Report - huggingface.co/Lechcher/Data/resolve/main/Psiphon%203.167.exe?download=true

Report Overview

Submitted URL
huggingface.co/Lechcher/Data/resolve/main/Psiphon%203.167.exe?download=true
IP
143.204.55.124
ASN
#16509 AMAZON-02
Submitted
2024-04-26 00:24:41
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-24	512 B	6.5 kB	35.244.181.201
huggingface.co	111951	2016-07-18	2016-09-18	2024-04-25	529 B	4.6 kB	143.204.55.121
cdn-lfs-us-1.huggingface.co	unknown	2016-07-18	2023-10-24	2024-04-24	1.6 kB	15 MB	54.230.111.59

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn-lfs-us-1.huggingface.co/repos/44/f0/44f02c63dba179bba9e50256f0a18cdaf7dfbb72a80f75b8b7c8768de14c261b/a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27Psiphon%25203.167.exe%3B+filename%3D%22Psiphon+3.167.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1714350254&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNDM1MDI1NH19LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy11cy0xLmh1Z2dpbmdmYWNlLmNvL3JlcG9zLzQ0L2YwLzQ0ZjAyYzYzZGJhMTc5YmJhOWU1MDI1NmYwYTE4Y2RhZjdkZmJiNzJhODBmNzViOGI3Yzg3NjhkZTE0YzI2MWIvYTJlN2Q5N2JjNGYzY2Y2NjI1NjlhZDY3OTA2YWFhMzdjZDdlMmNjYTFhYjNiNTg5OGM4YTJiOTBlZjU1ODY5MT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPSomcmVzcG9uc2UtY29udGVudC10eXBlPSoifV19&Signature=c27afQ1PGkzSbAeG-knbw0aMGRIh9D6r4-cf4LsPMNk82PCL-RK47ammR3M-s1tJWn-aHr7tS62mJ1cdf2vCFu7yyLmMDBO6Q85wXVDS3ypCI5hEe2q1Wja5CcWB9aBRNsXkUu8Y7VHkb1IP6jpcXheTjjILwZWKHAA1kT1lH4uEZ%7EhtuZsg4u1Om74LgAloOs46NH7Du1I6MlY5g4geO0qYnouLrOg3d0lcFbaoua2uVn5lGx6Nqdi0tL6bvpHxec03-aOKRolt8NJxjlF-0FRd1MbdYl4Phv51ADBX2lSJ7xmlTo9rOxzK1Sb%7EAEEzK-fDMNR24BNn5JA9wTdFBQ__&Key-Pair-Id=KCD77M1F0VK2B
IP
54.230.111.59
ASN
#16509 AMAZON-02

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
Size
15 MB (15241402 bytes)
Hash
535ac1227037eb25accad70bf41558cc
ea3552d26ff6f7b57f413c11134850d2de840f74
a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 37/72

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

huggingface.co/Lechcher/Data/resolve/main/Psiphon%203.167.exe?download=true

143.204.55.121

302 Found

2.5 kB

URL User Request GET HTTP/2
huggingface.co/Lechcher/Data/resolve/main/Psiphon%203.167.exe?download=true
IP
143.204.55.121:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecthuggingface.co
Fingerprint5E:E9:95:38:5E:8D:B5:4C:22:78:A8:D3:68:AD:BC:17:0B:1F:2C:06
ValidityTue, 13 Jun 2023 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (2480), with no line terminators
Size
2.5 kB (2480 bytes)
Hash
fe87d6839f25e356c5c59ecafbdb7416
d6ee46a6a4a111eb39ef08e776772c445abd700a
7402f8bf056649e26c27327a16a4521b9cffe1a61d1a774a60d3301283e1d3a7

HTTP Headers

GET /Lechcher/Data/resolve/main/Psiphon%203.167.exe?download=true HTTP/1.1
Host: huggingface.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/html; charset=utf-8
content-length: 2480
location: https://cdn-lfs-us-1.huggingface.co/repos/44/f0/44f02c63dba179bba9e50256f0a18cdaf7dfbb72a80f75b8b7c8768de14c261b/a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27Psiphon%25203.167.exe%3B+filename%3D%22Psiphon+3.167.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1714350254&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNDM1MDI1NH19LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy11cy0xLmh1Z2dpbmdmYWNlLmNvL3JlcG9zLzQ0L2YwLzQ0ZjAyYzYzZGJhMTc5YmJhOWU1MDI1NmYwYTE4Y2RhZjdkZmJiNzJhODBmNzViOGI3Yzg3NjhkZTE0YzI2MWIvYTJlN2Q5N2JjNGYzY2Y2NjI1NjlhZDY3OTA2YWFhMzdjZDdlMmNjYTFhYjNiNTg5OGM4YTJiOTBlZjU1ODY5MT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPSomcmVzcG9uc2UtY29udGVudC10eXBlPSoifV19&Signature=c27afQ1PGkzSbAeG-knbw0aMGRIh9D6r4-cf4LsPMNk82PCL-RK47ammR3M-s1tJWn-aHr7tS62mJ1cdf2vCFu7yyLmMDBO6Q85wXVDS3ypCI5hEe2q1Wja5CcWB9aBRNsXkUu8Y7VHkb1IP6jpcXheTjjILwZWKHAA1kT1lH4uEZ%7EhtuZsg4u1Om74LgAloOs46NH7Du1I6MlY5g4geO0qYnouLrOg3d0lcFbaoua2uVn5lGx6Nqdi0tL6bvpHxec03-aOKRolt8NJxjlF-0FRd1MbdYl4Phv51ADBX2lSJ7xmlTo9rOxzK1Sb%7EAEEzK-fDMNR24BNn5JA9wTdFBQ__&Key-Pair-Id=KCD77M1F0VK2B
date: Fri, 26 Apr 2024 00:24:14 GMT
x-powered-by: huggingface-moon
cross-origin-opener-policy: same-origin
referrer-policy: strict-origin-when-cross-origin
x-request-id: Root=1-662af42e-28564cc5141c7edb657ad20b
access-control-allow-origin: https://huggingface.co
vary: Origin, Accept
access-control-expose-headers: X-Repo-Commit,X-Request-Id,X-Error-Code,X-Error-Message,ETag,Link,Accept-Ranges,Content-Range
x-repo-commit: 33e2ee62593383764502053adec8f968d7719e14
accept-ranges: bytes
x-linked-size: 15241402
x-linked-etag: "a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691"
x-cache: Miss from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5PxRChYr8rhxYv2wS0ZBIVMQ-hhFimxe-oYH2G1Ghw7iu2qPu2qbLA==
X-Firefox-Spdy: h2

cdn-lfs-us-1.huggingface.co/repos/44/f0/44f02c63dba179bba9e50256f0a18cdaf7dfbb72a80f75b8b7c8768de14c261b/a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27Psiphon%25203.167.exe%3B+filename%3D%22Psiphon+3.167.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1714350254&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNDM1MDI1NH19LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy11cy0xLmh1Z2dpbmdmYWNlLmNvL3JlcG9zLzQ0L2YwLzQ0ZjAyYzYzZGJhMTc5YmJhOWU1MDI1NmYwYTE4Y2RhZjdkZmJiNzJhODBmNzViOGI3Yzg3NjhkZTE0YzI2MWIvYTJlN2Q5N2JjNGYzY2Y2NjI1NjlhZDY3OTA2YWFhMzdjZDdlMmNjYTFhYjNiNTg5OGM4YTJiOTBlZjU1ODY5MT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPSomcmVzcG9uc2UtY29udGVudC10eXBlPSoifV19&Signature=c27afQ1PGkzSbAeG-knbw0aMGRIh9D6r4-cf4LsPMNk82PCL-RK47ammR3M-s1tJWn-aHr7tS62mJ1cdf2vCFu7yyLmMDBO6Q85wXVDS3ypCI5hEe2q1Wja5CcWB9aBRNsXkUu8Y7VHkb1IP6jpcXheTjjILwZWKHAA1kT1lH4uEZ%7EhtuZsg4u1Om74LgAloOs46NH7Du1I6MlY5g4geO0qYnouLrOg3d0lcFbaoua2uVn5lGx6Nqdi0tL6bvpHxec03-aOKRolt8NJxjlF-0FRd1MbdYl4Phv51ADBX2lSJ7xmlTo9rOxzK1Sb%7EAEEzK-fDMNR24BNn5JA9wTdFBQ__&Key-Pair-Id=KCD77M1F0VK2B

54.230.111.59

200 OK

15 MB

URL User Request GET HTTP/2
cdn-lfs-us-1.huggingface.co/repos/44/f0/44f02c63dba179bba9e50256f0a18cdaf7dfbb72a80f75b8b7c8768de14c261b/a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27Psiphon%25203.167.exe%3B+filename%3D%22Psiphon+3.167.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1714350254&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNDM1MDI1NH19LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy11cy0xLmh1Z2dpbmdmYWNlLmNvL3JlcG9zLzQ0L2YwLzQ0ZjAyYzYzZGJhMTc5YmJhOWU1MDI1NmYwYTE4Y2RhZjdkZmJiNzJhODBmNzViOGI3Yzg3NjhkZTE0YzI2MWIvYTJlN2Q5N2JjNGYzY2Y2NjI1NjlhZDY3OTA2YWFhMzdjZDdlMmNjYTFhYjNiNTg5OGM4YTJiOTBlZjU1ODY5MT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPSomcmVzcG9uc2UtY29udGVudC10eXBlPSoifV19&Signature=c27afQ1PGkzSbAeG-knbw0aMGRIh9D6r4-cf4LsPMNk82PCL-RK47ammR3M-s1tJWn-aHr7tS62mJ1cdf2vCFu7yyLmMDBO6Q85wXVDS3ypCI5hEe2q1Wja5CcWB9aBRNsXkUu8Y7VHkb1IP6jpcXheTjjILwZWKHAA1kT1lH4uEZ%7EhtuZsg4u1Om74LgAloOs46NH7Du1I6MlY5g4geO0qYnouLrOg3d0lcFbaoua2uVn5lGx6Nqdi0tL6bvpHxec03-aOKRolt8NJxjlF-0FRd1MbdYl4Phv51ADBX2lSJ7xmlTo9rOxzK1Sb%7EAEEzK-fDMNR24BNn5JA9wTdFBQ__&Key-Pair-Id=KCD77M1F0VK2B
IP
54.230.111.59:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecthuggingface.co
Fingerprint5E:E9:95:38:5E:8D:B5:4C:22:78:A8:D3:68:AD:BC:17:0B:1F:2C:06
ValidityTue, 13 Jun 2023 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
Size
15 MB (15241402 bytes)
Hash
535ac1227037eb25accad70bf41558cc
ea3552d26ff6f7b57f413c11134850d2de840f74
a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 37/72

HTTP Headers

GET /repos/44/f0/44f02c63dba179bba9e50256f0a18cdaf7dfbb72a80f75b8b7c8768de14c261b/a2e7d97bc4f3cf662569ad67906aaa37cd7e2cca1ab3b5898c8a2b90ef558691?response-content-disposition=attachment%3B+filename*%3DUTF-8%27%27Psiphon%25203.167.exe%3B+filename%3D%22Psiphon+3.167.exe%22%3B&response-content-type=application%2Fx-msdos-program&Expires=1714350254&Policy=eyJTdGF0ZW1lbnQiOlt7IkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTcxNDM1MDI1NH19LCJSZXNvdXJjZSI6Imh0dHBzOi8vY2RuLWxmcy11cy0xLmh1Z2dpbmdmYWNlLmNvL3JlcG9zLzQ0L2YwLzQ0ZjAyYzYzZGJhMTc5YmJhOWU1MDI1NmYwYTE4Y2RhZjdkZmJiNzJhODBmNzViOGI3Yzg3NjhkZTE0YzI2MWIvYTJlN2Q5N2JjNGYzY2Y2NjI1NjlhZDY3OTA2YWFhMzdjZDdlMmNjYTFhYjNiNTg5OGM4YTJiOTBlZjU1ODY5MT9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPSomcmVzcG9uc2UtY29udGVudC10eXBlPSoifV19&Signature=c27afQ1PGkzSbAeG-knbw0aMGRIh9D6r4-cf4LsPMNk82PCL-RK47ammR3M-s1tJWn-aHr7tS62mJ1cdf2vCFu7yyLmMDBO6Q85wXVDS3ypCI5hEe2q1Wja5CcWB9aBRNsXkUu8Y7VHkb1IP6jpcXheTjjILwZWKHAA1kT1lH4uEZ%7EhtuZsg4u1Om74LgAloOs46NH7Du1I6MlY5g4geO0qYnouLrOg3d0lcFbaoua2uVn5lGx6Nqdi0tL6bvpHxec03-aOKRolt8NJxjlF-0FRd1MbdYl4Phv51ADBX2lSJ7xmlTo9rOxzK1Sb%7EAEEzK-fDMNR24BNn5JA9wTdFBQ__&Key-Pair-Id=KCD77M1F0VK2B HTTP/1.1
Host: cdn-lfs-us-1.huggingface.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-msdos-program
content-length: 15241402
date: Fri, 26 Apr 2024 00:23:47 GMT
last-modified: Sat, 13 Apr 2024 12:25:24 GMT
etag: "da9b95c02d205f76d0ac330d81deda35-1"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
content-disposition: attachment; filename*=UTF-8''Psiphon%203.167.exe; filename="Psiphon 3.167.exe";
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NNNsJ97nb1gU7GVV06SK552zIBvklIIkGfMFH4EATNhudfxMPSxL7w==
age: 28
vary: Origin
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
aa33725c2d0a3d1c2f9c878d64914807
6e83d13ec860384a977738b04ff0891a01ab519a
fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 00:24:33 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=7kyUpmIxUf6zWl-7JMY1oHlhgPkwspyBr2RoeseHxF3CaSMFQw_mppw0gNzBbmGay1ecIFLjN7u-8o4XrO24L5-mgAT3ooKQwsftcT98axv1v6yIAV0ijVuuUWzAXhw2
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers