Edit tour

Windows Analysis Report
https://uphold-login-account23.godaddysites.com/

Overview

General Information

Sample URL:	https://uphold-login-account23.godaddysites.com/
Analysis ID:	1522004
Tags:	openphish
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Detected non-DNS traffic on DNS port

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=2024,i,18371166248541657203,7649873792208682438,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://uphold-login-account23.godaddysites.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://uphold-login-account23.godaddysites.com/

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Phishing

AI detected phishing page

Source: https://uphold-login-account23.godaddysites.com/

LLM: Score: 9 Reasons: The legitimate domain for Uphold is uphold.com., The provided URL 'uphold-login-account23.godaddysites.com' contains extra words and is hosted on a subdomain of 'godaddysites.com', which is not associated with the official Uphold domain., The use of 'godaddysites.com' suggests the site is hosted on a web hosting service, which is commonly used for phishing attempts., The URL structure with 'uphold-login-account23' is suspicious and indicative of phishing tactics. DOM: 0.0.pages.csv

Source: https://uphold-login-account23.godaddysites.com/	HTTP Parser: Title: uphold-login-account does not match URL
Source: https://uphold-login-account23.godaddysites.com/services	HTTP Parser: Title: uphold-login-account does not match URL
Source: https://uphold-login-account23.godaddysites.com/contact-us	HTTP Parser: Title: uphold-login-account does not match URL

Source: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applications&utm_campaign=en-in_corp_applications_base

HTTP Parser: No favicon

Source: https://uphold-login-account23.godaddysites.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://uphold-login-account23.godaddysites.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://uphold-login-account23.godaddysites.com/services	HTTP Parser: No <meta name="copyright".. found
Source: https://uphold-login-account23.godaddysites.com/services	HTTP Parser: No <meta name="copyright".. found
Source: https://uphold-login-account23.godaddysites.com/contact-us	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49741 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.5:61563 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: uphold-login-account23.godaddysites.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /sw.js HTTP/1.1Host: uphold-login-account23.godaddysites.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://uphold-login-account23.godaddysites.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=1&C_TOUCH=2024-09-29T05:11:08.389Z
Source: global traffic	HTTP traffic detected: GET /manifest.webmanifest HTTP/1.1Host: uphold-login-account23.godaddysites.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://uphold-login-account23.godaddysites.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: uphold-login-account23.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://uphold-login-account23.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=1&C_TOUCH=2024-09-29T05:11:08.389Z
Source: global traffic	HTTP traffic detected: GET /services HTTP/1.1Host: uphold-login-account23.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://uphold-login-account23.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=1&C_TOUCH=2024-09-29T05:11:08.389Z
Source: global traffic	HTTP traffic detected: GET /contact-us HTTP/1.1Host: uphold-login-account23.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://uphold-login-account23.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=1&C_TOUCH=2024-09-29T05:11:08.389Z
Source: global traffic	HTTP traffic detected: GET /sw.js HTTP/1.1Host: uphold-login-account23.godaddysites.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://uphold-login-account23.godaddysites.com/sw.jsUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=3&C_TOUCH=2024-09-29T05:11:24.499ZIf-None-Match: 3ca849560265e27b92c251b4546c3e70

Source: global traffic	DNS traffic detected: DNS query: uphold-login-account23.godaddysites.com
Source: global traffic	DNS traffic detected: DNS query: img1.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: isteam.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: events.api.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: csp.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: www.godaddy.com

Source: chromecache_326.2.dr, chromecache_273.2.dr, chromecache_324.2.dr, chromecache_310.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://github.com/andrew-paglinawan/QuicksandFamily)
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2)
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk40eiNxw.woff2)
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk50eiNxw.woff2)
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hJFQNcOM.woff2)
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hJVQNcOM.woff2)
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2)
Source: chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/isteam/ip/455a09e4-7fe3-49f8-8e6b-5c4ae1e21d11/upholdddd.png
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://img1.wsimg.com/poly/v3/polyfill.min.js?rum=0&unknown=polyfill&flags=gated&features=Intl.~loc
Source: chromecache_271.2.dr	String found in binary or memory: https://policies.google.com/privacy
Source: chromecache_271.2.dr	String found in binary or memory: https://policies.google.com/terms
Source: chromecache_306.2.dr	String found in binary or memory: https://uphold-login-account.godaddysites.com/
Source: chromecache_264.2.dr	String found in binary or memory: https://uphold-login-account.godaddysites.com/contact-us
Source: chromecache_285.2.dr	String found in binary or memory: https://uphold-login-account.godaddysites.com/services
Source: chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	String found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61584
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61584 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49741 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@24/174@18/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=2024,i,18371166248541657203,7649873792208682438,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://uphold-login-account23.godaddysites.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=2024,i,18371166248541657203,7649873792208682438,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Accept

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://uphold-login-account23.godaddysites.com/	100%	SlashNext	Fraudulent Website type: Phishing & Social Engineering

Source	Detection	Scanner	Label
https://policies.google.com/privacy	0%	URL Reputation	safe
http://scripts.sil.org/OFL	0%	URL Reputation	safe
http://jedwatson.github.io/classnames	0%	URL Reputation	safe
https://policies.google.com/terms	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
uphold-login-account23.godaddysites.com	13.248.243.5	true	true	unknown
www.google.com	172.217.16.132	true	false	unknown
isteam.wsimg.com	3.121.64.201	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
img1.wsimg.com	unknown	unknown	false	unknown
csp.secureserver.net	unknown	unknown	false	unknown
events.api.secureserver.net	unknown	unknown	false	unknown
www.godaddy.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://uphold-login-account23.godaddysites.com/	true	unknown
https://uphold-login-account23.godaddysites.com/manifest.webmanifest	true	unknown
https://uphold-login-account23.godaddysites.com/sw.js	true	unknown
https://uphold-login-account23.godaddysites.com/contact-us	true	unknown
https://uphold-login-account23.godaddysites.com/services	true	unknown
https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applications&utm_campaign=en-in_corp_applications_base	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://uphold-login-account.godaddysites.com/services	chromecache_285.2.dr	false		unknown
https://uphold-login-account.godaddysites.com/contact-us	chromecache_264.2.dr	false		unknown
https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hJFQNcOM.woff2)	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hJVQNcOM.woff2)	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://img1.wsimg.com/poly/v3/polyfill.min.js?rum=0&unknown=polyfill&flags=gated&features=Intl.~loc	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://github.com/andrew-paglinawan/QuicksandFamily)	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk50eiNxw.woff2)	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk40eiNxw.woff2)	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2)	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://policies.google.com/privacy	chromecache_271.2.dr	false	URL Reputation: safe	unknown
https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
http://scripts.sil.org/OFL	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false	URL Reputation: safe	unknown
https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2)	chromecache_264.2.dr, chromecache_285.2.dr, chromecache_306.2.dr	false		unknown
https://img1.wsimg.com/isteam/ip/455a09e4-7fe3-49f8-8e6b-5c4ae1e21d11/upholdddd.png	chromecache_306.2.dr	false		unknown
http://jedwatson.github.io/classnames	chromecache_326.2.dr, chromecache_273.2.dr, chromecache_324.2.dr, chromecache_310.2.dr	false	URL Reputation: safe	unknown
https://policies.google.com/terms	chromecache_271.2.dr	false	URL Reputation: safe	unknown
https://uphold-login-account.godaddysites.com/	chromecache_306.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.121.64.201	isteam.wsimg.com	United States	16509	AMAZON-02US	false
13.248.243.5	uphold-login-account23.godaddysites.com	United States	16509	AMAZON-02US	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.16.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522004
Start date and time:	2024-09-29 07:10:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://uphold-login-account23.godaddysites.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.phis.win@24/174@18/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://uphold-login-account23.godaddysites.com/services Browse: https://uphold-login-account23.godaddysites.com/contact-us Browse: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applications&utm_campaign=en-in_corp_applications_base

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.23.99, 216.58.206.78, 173.194.76.84, 34.104.35.123, 142.250.186.138, 23.38.98.114, 23.38.98.78, 142.250.185.195, 2.18.64.27, 2.18.64.8, 104.102.33.222, 13.85.23.86, 199.232.210.172, 192.229.221.95, 52.165.164.15, 23.201.246.20, 20.242.39.171, 172.217.18.3, 93.184.221.240, 131.107.255.255
Excluded domains from analysis (whitelisted): e8843.dsca.akamaiedge.net, e40258.g.akamaiedge.net, slscr.update.microsoft.com, e6001.dscx.akamaiedge.net, clientservices.googleapis.com, wu.azureedge.net, dns.msftncsi.com, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, global-wildcard.wsimg.com.sni-only.edgekey.net, wu-b-net.trafficmanager.net, csp.secureserver.net.edgekey.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, fonts.gstatic.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, wildcard-sni-only.api.secureserver.net.edgekey.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, wildcard-ipv6.godaddy.com.edgekey.net, edgedl.me.gvt1.com, e64861.dsca.akamaiedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://uphold-login-account23.godaddysites.com/

Input	Output
URL: https://uphold-login-account23.godaddysites.com/ Model: jbxai	{ "brand":["Uphold"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Get Started", "text_input_field_labels":["Enter your email", "Get started"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://uphold-login-account23.godaddysites.com/ Model: jbxai	{ "phishing_score":9, "brands":"Uphold", "legit_domain":"uphold.com", "classification":"known", "reasons":["The legitimate domain for Uphold is uphold.com.", "The provided URL 'uphold-login-account23.godaddysites.com' contains extra words and is hosted on a subdomain of 'godaddysites.com', which is not associated with the official Uphold domain.", "The use of 'godaddysites.com' suggests the site is hosted on a web hosting service, which is commonly used for phishing attempts.", "The URL structure with 'uphold-login-account23' is suspicious and indicative of phishing tactics."], "brand_matches":[false], "url_match":false, "brand_input":"Uphold", "input_fields":"Enter your email, Get started"}

URL: https://uphold-login-account23.godaddysites.com/services Model: jbxai	{ "brand":["unknown"], "contains_trigger_text":false, "trigger_text":"unknown", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://uphold-login-account23.godaddysites.com/contact-us Model: jbxai	{ "brand":["Uphold"], "contains_trigger_text":true, "trigger_text":"This website uses cookies.", "prominent_button_name":"ACCEPT", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applications&utm_campaign=en-in_corp_applications_base Model: jbxai	{ "brand":[], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 04:11:04 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9646351666086894
Encrypted:	false
SSDEEP:	48:85d3TvPwH+idAKZdA19ehwiZUklqehRy+3:8LDd+y
MD5:	0DD732A8D46F422366F6BB8D6EF58022
SHA1:	499D0C3C6024669F7A76F5991BDA9E0FEC670718
SHA-256:	B2E22C662D5F9A9FAF991A0F278DA18ECE243E18768CE3F8F3187418FA95A51C
SHA-512:	D5F28CF685759A7FD8A6A4A927ED4D3341D424DD8AEF5CD4E567DD09378A98D705294FF55A90F4287B6B5C90316F096CDD8A35176CD7034ACB05ED68E886E339
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....x...-...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I=Ya)....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V=Ya)....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V=Ya)....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V=Ya)..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V=Yb)...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........ny.d.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 07:11:02.548248053 CEST	53	53551	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:02.556432009 CEST	53	52505	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:03.666044950 CEST	53	59659	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:04.040182114 CEST	61526	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:04.040517092 CEST	54324	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:04.048789978 CEST	53	61526	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:04.048847914 CEST	53	54324	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:04.707798958 CEST	62863	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:04.708128929 CEST	64618	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:04.715248108 CEST	53	57031	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:04.717956066 CEST	52769	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:04.718280077 CEST	52718	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:04.726722002 CEST	53	52718	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:04.738991022 CEST	53	52769	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:06.931654930 CEST	61348	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:06.932003021 CEST	51779	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:06.939368963 CEST	49259	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:06.939763069 CEST	49935	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:06.991374969 CEST	53	61348	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:06.991394043 CEST	53	51779	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:13.057454109 CEST	61358	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:13.057771921 CEST	59678	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:13.309313059 CEST	52606	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:13.309660912 CEST	64251	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:14.382196903 CEST	57729	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:14.382500887 CEST	63361	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:20.906446934 CEST	53	61247	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:26.151945114 CEST	53	56923	1.1.1.1	192.168.2.5
Sep 29, 2024 07:11:28.731658936 CEST	58898	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:11:28.732042074 CEST	55714	53	192.168.2.5	1.1.1.1
Sep 29, 2024 07:12:02.145756006 CEST	53	52970	1.1.1.1	192.168.2.5

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:04 UTC	682	OUT	GET / HTTP/1.1 Host: uphold-login-account23.godaddysites.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:11:04 UTC	1019	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.2.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-227ca78 X-Version: 227ca78 X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 2e145b952d87341048ff1b07ce6d3574 Date: Sun, 29 Sep 2024 05:11:04 GMT Connection: close Transfer-Encoding: chunked
2024-09-29 05:11:04 UTC	15365	IN	Data Raw: 64 65 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 49 4e 22 3e 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 69 73 74 65 61 6d 2f 69 70 2f 34 35 35 61 30 39 65 34 2d 37 66 65 33 2d 34 39 66 38 2d 38 65 36 62 2d 35 63 34 61 65 31 65 32 31 64 31 31 2f 66 61 76 69 63 6f 6e 2f 61 64 30 65 39 61 62 63 2d 61 37 38 61 2d 34 38 39 32 2d 38 32 65 39 2d 35 65 37 65 35 66 63 34 33 66 65 65 2e 70 6e 67 2f 3a 2f 72 73 3d 77 3a 31 36 2c 68 3a 31 36 2c 6d 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f Data Ascii: de00<!DOCTYPE html><html lang="en-IN"><head><link rel="icon" href="//img1.wsimg.com/isteam/ip/455a09e4-7fe3-49f8-8e6b-5c4ae1e21d11/favicon/ad0e9abc-a78a-4892-82e9-5e7e5fc43fee.png/:/rs=w:16,h:16,m" sizes="16x16"/><link rel="icon" href="//img1.wsimg.com/
2024-09-29 05:11:04 UTC	16384	IN	Data Raw: 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 2e 78 20 2e 63 31 2d 33 65 7b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 31 36 37 65 6d 7d 2e 78 20 2e 63 31 2d 33 66 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d 2e 78 20 2e 63 31 2d 33 67 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 22 7d 2e 78 20 2e 63 31 2d 33 68 3a 62 65 66 6f 72 65 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 2e 35 65 6d 7d 2e 78 20 2e 63 31 2d 33 69 3a 62 65 66 6f 72 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 78 20 2e 63 31 2d 33 6a 3a 62 65 66 6f 72 65 7b 68 65 69 67 68 74 3a 31 70 78 7d 2e 78 20 2e 63 31 2d 33 6b 3a 62 65 66 6f 72 65 7b 77 69 64 74 68 3a 30 2e 35 65 6d 7d 2e 78 20 2e 63 31 2d 33 6c 3a 62 65 66 6f 72 65 7b 62 61 63 6b 67 72 6f Data Ascii: adding-left:0}.x .c1-3e{letter-spacing:0.167em}.x .c1-3f{font-size:12px}.x .c1-3g:before{content:""}.x .c1-3h:before{margin-right:0.5em}.x .c1-3i:before{display:inline-block}.x .c1-3j:before{height:1px}.x .c1-3k:before{width:0.5em}.x .c1-3l:before{backgro
2024-09-29 05:11:04 UTC	16384	IN	Data Raw: 75 78 3d 22 42 6c 6f 63 6b 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 6e 61 76 20 64 61 74 61 2d 75 78 3d 22 53 65 63 74 69 6f 6e 43 6f 6e 74 61 69 6e 65 72 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 6e 61 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 70 20 63 31 2d 71 20 63 31 2d 72 20 63 31 2d 73 20 63 31 2d 74 20 63 31 2d 75 20 63 31 2d 76 20 63 31 2d 77 20 63 31 2d 78 20 63 31 2d 79 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 7a 20 63 31 2d 31 30 20 63 31 2d 31 31 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 42 6c 6f 63 6b 22 20 Data Ascii: ux="Block" class="x-el x-el-div c1-1 c1-2 c1-b c1-c c1-d c1-e c1-f c1-g"><nav data-ux="SectionContainer" class="x-el x-el-nav c1-1 c1-2 c1-p c1-q c1-r c1-s c1-t c1-u c1-v c1-w c1-x c1-y c1-b c1-c c1-d c1-z c1-10 c1-11 c1-e c1-f c1-g"><div data-ux="Block"
2024-09-29 05:11:04 UTC	8712	IN	Data Raw: 75 6c 74 2e 4c 69 6e 6b 2e 44 65 66 61 75 6c 74 2e 37 35 32 39 39 2e 63 6c 69 63 6b 2c 63 6c 69 63 6b 22 3e 3c 73 70 61 6e 3e 43 6f 6e 74 61 63 74 20 55 73 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 42 6c 6f 63 6b 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 34 6b 20 63 31 2d 64 20 63 31 2d 34 70 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 6e 61 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 42 6c 6f 63 6b 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 Data Ascii: ult.Link.Default.75299.click,click"><span>Contact Us</span></a></li></ul><div data-ux="Block" class="x-el x-el-div c1-1 c1-2 c1-b c1-c c1-4k c1-d c1-4p c1-e c1-f c1-g"></div></div></div></div></div></div></nav></div><div data-ux="Block" class="x-el x-el-d

