8AlROwO2uE-oPwxbISJskGQWP2aQDE8OLy9WIR3xw27rvaaHoc9KdGsYu9%7EtR%7E0V1Nsyqpf0-AH1FFImgSD4zi2NUSeKlT33KBHEknK8sLqmfd4hdY4yI4fhnbb-nttzy08As-kykDgo73bGf4tzveKkYh1%7Eu4vBrQ0U6A-QdHEYo%7EyLjkvFkk9cFog52RdTsfkv-4j5FA__&Key-Pair-Id=KVTP0A1DKRTAX
date: Fri, 10 May 2024 05:37:13 GMT
x-powered-by: huggingface-moon
cross-origin-opener-policy: same-origin
referrer-policy: strict-origin-when-cross-origin
x-request-id: Root=1-663db289-75bd9bac35a67a89275ddf83
access-control-allow-origin: https://huggingface.co
vary: Origin, Accept
access-control-expose-headers: X-Repo-Commit,X-Request-Id,X-Error-Code,X-Error-Message,X-Total-Count,ETag,Link,Accept-Ranges,Content-Range
x-repo-commit: 97698cdb3fd07f3f1a1f4a577c5c475045cab0b5
accept-ranges: bytes
x-linked-size: 8682025
x-linked-etag: "591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55"
x-cache: Miss from cloudfront
via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gaCeP2nY7MLcovY7vFgCWXQDV-RUqhKiuzENUykdp3XaWZ7KWeWDzA==
X-Firefox-Spdy: h2

cdn-lfs.huggingface.co/repos/86/ac/86ac42525810004664805f7103356c1319e7823e87852bd7bb0d64dd79e3ce5f/591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27prompt%2520selector_1118.exe%3B+filename%3D%22prompt+selector_1118.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1715578633&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNTU3ODYzM319LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy5odWdnaW5nZmFjZS5jby9yZXBvcy84Ni9hYy84NmFjNDI1MjU4MTAwMDQ2NjQ4MDVmNzEwMzM1NmMxMzE5ZTc4MjNlODc4NTJiZDdiYjBkNjRkZDc5ZTNjZTVmLzU5MWRjYThjZGY4Y2E5YTczZjM1Nzk2YjA1Y2U0NmNmOTM3MDYwZTFlNDNkMWM0MmI4ZGE4YWUyYmVjOTZmNTU%7EcmVzcG9uc2UtY29udGVudC1kaXNwb3NpdGlvbj0qJnJlc3BvbnNlLWNvbnRlbnQtdHlwZT0qIn1dfQ__&Signature=pymGkpWqFGFDVj6%7EJdy21LBCogqjHA%7E5rV8BV2BJsDqGel8mYagVYLdoMTRVjU%7E3gQyKIWUVgLSlbWvXZHBkVGCwBklrOg4UdrYlR4eBWwf14PSmWtj7wLpYYbp5tEHbVETQd1NQvTNr8AlROwO2uE-oPwxbISJskGQWP2aQDE8OLy9WIR3xw27rvaaHoc9KdGsYu9%7EtR%7E0V1Nsyqpf0-AH1FFImgSD4zi2NUSeKlT33KBHEknK8sLqmfd4hdY4yI4fhnbb-nttzy08As-kykDgo73bGf4tzveKkYh1%7Eu4vBrQ0U6A-QdHEYo%7EyLjkvFkk9cFog52RdTsfkv-4j5FA__&Key-Pair-Id=KVTP0A1DKRTAX

54.230.111.126

200 OK

8.7 MB

URL User Request GET HTTP/2
cdn-lfs.huggingface.co/repos/86/ac/86ac42525810004664805f7103356c1319e7823e87852bd7bb0d64dd79e3ce5f/591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27prompt%2520selector_1118.exe%3B+filename%3D%22prompt+selector_1118.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1715578633&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNTU3ODYzM319LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy5odWdnaW5nZmFjZS5jby9yZXBvcy84Ni9hYy84NmFjNDI1MjU4MTAwMDQ2NjQ4MDVmNzEwMzM1NmMxMzE5ZTc4MjNlODc4NTJiZDdiYjBkNjRkZDc5ZTNjZTVmLzU5MWRjYThjZGY4Y2E5YTczZjM1Nzk2YjA1Y2U0NmNmOTM3MDYwZTFlNDNkMWM0MmI4ZGE4YWUyYmVjOTZmNTU%7EcmVzcG9uc2UtY29udGVudC1kaXNwb3NpdGlvbj0qJnJlc3BvbnNlLWNvbnRlbnQtdHlwZT0qIn1dfQ__&Signature=pymGkpWqFGFDVj6%7EJdy21LBCogqjHA%7E5rV8BV2BJsDqGel8mYagVYLdoMTRVjU%7E3gQyKIWUVgLSlbWvXZHBkVGCwBklrOg4UdrYlR4eBWwf14PSmWtj7wLpYYbp5tEHbVETQd1NQvTNr8AlROwO2uE-oPwxbISJskGQWP2aQDE8OLy9WIR3xw27rvaaHoc9KdGsYu9%7EtR%7E0V1Nsyqpf0-AH1FFImgSD4zi2NUSeKlT33KBHEknK8sLqmfd4hdY4yI4fhnbb-nttzy08As-kykDgo73bGf4tzveKkYh1%7Eu4vBrQ0U6A-QdHEYo%7EyLjkvFkk9cFog52RdTsfkv-4j5FA__&Key-Pair-Id=KVTP0A1DKRTAX
IP
54.230.111.126:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectcdn-lfs.huggingface.co
Fingerprint79:E9:AC:C8:42:EE:86:73:FB:CC:D4:AD:70:06:23:10:88:1C:50:4B
ValidityThu, 27 Jul 2023 00:00:00 GMT - Fri, 23 Aug 2024 23:59:59 GMT

File type
PE32+ executable (GUI) x86-64, for MS Windows, 7 sections
Size
8.7 MB (8682025 bytes)
Hash
f797a9aa59240aced91fed4f152a46e5
535c13a7bfae8068a0606a60bf0b08f191f6a85b
591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.

HTTP Headers

GET /repos/86/ac/86ac42525810004664805f7103356c1319e7823e87852bd7bb0d64dd79e3ce5f/591dca8cdf8ca9a73f35796b05ce46cf937060e1e43d1c42b8da8ae2bec96f55?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27prompt%2520selector_1118.exe%3B+filename%3D%22prompt+selector_1118.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1715578633&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNTU3ODYzM319LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy5odWdnaW5nZmFjZS5jby9yZXBvcy84Ni9hYy84NmFjNDI1MjU4MTAwMDQ2NjQ4MDVmNzEwMzM1NmMxMzE5ZTc4MjNlODc4NTJiZDdiYjBkNjRkZDc5ZTNjZTVmLzU5MWRjYThjZGY4Y2E5YTczZjM1Nzk2YjA1Y2U0NmNmOTM3MDYwZTFlNDNkMWM0MmI4ZGE4YWUyYmVjOTZmNTU%7EcmVzcG9uc2UtY29udGVudC1kaXNwb3NpdGlvbj0qJnJlc3BvbnNlLWNvbnRlbnQtdHlwZT0qIn1dfQ__&Signature=pymGkpWqFGFDVj6%7EJdy21LBCogqjHA%7E5rV8BV2BJsDqGel8mYagVYLdoMTRVjU%7E3gQyKIWUVgLSlbWvXZHBkVGCwBklrOg4UdrYlR4eBWwf14PSmWtj7wLpYYbp5tEHbVETQd1NQvTNr8AlROwO2uE-oPwxbISJskGQWP2aQDE8OLy9WIR3xw27rvaaHoc9KdGsYu9%7EtR%7E0V1Nsyqpf0-AH1FFImgSD4zi2NUSeKlT33KBHEknK8sLqmfd4hdY4yI4fhnbb-nttzy08As-kykDgo73bGf4tzveKkYh1%7Eu4vBrQ0U6A-QdHEYo%7EyLjkvFkk9cFog52RdTsfkv-4j5FA__&Key-Pair-Id=KVTP0A1DKRTAX HTTP/1.1
Host: cdn-lfs.huggingface.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-msdos-program
content-length: 8682025
date: Fri, 10 May 2024 05:37:15 GMT
last-modified: Sat, 18 Nov 2023 13:24:11 GMT
etag: "f797a9aa59240aced91fed4f152a46e5"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-version-id: cx8VR7swKvcy_gaAshC8qH5fsqd0fv01
content-disposition: attachment; filename*=UTF-8''prompt%20selector_1118.exe; filename="prompt selector_1118.exe";
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _9Fj_gBp7jaIQrmD9F3k4r3gvh9fXWv8ulDrW8wG5cdj42Zzu3l7Bg==
cache-control: public, max-age=604800, immutable, s-maxage=604800
vary: Origin
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers