IOC Report
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true

loading gif

Files

File Path
Type
Category
Malicious
Chrome Cache Entry: 100
JSON data
dropped
Chrome Cache Entry: 101
JSON data
downloaded
Chrome Cache Entry: 102
JSON data
dropped
Chrome Cache Entry: 103
Unicode text, UTF-8 text, with very long lines (55905), with NEL line terminators
downloaded
Chrome Cache Entry: 104
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 105
ASCII text, with very long lines (29951)
downloaded
Chrome Cache Entry: 106
HTML document, Unicode text, UTF-8 text, with very long lines (890)
downloaded
Chrome Cache Entry: 107
JSON data
dropped
Chrome Cache Entry: 108
JSON data
dropped
Chrome Cache Entry: 76
ASCII text, with very long lines (4909)
downloaded
Chrome Cache Entry: 77
Unicode text, UTF-8 text, with very long lines (64577)
downloaded
Chrome Cache Entry: 78
Unicode text, UTF-8 text, with very long lines (65342), with no line terminators
downloaded
Chrome Cache Entry: 79
ASCII text, with very long lines (10866)
downloaded
Chrome Cache Entry: 80
ASCII text, with no line terminators
dropped
Chrome Cache Entry: 81
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 82
ASCII text, with very long lines (28558)
downloaded
Chrome Cache Entry: 83
Unicode text, UTF-8 text, with very long lines (64797), with no line terminators
downloaded
Chrome Cache Entry: 84
JSON data
downloaded
Chrome Cache Entry: 85
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 86
HTML document, ASCII text, with very long lines (65364)
downloaded
Chrome Cache Entry: 87
Unicode text, UTF-8 text, with very long lines (1292)
downloaded
Chrome Cache Entry: 88
JSON data
downloaded
Chrome Cache Entry: 89
ASCII text, with very long lines (65536), with no line terminators
downloaded
Chrome Cache Entry: 90
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 91
JSON data
dropped
Chrome Cache Entry: 92
ASCII text, with very long lines (1252), with no line terminators
downloaded
Chrome Cache Entry: 93
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
dropped
Chrome Cache Entry: 94
HTML document, Unicode text, UTF-8 text, with very long lines (1136)
dropped
Chrome Cache Entry: 95
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 96
JSON data
downloaded
Chrome Cache Entry: 97
ASCII text, with very long lines (23195)
downloaded
Chrome Cache Entry: 98
JSON data
dropped
Chrome Cache Entry: 99
ASCII text, with very long lines (6129)
downloaded
There are 24 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,3555727635170531520,2265222016016061209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true"

URLs

Name
IP
Malicious
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true
malicious
https://mz.downheld.com/Te2y0P/
malicious
https://ad.doubleclick.net/activity;register_conversion=1;
unknown
https://stats.g.doubleclick.net/g/collect
unknown
https://cdn.buildin.ai/assets/polyfills-b835751f.js
3.161.188.102
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true
https://cdn.buildin.ai/assets/index-legacy.2b761ac0.js
unknown
https://buildin.ai/api/users/me
52.52.122.95
https://cdn.staticfile.org/vConsole/3.15.0/vconsole.min.js
unknown
https://assets-cdn.github.com/images/icons/emoji/octocat.png
unknown
https://buildin.ai/api/docs/6c5b0932-dcf8-42f1-95e4-bfa1ed94f5c4
52.52.122.95
https://Mz.downheld.com/Te2y0P/
unknown
http://opensource.org/licenses/MIT)
unknown
https://clipboardjs.com/
unknown
https://localforage.github.io/localForage
unknown
https://jjy.fyaadd.cn/api/?callback=1-9&channel=shangeyouxiang
62.234.1.137
https://googleads.g.doubleclick.net/pagead/viewthroughconversion
unknown
https://cdn.buildin.ai/assets/index-91561f2b.css
3.161.188.102
https://www.youtube.com
unknown
https://github.com/mholt/PapaParse
unknown
https://www.google.com
unknown
https://buildin.ai/api/records/query
52.52.122.95
https://github.com/focus-trap/tabbable/blob/master/LICENSE
unknown
https://buildin.ai/api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc
52.52.122.95
https://www.google.com/travel/flights/click/conversion
unknown
https://cdn.buildin.ai/assets/index-28dc8c2c.css
3.161.188.102
https://open.weixin.qq.com
unknown
https://cdn.buildin.ai/
unknown
https://cdn.jsdelivr.net/npm/mermaid
unknown
https://cdn.buildin.ai/emoji/katex.min.css
unknown
https://openjsf.org/
unknown
https://res.wx.qq.com/connect/zh_CN/htmledition/js/wxLogin.js
43.152.2.144
http://jedwatson.github.io/classnames
unknown
https://cdn.jsdelivr.net/npm/katex@0.16.9/dist/katex.min.css
151.101.193.229
https://cdn.buildin.ai/assets/lodash-a06978fb.js
3.161.188.102
https://cdn.buildin.ai/assets/flowus-a377f5cb.css
3.161.188.102
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://ipapi.co/country_code/
172.67.69.226
https://open.weixin.qq.com/connect/qrconnect?appid=
unknown
https://mz.downheld.com/favicon.ico
104.21.64.1
https://cdn.jsdelivr.net/npm/katex
unknown
https://github.com/nodeca/js-yaml
unknown
https://lodash.com/
unknown
https://cdn.buildin.ai/assets/og-image.png
unknown
https://jquery.org/license/
unknown
https://cdn.jsdelivr.net/npm/mermaid@10.6.1/dist/mermaid.min.js
151.101.193.229
http://opensource.org/licenses/MIT
unknown
https://animate.style/
unknown
https://cct.google/taggy/agent.js
unknown
https://cloud.tencent.com/document/product/436/8629
unknown
https://cdn.buildin.ai/assets/index-eb1c2f9b.js
3.161.188.102
http://underscorejs.org/LICENSE
unknown
https://feross.org
unknown
https://cdn2.flowus.cn/
unknown
https://ad.doubleclick.net/activity;
unknown
https://td.doubleclick.net
unknown
https://buildin.ai/api/docs/674acdf6-b0f8-4159-b30d-fc967398d1bc/publicData
52.52.122.95
https://lib.baomitu.com/KaTeX/0.16.9/katex.min.css
unknown
https://www.merchant-center-analytics.goog
unknown
https://github.com/jquery/jquery/blob/master/src/event.js
unknown
https://o.wpsgo.com
unknown
https://cdn.buildin.ai/fe-web-app-images/favicon.png
3.161.188.102
https://lodash.com/license
unknown
https://stats.g.doubleclick.net/g/collect?v=2&
unknown
https://cdn.buildin.ai/assets/index-a4549a4f.js
3.161.188.102
https://cdn.buildin.ai/assets/flowus-a76f25fe.js
3.161.188.102
https://cdn.buildin.ai/assets/polyfills-legacy.d298c497.js
unknown
https://cdn2.flowus.cn/emoji/katex.min.css
unknown
https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
unknown
https://www.google.com/ccm/collect
unknown
http://feross.org
unknown
https://tldrlegal.com/license/mit-license
unknown
https://buildin.ai/api/spaces/getPublicData
52.52.122.95
https://adservice.google.com/pagead/regclk?
unknown
https://cdn.buildin.ai/assets/react-vendor-04523c56.js
3.161.188.102
http://engelschall.com)
unknown
https://cdn.buildin.ai/assets/tiptap-baa69219.js
3.161.188.102
https://cdn.buildin.ai/assets/index-6785ea48.js
3.161.188.102
https://cloud.tencent.com/document/product/436/13318
unknown
There are 68 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mz.downheld.com
104.21.64.1
 malicious
jsdelivr.map.fastly.net
151.101.193.229
beacons3.gvt2.com
64.233.185.94
cdn.buildin.ai
3.161.188.102
beacons-handoff.gcp.gvt2.com
142.251.186.94
beacons2.gvt2.com
142.250.101.94
beacons.gvt2.com
142.250.115.94
jjy.fyaadd.cn
62.234.1.137
beacons6.gvt2.com
173.194.219.94
ipapi.co
172.67.69.226
jxt2rgi0.ovslegodl.sched.ovscdns.com
43.152.2.144
gce-beacons.gcp.gvt2.com
35.201.89.62
www.google.com
108.177.122.147
buildin.ai
52.52.122.95
cdn.jsdelivr.net
unknown
beacons.gcp.gvt2.com
unknown
res.wx.qq.com
unknown
There are 7 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
104.21.64.1
mz.downheld.com
United States
malicious
52.52.122.95
buildin.ai
United States
151.101.193.229
jsdelivr.map.fastly.net
United States
192.168.2.16
unknown
unknown
192.168.2.5
unknown
unknown
3.161.188.120
unknown
United States
62.234.1.137
jjy.fyaadd.cn
China
3.161.188.102
cdn.buildin.ai
United States
172.67.69.226
ipapi.co
United States
104.26.9.44
unknown
United States
43.152.2.144
jxt2rgi0.ovslegodl.sched.ovscdns.com
Japan
108.177.122.147
www.google.com
United States
There are 2 hidden IPs, click here to show them.

DOM / HTML

URL
Malicious
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true
 malicious
https://mz.downheld.com/Te2y0P/
 malicious
https://mz.downheld.com/Te2y0P/
 malicious
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true
https://buildin.ai/share/674acdf6-b0f8-4159-b30d-fc967398d1bc?code=5JR59P&embed=true