Windows Analysis Report
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true

Overview

General Information

Sample URL:	https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true
Analysis ID:	1665808
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Yara detected AntiDebug via timestamp check

Yara detected HtmlPhish44

Yara detected Invisible JS

Yara detected Obfuscation Via HangulCharacter

Yara detected Tycoon 2FA PaaS

AI detected landing page (webpage, office document or email)

AI detected suspicious Javascript

Phishing site or detected (based on various text indicators)

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://mz.downheld.com/favicon.ico

Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_86, type: DROPPED

Yara detected Invisible JS

Source: Yara match	File source: 1.15.d.script.csv, type: HTML
Source: Yara match	File source: 1.21.d.script.csv, type: HTML
Source: Yara match	File source: 1.18.d.script.csv, type: HTML
Source: Yara match	File source: 1.22.d.script.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.4.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 1.15.d.script.csv, type: HTML
Source: Yara match	File source: 1.21.d.script.csv, type: HTML
Source: Yara match	File source: 1.22.d.script.csv, type: HTML
Source: Yara match	File source: 1.18.d.script.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.4.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 1.16.d.script.csv, type: HTML
Source: Yara match	File source: 1.20.d.script.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true

Joe Sandbox AI: Page contains button: 'REVIEW SECURE DOCUMENT' Source: '0.1.pages.csv'

AI detected suspicious Javascript

Source: 1.24..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mz.downheld.com/Te2y0P/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by writing the decoded content to the document, suggests the script is attempting to execute remote or dynamic code. Additionally, the script appears to be sending data to an unknown domain (`Mz.downheld.com`), which is a strong indicator of potential data exfiltration. The overall level of obfuscation and suspicious behavior warrants a high-risk score.
Source: 1.17..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mz.downheld.com/Te2y0P/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by writing the decoded content to the document, suggests the script is attempting to inject and execute remote or dynamic code. Additionally, the script appears to be interacting with an untrusted domain (`Mz.downheld.com`), further increasing the risk. Overall, this script exhibits a high level of malicious intent and should be treated with caution.

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.2

OCR Text: Bid Invite You've received (2) new PDF Documents far your review REVIEW SECURE DOCUMENT Powered by Buildln.Al [f any content violates regulatidns or infringes rights, click&port

Source: https://mz.downheld.com/Te2y0P/	HTTP Parser: No favicon
Source: https://mz.downheld.com/Te2y0P/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.152.2.144:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.147:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.120:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.9.44:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 64MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.94
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true HTTP/1.1Host: buildin.aiConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/katex@0.16.9/dist/katex.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/mermaid@10.6.1/dist/mermaid.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/polyfills-b835751f.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-a4549a4f.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/flowus-a377f5cb.css HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/react-vendor-04523c56.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/lodash-a06978fb.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/flowus-a76f25fe.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-91561f2b.css HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/tiptap-baa69219.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/users/me HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiex-app-origin: websec-ch-ua-platform: "Windows"Accept-Language: en-US,en;q=0.9,zh;q=0.8x-product: buildinsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0app_version_name: 1.138.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /X-SENDER-ID: bda2c3b5-a9a8-4099-b2ec-5748a6f4f0edSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdCookie: next_lng=undefined
Source: global traffic	HTTP traffic detected: GET /connect/zh_CN/htmledition/js/wxLogin.js HTTP/1.1Host: res.wx.qq.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-28dc8c2c.css HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-6785ea48.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-eb1c2f9b.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-web-app-images/favicon.png HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /country_code/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://buildin.aiSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-web-app-images/favicon.png HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /country_code/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiex-app-origin: websec-ch-ua-platform: "Windows"Accept-Language: en-US,en;q=0.9,zh;q=0.8x-product: buildinsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0app_version_name: 1.138.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /X-SENDER-ID: bda2c3b5-a9a8-4099-b2ec-5748a6f4f0edSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdCookie: next_lng=undefined
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc/publicData HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiex-app-origin: websec-ch-ua-platform: "Windows"Accept-Language: en-US,en;q=0.9,zh;q=0.8x-product: buildinsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0app_version_name: 1.138.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /X-SENDER-ID: bda2c3b5-a9a8-4099-b2ec-5748a6f4f0edSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdCookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/?callback=1-9&channel=shangeyouxiang HTTP/1.1Host: jjy.fyaadd.cnConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://buildin.aiSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/spaces/getPublicData HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc/publicData HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/6c5b0932-dcf8-42f1-95e4-bfa1ed94f5c4 HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/6c5b0932-dcf8-42f1-95e4-bfa1ed94f5c4 HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/records/query HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/?callback=1-9&channel=shangeyouxiang HTTP/1.1Host: jjy.fyaadd.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Te2y0P/ HTTP/1.1Host: mz.downheld.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mz.downheld.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mz.downheld.com/Te2y0P/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InRRK3l1eXR0b1pMRis4bjRNalU3Smc9PSIsInZhbHVlIjoiZXN2eDJCaTNXYXkwSmVSK3ZUdkQ2QWhkV0xxQWw5R05SQWZFTnkyZmp3VTZob2RtZjk3TG45TWIzN2g5RnFXRGZnNUVXUkJYdi8yd2JrVlpCY0VZZTZYVklvNVlDUUhnc3VnNlJXUzhNUUJ6ZDJmSXh1VmEwNUVHOElWSGJpNnoiLCJtYWMiOiI5MWFiYzgxMmJjNjMwNGEzZTU3MWEyZGEwZDMyNzViYWEzZTlkYzkwNWViOWVmMmJhZjNkY2QyY2E1Njg1NGVmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9VVGRKelVmMUdYbkVoL2FyOSt3ZkE9PSIsInZhbHVlIjoiYm1DcnVFeE1YRUY2RHdkd3ZZcE5kQU5IajR6ZkpwQXhqaEtXcHBvdnhSQ0VkN0w2MnVPL3MwNTMrQ0F6V3h3aDkvQnMrN1ZhNmNONWk4cmFNa0dIVlEyU2s4b1FnVFgrdFFGdHB2WHFVSkY4WVlUR3JiWjBiUFRJNC9Xa01ERGwiLCJtYWMiOiIzZDk3NjZiNDAwMTY1ODAwYjRiNmQ5ZTg2NzZlNmU4MTBiN2M2MzdlNDhhYmVlYTVhOTdiMzFlZGVjNmQ4OTE1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /Te2y0P/ HTTP/1.1Host: mz.downheld.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InRRK3l1eXR0b1pMRis4bjRNalU3Smc9PSIsInZhbHVlIjoiZXN2eDJCaTNXYXkwSmVSK3ZUdkQ2QWhkV0xxQWw5R05SQWZFTnkyZmp3VTZob2RtZjk3TG45TWIzN2g5RnFXRGZnNUVXUkJYdi8yd2JrVlpCY0VZZTZYVklvNVlDUUhnc3VnNlJXUzhNUUJ6ZDJmSXh1VmEwNUVHOElWSGJpNnoiLCJtYWMiOiI5MWFiYzgxMmJjNjMwNGEzZTU3MWEyZGEwZDMyNzViYWEzZTlkYzkwNWViOWVmMmJhZjNkY2QyY2E1Njg1NGVmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9VVGRKelVmMUdYbkVoL2FyOSt3ZkE9PSIsInZhbHVlIjoiYm1DcnVFeE1YRUY2RHdkd3ZZcE5kQU5IajR6ZkpwQXhqaEtXcHBvdnhSQ0VkN0w2MnVPL3MwNTMrQ0F6V3h3aDkvQnMrN1ZhNmNONWk4cmFNa0dIVlEyU2s4b1FnVFgrdFFGdHB2WHFVSkY4WVlUR3JiWjBiUFRJNC9Xa01ERGwiLCJtYWMiOiIzZDk3NjZiNDAwMTY1ODAwYjRiNmQ5ZTg2NzZlNmU4MTBiN2M2MzdlNDhhYmVlYTVhOTdiMzFlZGVjNmQ4OTE1IiwidGFnIjoiIn0%3D

Source: chromecache_99.1.dr	String found in binary or memory: St();Bo(function(){a();T(b)\|\|Om(a,b)},b)},St=function(){return["ad_storage","ad_user_data"]},Tt=/^(?:www\.)?google(?:\.com?)?(?:\.[a-z]{2}t?)?$/,Ut=/^www\.googleadservices\.com$/,Yt=/^gad_source[_=](\d+)$/;function cu(){return Io("dedupe_gclid",function(){return vr()})};var du=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,eu=/^www.googleadservices.com$/;function fu(a){a\|\|(a=gu());return a.oi?!1:a.oh\|\|a.ph\|\|a.sh\|\|a.qh\|\|a.ac\|\|a.Zg\|\|a.rh\|\|a.gh?!0:!1}function gu(){var a={},b=as(!0);a.oi=!!b._up;var c=qt();a.oh=c.aw!==void 0;a.ph=c.dc!==void 0;a.sh=c.wbraid!==void 0;a.qh=c.gbraid!==void 0;a.rh=c.gclsrc==="aw.ds";a.ac=Qt().ac;var d=C.referrer?gk(mk(C.referrer),"host"):"";a.gh=du.test(d);a.Zg=eu.test(d);return a};var hu=["https://www.google.com","https://www.youtube.com"]; equals www.youtube.com (Youtube)
Source: chromecache_99.1.dr	String found in binary or memory: return f}aI.J="internal.enableAutoEventOnTimer";var ac=va(["data-gtm-yt-inspected-"]),cI=["www.youtube.com","www.youtube-nocookie.com"],dI,eI=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: buildin.ai
Source: global traffic	DNS traffic detected: DNS query: cdn.buildin.ai
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: res.wx.qq.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jjy.fyaadd.cn
Source: global traffic	DNS traffic detected: DNS query: mz.downheld.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com

Source: unknown

HTTP traffic detected: POST /api/spaces/getPublicData HTTP/1.1Host: buildin.aiConnection: keep-aliveContent-Length: 53x-platform: web-cookiex-app-origin: websec-ch-ua-platform: "Windows"Accept-Language: en-US,en;q=0.9,zh;q=0.8x-product: buildinsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0app_version_name: 1.138.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, */*Content-Type: application/jsonX-SENDER-ID: bda2c3b5-a9a8-4099-b2ec-5748a6f4f0edOrigin: https://buildin.aiSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdCookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 15 Apr 2025 19:24:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareCache-Control: max-age=14400Alt-Svc: h3=":443"; ma=86400Cf-Cache-Status: HITAge: 599CF-RAY: 930dd36559edfd57-NRT

Source: chromecache_77.1.dr	String found in binary or memory: http://engelschall.com)
Source: chromecache_85.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_105.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_89.1.dr, chromecache_82.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_77.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT)
Source: chromecache_78.1.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_76.1.dr, chromecache_85.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_100.1.dr, chromecache_84.1.dr	String found in binary or memory: https://Mz.downheld.com/Te2y0P/
Source: chromecache_99.1.dr	String found in binary or memory: https://ad.doubleclick.net/activity;
Source: chromecache_99.1.dr	String found in binary or memory: https://ad.doubleclick.net/activity;register_conversion=1;
Source: chromecache_99.1.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity/
Source: chromecache_99.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_89.1.dr, chromecache_82.1.dr	String found in binary or memory: https://animate.style/
Source: chromecache_85.1.dr	String found in binary or memory: https://assets-cdn.github.com/images/icons/emoji/octocat.png
Source: chromecache_99.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn.buildin.ai/
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/flowus-a377f5cb.css
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/flowus-a76f25fe.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/index-91561f2b.css
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/index-a4549a4f.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/index-legacy.2b761ac0.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/lodash-a06978fb.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/og-image.png
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/polyfills-b835751f.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/polyfills-legacy.d298c497.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/react-vendor-04523c56.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/tiptap-baa69219.js
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn.buildin.ai/emoji/katex.min.css
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/fe-web-app-images/favicon.png
Source: chromecache_106.1.dr, chromecache_76.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/katex
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/mermaid
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.staticfile.org/vConsole/3.15.0/vconsole.min.js
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn2.flowus.cn/
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn2.flowus.cn/emoji/katex.min.css
Source: chromecache_85.1.dr	String found in binary or memory: https://clipboardjs.com/
Source: chromecache_85.1.dr	String found in binary or memory: https://cloud.tencent.com/document/product/436/13318
Source: chromecache_85.1.dr	String found in binary or memory: https://cloud.tencent.com/document/product/436/8629
Source: chromecache_105.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_76.1.dr	String found in binary or memory: https://firebase.googleapis.com/v1alpha/projects/-/apps/
Source: chromecache_76.1.dr	String found in binary or memory: https://firebaseinstallations.googleapis.com/v1
Source: chromecache_76.1.dr	String found in binary or memory: https://firebaselogging.googleapis.com/v0cc/log?format=json_proto
Source: chromecache_76.1.dr	String found in binary or memory: https://firebaseremoteconfig.googleapis.com/v1/projects/
Source: chromecache_85.1.dr	String found in binary or memory: https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
Source: chromecache_76.1.dr	String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: chromecache_77.1.dr	String found in binary or memory: https://github.com/jquery/jquery/blob/master/src/event.js
Source: chromecache_85.1.dr	String found in binary or memory: https://github.com/mholt/PapaParse
Source: chromecache_77.1.dr	String found in binary or memory: https://github.com/nodeca/js-yaml
Source: chromecache_99.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion
Source: chromecache_77.1.dr	String found in binary or memory: https://jquery.org/license/
Source: chromecache_76.1.dr	String found in binary or memory: https://lib.baomitu.com/KaTeX/0.16.9/katex.min.css
Source: chromecache_105.1.dr	String found in binary or memory: https://localforage.github.io/localForage
Source: chromecache_78.1.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_78.1.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_85.1.dr	String found in binary or memory: https://o.wpsgo.com
Source: chromecache_92.1.dr	String found in binary or memory: https://open.weixin.qq.com
Source: chromecache_92.1.dr	String found in binary or memory: https://open.weixin.qq.com/connect/qrconnect?appid=
Source: chromecache_78.1.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_99.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_99.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/ccm/collect
Source: chromecache_99.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_99.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_99.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_99.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_77.1.dr	String found in binary or memory: https://tldrlegal.com/license/mit-license
Source: chromecache_85.1.dr	String found in binary or memory: https://view.officeapps.live.com/op/embed.aspx?src=
Source: chromecache_99.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_99.1.dr	String found in binary or memory: https://www.google.com/ccm/collect
Source: chromecache_99.1.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_76.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_99.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_99.1.dr	String found in binary or memory: https://www.youtube.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.152.2.144:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.147:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.120:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.9.44:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.evad.win@24/56@58/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,3555727635170531520,2265222016016061209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,3555727635170531520,2265222016016061209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match	File source: 1.16.d.script.csv, type: HTML
Source: Yara match	File source: 1.20.d.script.csv, type: HTML

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.52.122.95	buildin.ai	United States	16509	AMAZON-02US	false
151.101.193.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
104.21.64.1	mz.downheld.com	United States	13335	CLOUDFLARENETUS	true
3.161.188.120	unknown	United States	16509	AMAZON-02US	false
62.234.1.137	jjy.fyaadd.cn	China	45090	CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa	false
3.161.188.102	cdn.buildin.ai	United States	16509	AMAZON-02US	false
172.67.69.226	ipapi.co	United States	13335	CLOUDFLARENETUS	false
104.26.9.44	unknown	United States	13335	CLOUDFLARENETUS	false
43.152.2.144	jxt2rgi0.ovslegodl.sched.ovscdns.com	Japan	4249	LILLY-ASUS	false
108.177.122.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.5

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.193.229	true
beacons3.gvt2.com	64.233.185.94	true
cdn.buildin.ai	3.161.188.102	true
beacons-handoff.gcp.gvt2.com	142.251.186.94	true
beacons2.gvt2.com	142.250.101.94	true
beacons.gvt2.com	142.250.115.94	true
jjy.fyaadd.cn	62.234.1.137	true
beacons6.gvt2.com	173.194.219.94	true
ipapi.co	172.67.69.226	true
jxt2rgi0.ovslegodl.sched.ovscdns.com	43.152.2.144	true
gce-beacons.gcp.gvt2.com	35.201.89.62	true
www.google.com	108.177.122.147	true
buildin.ai	52.52.122.95	true
mz.downheld.com	104.21.64.1	true
cdn.jsdelivr.net	unknown	unknown
beacons.gcp.gvt2.com	unknown	unknown
res.wx.qq.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.buildin.ai/assets/polyfills-b835751f.js	false	Avira URL Cloud: safe	unknown
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true	false		high
https://buildin.ai/api/users/me	false		high
https://buildin.ai/api/docs/6c5b0932-dcf8-42f1-95e4-bfa1ed94f5c4	false		high
https://jjy.fyaadd.cn/api/?callback=1-9&channel=shangeyouxiang	false		high
https://mz.downheld.com/Te2y0P/	true		unknown
https://cdn.buildin.ai/assets/index-91561f2b.css	false	Avira URL Cloud: safe	unknown
https://buildin.ai/api/records/query	false		high
https://buildin.ai/api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc	false		high
https://cdn.buildin.ai/assets/index-28dc8c2c.css	false	Avira URL Cloud: safe	unknown
https://res.wx.qq.com/connect/zh_CN/htmledition/js/wxLogin.js	false		high
https://cdn.jsdelivr.net/npm/katex@0.16.9/dist/katex.min.css	false		high
https://cdn.buildin.ai/assets/lodash-a06978fb.js	false	Avira URL Cloud: safe	unknown
https://cdn.buildin.ai/assets/flowus-a377f5cb.css	false		high
https://ipapi.co/country_code/	false		high
https://mz.downheld.com/favicon.ico	false	Avira URL Cloud: malware	unknown
https://cdn.jsdelivr.net/npm/mermaid@10.6.1/dist/mermaid.min.js	false		high
https://cdn.buildin.ai/assets/index-eb1c2f9b.js	false	Avira URL Cloud: safe	unknown
https://buildin.ai/api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc/publicData	false		high
https://cdn.buildin.ai/fe-web-app-images/favicon.png	false		high
https://cdn.buildin.ai/assets/index-a4549a4f.js	false	Avira URL Cloud: safe	unknown
https://cdn.buildin.ai/assets/flowus-a76f25fe.js	false	Avira URL Cloud: safe	unknown
https://buildin.ai/api/spaces/getPublicData	false		high
https://cdn.buildin.ai/assets/react-vendor-04523c56.js	false		high
https://cdn.buildin.ai/assets/tiptap-baa69219.js	false	Avira URL Cloud: safe	unknown
https://cdn.buildin.ai/assets/index-6785ea48.js	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	JSON data	4C76CB85D857889D0382F27F0056B612	4806AB6BEFA24D612DA7A8A4A996174FB825BAC2	0552E57B26215B24AD110EBDDC96285C929EA0E7174417A14BA57C6B9D00DEF2
Chrome Cache Entry: 101	JSON data	4A95547F3D3C5CC0470238E3F1BCD77A	CA8B86C513ADC8D976CBB52A112523AEA25FBD10	A4EE345FFA7958AB73D45DB947B39E183060A9178DC9AD7D1010722DDF369713
Chrome Cache Entry: 102	JSON data	8C4C7804C239ACEA89A1A11804589CE5	3E4D60649634D333E02695BB657B05E6A0BFF121	DA4B1CE0A6833588F4A9BD24350C9F16C31426D439F92B3342B43BFFEC6667C2
Chrome Cache Entry: 103	Unicode text, UTF-8 text, with very long lines (55905), with NEL line terminators	5B32A90D168B85A3305E81E5C4645B56	6E52AF5C6951288018D70FB1036F682DF2F30D16	93CC53CD6F7686D88CD7A55A9C12BF2F517925B04EDE47223ADE4DD02B344B4C
Chrome Cache Entry: 104	ASCII text, with very long lines (65536), with no line terminators	A8D042A17DDDF7C1199F82BE86DBBD9A	0518041CD80D8D6DFF7D02775B4AFBE4531F33DE	596FAB4643790FE8F18C6580C1E37739C1928F66418DC59152699DCA15C27179
Chrome Cache Entry: 105	ASCII text, with very long lines (29951)	05025F1D45C4BD35CDB8C893A807F8D4	67FFB82637861D40832AE99C80830DA14E99A0AF	4DC412E886B000BA0AB7BC85EA04D9375742E90657690B32FC00C0135A8092E0
Chrome Cache Entry: 106	HTML document, Unicode text, UTF-8 text, with very long lines (890)	3003F776FC9B71737B84F7B58F36C69A	9A98754D9589421700BD8E7B1DB3860B99E1A175	E2A80EAB30ABD7A1315AFD61FE1FD5E0EFAD56A4CA44EAB8506D88C6573C56C4
Chrome Cache Entry: 107	JSON data	ED308E1DB37CABEE84E9AE5CBA445777	94C3435422447E9F221FC77B5C74941A175804AD	3C1195A307B3CE44CB8B1FF335561CDA2905A05A242EC4BCDEBCD854122A3277
Chrome Cache Entry: 108	JSON data	489607BE46DB2F52D0EFFC8D60975349	CEF356A6B6C2742B569B4FDD51C03515AD3A71C8	1A93D7260B06A6E416541697DE2A312F69658F59243A90B0CD28F9B7201F1D90
Chrome Cache Entry: 76	ASCII text, with very long lines (4909)	81EC72C8161FD32077B156B3E8CDC30D	ED9ACEF7267E7EF12BDE997D68EEDDA5F1605A1B	BC87063501D83CF5B5D55B13D1DD3A605392354EFE8543C4289F841819543EB3
Chrome Cache Entry: 77	Unicode text, UTF-8 text, with very long lines (64577)	BF484B91EB7AD991DB3FE64A905AE8DC	C995B782F86A40F0E32201A2D33930F345CD98F5	9A6DD17B7CBBC65BE1FB2083FA5FD9B3577E3D4D0011A77DDCC916BE58DF9BFB
Chrome Cache Entry: 78	Unicode text, UTF-8 text, with very long lines (65342), with no line terminators	446C4F5BD01D88A3633A466C994DFC3F	81830957B11D9B69BEF6D170CAB25367C4CB6B37	E4645CED84BE34A7BED2B39049354523FD10448DE419164151DB6F1E8141AAF3
Chrome Cache Entry: 79	ASCII text, with very long lines (10866)	843FF9C13F4E53C9BDF86DB9C6ECD9A0	44524F9B833807D586D862E38B4CD0B80694768C	03856877A6FB06AF9108ECC1E083A5F324846753EF38DC06EAB0D942B00ED214
Chrome Cache Entry: 80	ASCII text, with no line terminators	7516FD43ADAA5E0B8A65A672C39845D2	AA3093554472FD113135BED5B63E12F84C2E9FE8	9B202ECBC6D45C6D8901D989A918878397A3EB9D00E8F48022FC051B19D21A1D
Chrome Cache Entry: 81	ASCII text, with no line terminators	7516FD43ADAA5E0B8A65A672C39845D2	AA3093554472FD113135BED5B63E12F84C2E9FE8	9B202ECBC6D45C6D8901D989A918878397A3EB9D00E8F48022FC051B19D21A1D
Chrome Cache Entry: 82	ASCII text, with very long lines (28558)	E3E627CD79AE00EC7A9FF9F6CAAF11C5	E5085A95771707A07E95D69E2B481AC57F84B908	A377F5CB1206E77EAC81BF17AB600090B870A1AE2F497E480F06BB2C2B6674D7
Chrome Cache Entry: 83	Unicode text, UTF-8 text, with very long lines (64797), with no line terminators	896AF2E76AC990A495FE76006448A948	2B58674FD5E64CE51BFFEA999CCADF05A6237687	8811EB2D114BA24D628CC4F983E79B9728BA42E2EC138EA2E4E82598E3748B21
Chrome Cache Entry: 84	JSON data	4C76CB85D857889D0382F27F0056B612	4806AB6BEFA24D612DA7A8A4A996174FB825BAC2	0552E57B26215B24AD110EBDDC96285C929EA0E7174417A14BA57C6B9D00DEF2
Chrome Cache Entry: 85	ASCII text, with very long lines (65536), with no line terminators	F8D0C94D98D9C128455ADA8A67E1795E	F8C40CD07101078B72336320833E9480FD0D82F0	189A9B3B75AEC42A8402E5DCBF2AB89266D3F96B51CB5AABA88586ADDCF62BF2
Chrome Cache Entry: 86	HTML document, ASCII text, with very long lines (65364)	A0F65518A1DFB8711D73FC91BD32B881	13BAA1466C23ACEA91BBF52DBF3FD8C2B7A99F2E	25281AC1AA16CD89F315010AFADCC6C6C2D2092967616420C5889BB18E6F4F90
Chrome Cache Entry: 87	Unicode text, UTF-8 text, with very long lines (1292)	2B9B41C1A133F9C21653A2DD699F5C22	87B6E8CBFF9A1A2B55386D654BF7147FB432F16D	28DC8C2CE37A350EC70002EBC963DD9246D2F5C55F5E1CE6152EF8F73BDED428
Chrome Cache Entry: 88	JSON data	7477D5C4CA312D6406677E31B81874FD	825D031873D6FD4485EE8F5722B65717A63C6D86	5F0716F86A9F0474F1B7F433FCB789D26BD41DF848662B0B43C3CBBADDC4681E
Chrome Cache Entry: 89	ASCII text, with very long lines (65536), with no line terminators	5C2F6B15E5786F4FD502A9DB2DF85CE7	2929745D0E1D52355AC7B6E81EE57AE80AE7F930	91561F2B93FDC6FF92B7537CFE2E1D58B4F3EBB7AC31C85D7FEFC22A5A745913
Chrome Cache Entry: 90	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	A7BBCAAFF9B421C8065E6A3A46D0D813	2A06DF946D8402E69CD292D5303CDFF71635A27D	9CF0E97735FFBE4ECDA264F9487B7DF63389FC5A258C88A4FEB068FD08612122
Chrome Cache Entry: 91	JSON data	4A95547F3D3C5CC0470238E3F1BCD77A	CA8B86C513ADC8D976CBB52A112523AEA25FBD10	A4EE345FFA7958AB73D45DB947B39E183060A9178DC9AD7D1010722DDF369713
Chrome Cache Entry: 92	ASCII text, with very long lines (1252), with no line terminators	96B1529597F211B746E7DF6AAB4F33A9	C72C449FD6E4CB52CE10643E8FAB385A2A68DC38	ECB6FA728318B6C196B5F3DF754B697E3D1A3D5EF0AD28C3C5BF20FE6D1FA92E
Chrome Cache Entry: 93	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	B8A26EF4088C941B5D1AE0230C15F04A	E7354859F0E06F70AE31941687C3AB6F65C3AECE	3D99D9461BC257547AD40B659DC4EB715CD277F5EE167EA5F4CA39D25B89A3C2
Chrome Cache Entry: 94	HTML document, Unicode text, UTF-8 text, with very long lines (1136)	250086C64F3CAFC9EB14589D5F4220FB	EB0351730E116EDD971B3D74A68D128AF3833BA1	772755C2DEFBBF2C9E0E1CE4E768A75724DCEC8A9FDE9B048666BE8D93377271
Chrome Cache Entry: 95	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	A7BBCAAFF9B421C8065E6A3A46D0D813	2A06DF946D8402E69CD292D5303CDFF71635A27D	9CF0E97735FFBE4ECDA264F9487B7DF63389FC5A258C88A4FEB068FD08612122
Chrome Cache Entry: 96	JSON data	489607BE46DB2F52D0EFFC8D60975349	CEF356A6B6C2742B569B4FDD51C03515AD3A71C8	1A93D7260B06A6E416541697DE2A312F69658F59243A90B0CD28F9B7201F1D90
Chrome Cache Entry: 97	ASCII text, with very long lines (23195)	1612BCD72CC503F18E2F302B3A2ADDD1	94EDBC490693DA7F3CE048546ED3B790D8810247	505D5F829022BB7B4F24DFEE0AA1141CD7BBA67AFE411D1240335F820960B5C3
Chrome Cache Entry: 98	JSON data	642929FA6A8B8EF635B4FB1E4F2E6419	CF4F818DDC0086D87CDA4BA7D646996EEE2BEF48	E6B87ADE57D364795C8DB88434B78AAE3C9FA0B47A5C3EB97C94E00032D5DAF3
Chrome Cache Entry: 99	ASCII text, with very long lines (6129)	76C5F6ACE05720CF7955E8A8BE969C24	0343CDDF25EBBF45AB26EAC3AA716B8F91743F24	1F6F6BC6DA632CEA1635C0FCC6BA8DD3CFDFCEC3CC3194F1196C8FA30F1E8B21

AV Detection

Antivirus detection for URL or domain

Source: https://mz.downheld.com/favicon.ico

Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish44

Source: Yara match

File source: dropped/chromecache_86, type: DROPPED

Yara detected Invisible JS

Source: Yara match	File source: 1.15.d.script.csv, type: HTML
Source: Yara match	File source: 1.21.d.script.csv, type: HTML
Source: Yara match	File source: 1.18.d.script.csv, type: HTML
Source: Yara match	File source: 1.22.d.script.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.4.pages.csv, type: HTML

Yara detected Obfuscation Via HangulCharacter

Source: Yara match	File source: 1.15.d.script.csv, type: HTML
Source: Yara match	File source: 1.21.d.script.csv, type: HTML
Source: Yara match	File source: 1.22.d.script.csv, type: HTML
Source: Yara match	File source: 1.18.d.script.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.4.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 1.16.d.script.csv, type: HTML
Source: Yara match	File source: 1.20.d.script.csv, type: HTML

AI detected landing page (webpage, office document or email)

Source: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true

Joe Sandbox AI: Page contains button: 'REVIEW SECURE DOCUMENT' Source: '0.1.pages.csv'

AI detected suspicious Javascript

Source: 1.24..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mz.downheld.com/Te2y0P/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by writing the decoded content to the document, suggests the script is attempting to execute remote or dynamic code. Additionally, the script appears to be sending data to an unknown domain (`Mz.downheld.com`), which is a strong indicator of potential data exfiltration. The overall level of obfuscation and suspicious behavior warrants a high-risk score.
Source: 1.17..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mz.downheld.com/Te2y0P/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by writing the decoded content to the document, suggests the script is attempting to inject and execute remote or dynamic code. Additionally, the script appears to be interacting with an untrusted domain (`Mz.downheld.com`), further increasing the risk. Overall, this script exhibits a high level of malicious intent and should be treated with caution.

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.2

OCR Text: Bid Invite You've received (2) new PDF Documents far your review REVIEW SECURE DOCUMENT Powered by Buildln.Al [f any content violates regulatidns or infringes rights, click&port

Source: https://mz.downheld.com/Te2y0P/	HTTP Parser: No favicon
Source: https://mz.downheld.com/Te2y0P/	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.152.2.144:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.147:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.120:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.9.44:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 64MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.105.94
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true HTTP/1.1Host: buildin.aiConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/katex@0.16.9/dist/katex.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/mermaid@10.6.1/dist/mermaid.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/polyfills-b835751f.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-a4549a4f.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/flowus-a377f5cb.css HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/react-vendor-04523c56.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/lodash-a06978fb.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/flowus-a76f25fe.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-91561f2b.css HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/tiptap-baa69219.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/users/me HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiex-app-origin: websec-ch-ua-platform: "Windows"Accept-Language: en-US,en;q=0.9,zh;q=0.8x-product: buildinsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0app_version_name: 1.138.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /X-SENDER-ID: bda2c3b5-a9a8-4099-b2ec-5748a6f4f0edSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdCookie: next_lng=undefined
Source: global traffic	HTTP traffic detected: GET /connect/zh_CN/htmledition/js/wxLogin.js HTTP/1.1Host: res.wx.qq.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-28dc8c2c.css HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-6785ea48.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/index-eb1c2f9b.js HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveOrigin: https://buildin.aisec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-web-app-images/favicon.png HTTP/1.1Host: cdn.buildin.aiConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /country_code/ HTTP/1.1Host: ipapi.coConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://buildin.aiSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fe-web-app-images/favicon.png HTTP/1.1Host: cdn.buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /country_code/ HTTP/1.1Host: ipapi.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiex-app-origin: websec-ch-ua-platform: "Windows"Accept-Language: en-US,en;q=0.9,zh;q=0.8x-product: buildinsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0app_version_name: 1.138.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /X-SENDER-ID: bda2c3b5-a9a8-4099-b2ec-5748a6f4f0edSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdCookie: next_lng=undefined
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc/publicData HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiex-app-origin: websec-ch-ua-platform: "Windows"Accept-Language: en-US,en;q=0.9,zh;q=0.8x-product: buildinsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0app_version_name: 1.138.0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /X-SENDER-ID: bda2c3b5-a9a8-4099-b2ec-5748a6f4f0edSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdCookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/?callback=1-9&channel=shangeyouxiang HTTP/1.1Host: jjy.fyaadd.cnConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, /sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://buildin.aiSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/spaces/getPublicData HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc/publicData HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/6c5b0932-dcf8-42f1-95e4-bfa1ed94f5c4 HTTP/1.1Host: buildin.aiConnection: keep-alivex-platform: web-cookiesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=trueAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/docs/6c5b0932-dcf8-42f1-95e4-bfa1ed94f5c4 HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/records/query HTTP/1.1Host: buildin.aiConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: next_lng=undefined; _ga_03Y654EEER=GS1.1.1744745067.1.0.1744745067.0.0.0; _ga=GA1.1.1085864.1744745067; locale=en-us
Source: global traffic	HTTP traffic detected: GET /api/?callback=1-9&channel=shangeyouxiang HTTP/1.1Host: jjy.fyaadd.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Te2y0P/ HTTP/1.1Host: mz.downheld.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mz.downheld.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mz.downheld.com/Te2y0P/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InRRK3l1eXR0b1pMRis4bjRNalU3Smc9PSIsInZhbHVlIjoiZXN2eDJCaTNXYXkwSmVSK3ZUdkQ2QWhkV0xxQWw5R05SQWZFTnkyZmp3VTZob2RtZjk3TG45TWIzN2g5RnFXRGZnNUVXUkJYdi8yd2JrVlpCY0VZZTZYVklvNVlDUUhnc3VnNlJXUzhNUUJ6ZDJmSXh1VmEwNUVHOElWSGJpNnoiLCJtYWMiOiI5MWFiYzgxMmJjNjMwNGEzZTU3MWEyZGEwZDMyNzViYWEzZTlkYzkwNWViOWVmMmJhZjNkY2QyY2E1Njg1NGVmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9VVGRKelVmMUdYbkVoL2FyOSt3ZkE9PSIsInZhbHVlIjoiYm1DcnVFeE1YRUY2RHdkd3ZZcE5kQU5IajR6ZkpwQXhqaEtXcHBvdnhSQ0VkN0w2MnVPL3MwNTMrQ0F6V3h3aDkvQnMrN1ZhNmNONWk4cmFNa0dIVlEyU2s4b1FnVFgrdFFGdHB2WHFVSkY4WVlUR3JiWjBiUFRJNC9Xa01ERGwiLCJtYWMiOiIzZDk3NjZiNDAwMTY1ODAwYjRiNmQ5ZTg2NzZlNmU4MTBiN2M2MzdlNDhhYmVlYTVhOTdiMzFlZGVjNmQ4OTE1IiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /Te2y0P/ HTTP/1.1Host: mz.downheld.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InRRK3l1eXR0b1pMRis4bjRNalU3Smc9PSIsInZhbHVlIjoiZXN2eDJCaTNXYXkwSmVSK3ZUdkQ2QWhkV0xxQWw5R05SQWZFTnkyZmp3VTZob2RtZjk3TG45TWIzN2g5RnFXRGZnNUVXUkJYdi8yd2JrVlpCY0VZZTZYVklvNVlDUUhnc3VnNlJXUzhNUUJ6ZDJmSXh1VmEwNUVHOElWSGJpNnoiLCJtYWMiOiI5MWFiYzgxMmJjNjMwNGEzZTU3MWEyZGEwZDMyNzViYWEzZTlkYzkwNWViOWVmMmJhZjNkY2QyY2E1Njg1NGVmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9VVGRKelVmMUdYbkVoL2FyOSt3ZkE9PSIsInZhbHVlIjoiYm1DcnVFeE1YRUY2RHdkd3ZZcE5kQU5IajR6ZkpwQXhqaEtXcHBvdnhSQ0VkN0w2MnVPL3MwNTMrQ0F6V3h3aDkvQnMrN1ZhNmNONWk4cmFNa0dIVlEyU2s4b1FnVFgrdFFGdHB2WHFVSkY4WVlUR3JiWjBiUFRJNC9Xa01ERGwiLCJtYWMiOiIzZDk3NjZiNDAwMTY1ODAwYjRiNmQ5ZTg2NzZlNmU4MTBiN2M2MzdlNDhhYmVlYTVhOTdiMzFlZGVjNmQ4OTE1IiwidGFnIjoiIn0%3D

Source: chromecache_99.1.dr	String found in binary or memory: St();Bo(function(){a();T(b)\|\|Om(a,b)},b)},St=function(){return["ad_storage","ad_user_data"]},Tt=/^(?:www\.)?google(?:\.com?)?(?:\.[a-z]{2}t?)?$/,Ut=/^www\.googleadservices\.com$/,Yt=/^gad_source[_=](\d+)$/;function cu(){return Io("dedupe_gclid",function(){return vr()})};var du=/^(www\.)?google(\.com?)?(\.[a-z]{2}t?)?$/,eu=/^www.googleadservices.com$/;function fu(a){a\|\|(a=gu());return a.oi?!1:a.oh\|\|a.ph\|\|a.sh\|\|a.qh\|\|a.ac\|\|a.Zg\|\|a.rh\|\|a.gh?!0:!1}function gu(){var a={},b=as(!0);a.oi=!!b._up;var c=qt();a.oh=c.aw!==void 0;a.ph=c.dc!==void 0;a.sh=c.wbraid!==void 0;a.qh=c.gbraid!==void 0;a.rh=c.gclsrc==="aw.ds";a.ac=Qt().ac;var d=C.referrer?gk(mk(C.referrer),"host"):"";a.gh=du.test(d);a.Zg=eu.test(d);return a};var hu=["https://www.google.com","https://www.youtube.com"]; equals www.youtube.com (Youtube)
Source: chromecache_99.1.dr	String found in binary or memory: return f}aI.J="internal.enableAutoEventOnTimer";var ac=va(["data-gtm-yt-inspected-"]),cI=["www.youtube.com","www.youtube-nocookie.com"],dI,eI=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: buildin.ai
Source: global traffic	DNS traffic detected: DNS query: cdn.buildin.ai
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: res.wx.qq.com
Source: global traffic	DNS traffic detected: DNS query: ipapi.co
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: jjy.fyaadd.cn
Source: global traffic	DNS traffic detected: DNS query: mz.downheld.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons2.gvt2.com
Source: global traffic	DNS traffic detected: DNS query: beacons3.gvt2.com

Source: unknown

Source: global traffic

Source: chromecache_77.1.dr	String found in binary or memory: http://engelschall.com)
Source: chromecache_85.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_105.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_89.1.dr, chromecache_82.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_77.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT)
Source: chromecache_78.1.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_76.1.dr, chromecache_85.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_100.1.dr, chromecache_84.1.dr	String found in binary or memory: https://Mz.downheld.com/Te2y0P/
Source: chromecache_99.1.dr	String found in binary or memory: https://ad.doubleclick.net/activity;
Source: chromecache_99.1.dr	String found in binary or memory: https://ad.doubleclick.net/activity;register_conversion=1;
Source: chromecache_99.1.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity/
Source: chromecache_99.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_89.1.dr, chromecache_82.1.dr	String found in binary or memory: https://animate.style/
Source: chromecache_85.1.dr	String found in binary or memory: https://assets-cdn.github.com/images/icons/emoji/octocat.png
Source: chromecache_99.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn.buildin.ai/
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/flowus-a377f5cb.css
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/flowus-a76f25fe.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/index-91561f2b.css
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/index-a4549a4f.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/index-legacy.2b761ac0.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/lodash-a06978fb.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/og-image.png
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/polyfills-b835751f.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/polyfills-legacy.d298c497.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/react-vendor-04523c56.js
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/assets/tiptap-baa69219.js
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn.buildin.ai/emoji/katex.min.css
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.buildin.ai/fe-web-app-images/favicon.png
Source: chromecache_106.1.dr, chromecache_76.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/katex
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/mermaid
Source: chromecache_106.1.dr	String found in binary or memory: https://cdn.staticfile.org/vConsole/3.15.0/vconsole.min.js
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn2.flowus.cn/
Source: chromecache_76.1.dr	String found in binary or memory: https://cdn2.flowus.cn/emoji/katex.min.css
Source: chromecache_85.1.dr	String found in binary or memory: https://clipboardjs.com/
Source: chromecache_85.1.dr	String found in binary or memory: https://cloud.tencent.com/document/product/436/13318
Source: chromecache_85.1.dr	String found in binary or memory: https://cloud.tencent.com/document/product/436/8629
Source: chromecache_105.1.dr	String found in binary or memory: https://feross.org
Source: chromecache_76.1.dr	String found in binary or memory: https://firebase.googleapis.com/v1alpha/projects/-/apps/
Source: chromecache_76.1.dr	String found in binary or memory: https://firebaseinstallations.googleapis.com/v1
Source: chromecache_76.1.dr	String found in binary or memory: https://firebaselogging.googleapis.com/v0cc/log?format=json_proto
Source: chromecache_76.1.dr	String found in binary or memory: https://firebaseremoteconfig.googleapis.com/v1/projects/
Source: chromecache_85.1.dr	String found in binary or memory: https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
Source: chromecache_76.1.dr	String found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
Source: chromecache_77.1.dr	String found in binary or memory: https://github.com/jquery/jquery/blob/master/src/event.js
Source: chromecache_85.1.dr	String found in binary or memory: https://github.com/mholt/PapaParse
Source: chromecache_77.1.dr	String found in binary or memory: https://github.com/nodeca/js-yaml
Source: chromecache_99.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion
Source: chromecache_77.1.dr	String found in binary or memory: https://jquery.org/license/
Source: chromecache_76.1.dr	String found in binary or memory: https://lib.baomitu.com/KaTeX/0.16.9/katex.min.css
Source: chromecache_105.1.dr	String found in binary or memory: https://localforage.github.io/localForage
Source: chromecache_78.1.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_78.1.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_85.1.dr	String found in binary or memory: https://o.wpsgo.com
Source: chromecache_92.1.dr	String found in binary or memory: https://open.weixin.qq.com
Source: chromecache_92.1.dr	String found in binary or memory: https://open.weixin.qq.com/connect/qrconnect?appid=
Source: chromecache_78.1.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_99.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_99.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/ccm/collect
Source: chromecache_99.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_99.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_99.1.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_99.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_77.1.dr	String found in binary or memory: https://tldrlegal.com/license/mit-license
Source: chromecache_85.1.dr	String found in binary or memory: https://view.officeapps.live.com/op/embed.aspx?src=
Source: chromecache_99.1.dr	String found in binary or memory: https://www.google.com
Source: chromecache_99.1.dr	String found in binary or memory: https://www.google.com/ccm/collect
Source: chromecache_99.1.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_76.1.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js
Source: chromecache_99.1.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_99.1.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_99.1.dr	String found in binary or memory: https://www.youtube.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49673
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.102:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.152.2.144:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.177.122.147:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.69.226:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.161.188.120:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.9.44:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.52.122.95:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 62.234.1.137:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.16:49765 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.evad.win@24/56@58/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,3555727635170531520,2265222016016061209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,3555727635170531520,2265222016016061209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Malware Analysis System Evasion

Yara detected AntiDebug via timestamp check

Source: Yara match	File source: 1.16.d.script.csv, type: HTML
Source: Yara match	File source: 1.20.d.script.csv, type: HTML

ID:	1665808
Product:	CloudBasic
Start time:	21:23:46
Start date:	15.04.2025
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true