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:07 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 05:11:08 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=128035 Date: Sun, 29 Sep 2024 05:11:07 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:08 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-29 05:11:09 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=128064 Date: Sun, 29 Sep 2024 05:11:08 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-29 05:11:09 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:13 UTC	684	OUT	GET /sw.js HTTP/1.1 Host: uphold-login-account23.godaddysites.com Connection: keep-alive Cache-Control: max-age=0 Accept: / Service-Worker: script Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: serviceworker Referer: https://uphold-login-account23.godaddysites.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=1&C_TOUCH=2024-09-29T05:11:08.389Z
2024-09-29 05:11:13 UTC	663	IN	HTTP/1.1 200 OK Link: <https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: application/javascript Vary: Accept-Encoding Server: DPS/2.0.0+sha-227ca78 X-Version: 227ca78 X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 3ca849560265e27b92c251b4546c3e70 Date: Sun, 29 Sep 2024 05:11:13 GMT Connection: close Transfer-Encoding: chunked
2024-09-29 05:11:13 UTC	15721	IN	Data Raw: 38 30 66 34 0d 0a 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 38 39 35 3a 28 29 3d 3e 7b 74 72 79 7b 73 65 6c 66 5b 22 77 6f 72 6b 62 6f 78 3a 63 61 63 68 65 61 62 6c 65 2d 72 65 73 70 6f 6e 73 65 3a 36 2e 34 2e 31 22 5d 26 26 5f 28 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 2c 32 35 39 3a 28 65 2c 74 2c 73 29 3d 3e 7b 73 2e 64 28 74 2c 7b 42 3a 28 29 3d 3e 61 7d 29 2c 73 28 39 31 33 29 3b 63 6c 61 73 73 20 61 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 74 68 69 73 2e 70 72 6f 6d 69 73 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 28 65 2c 74 29 3d 3e 7b 74 68 69 73 2e 72 65 73 6f 6c 76 65 3d 65 2c 74 68 69 73 2e 72 65 6a 65 63 74 3d 74 7d 29 29 7d 7d 7d 2c 31 32 35 3a 28 65 2c 74 2c 73 29 3d 3e 7b 73 2e 64 28 74 2c 7b 56 3a Data Ascii: 80f4(()=>{"use strict";var e={895:()=>{try{self["workbox:cacheable-response:6.4.1"]&&_()}catch(e){}},259:(e,t,s)=>{s.d(t,{B:()=>a}),s(913);class a{constructor(){this.promise=new Promise(((e,t)=>{this.resolve=e,this.reject=t}))}}},125:(e,t,s)=>{s.d(t,{V:
2024-09-29 05:11:13 UTC	16384	IN	Data Raw: 65 2c 74 29 7c 7c 52 2e 68 61 73 28 65 2c 74 29 7d 2c 73 28 35 35 30 29 3b 63 6f 6e 73 74 20 76 3d 22 63 61 63 68 65 2d 65 6e 74 72 69 65 73 22 2c 62 3d 65 3d 3e 7b 63 6f 6e 73 74 20 74 3d 6e 65 77 20 55 52 4c 28 65 2c 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 72 65 74 75 72 6e 20 74 2e 68 61 73 68 3d 22 22 2c 74 2e 68 72 65 66 7d 3b 63 6c 61 73 73 20 78 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 29 7b 74 68 69 73 2e 5f 64 62 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 63 61 63 68 65 4e 61 6d 65 3d 65 7d 5f 75 70 67 72 61 64 65 44 62 28 65 29 7b 63 6f 6e 73 74 20 74 3d 65 2e 63 72 65 61 74 65 4f 62 6a 65 63 74 53 74 6f 72 65 28 76 2c 7b 6b 65 79 50 61 74 68 3a 22 69 64 22 7d 29 3b 74 2e 63 72 65 61 74 65 49 6e 64 65 78 28 22 63 61 63 68 65 4e 61 6d 65 22 2c 22 Data Ascii: e,t)\|\|R.has(e,t)},s(550);const v="cache-entries",b=e=>{const t=new URL(e,location.href);return t.hash="",t.href};class x{constructor(e){this._db=null,this._cacheName=e}_upgradeDb(e){const t=e.createObjectStore(v,{keyPath:"id"});t.createIndex("cacheName","
2024-09-29 05:11:13 UTC	920	IN	Data Raw: 65 73 70 6f 6e 73 65 50 6c 75 67 69 6e 28 7b 73 74 61 74 75 73 65 73 3a 5b 32 30 30 5d 7d 29 5d 7d 29 29 2c 28 30 2c 65 2e 72 65 67 69 73 74 65 72 52 6f 75 74 65 29 28 28 28 7b 72 65 71 75 65 73 74 3a 65 7d 29 3d 3e 22 73 74 79 6c 65 22 3d 3d 3d 65 2e 64 65 73 74 69 6e 61 74 69 6f 6e 7c 7c 22 73 63 72 69 70 74 22 3d 3d 3d 65 2e 64 65 73 74 69 6e 61 74 69 6f 6e 29 2c 6e 65 77 20 74 2e 53 74 61 6c 65 57 68 69 6c 65 52 65 76 61 6c 69 64 61 74 65 28 7b 63 61 63 68 65 4e 61 6d 65 3a 22 73 74 61 74 69 63 2d 72 65 73 6f 75 72 63 65 73 22 2c 70 6c 75 67 69 6e 73 3a 5b 6e 65 77 20 61 2e 43 61 63 68 65 61 62 6c 65 52 65 73 70 6f 6e 73 65 50 6c 75 67 69 6e 28 7b 73 74 61 74 75 73 65 73 3a 5b 32 30 30 5d 7d 29 5d 7d 29 29 2c 28 30 2c 65 2e 72 65 67 69 73 74 65 72 52 Data Ascii: esponsePlugin({statuses:[200]})]})),(0,e.registerRoute)((({request:e})=>"style"===e.destination\|\|"script"===e.destination),new t.StaleWhileRevalidate({cacheName:"static-resources",plugins:[new a.CacheableResponsePlugin({statuses:[200]})]})),(0,e.registerR

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:13 UTC	582	OUT	GET /manifest.webmanifest HTTP/1.1 Host: uphold-login-account23.godaddysites.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: manifest Referer: https://uphold-login-account23.godaddysites.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-29 05:11:13 UTC	666	IN	HTTP/1.1 200 OK Link: <https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: application/manifest+json Vary: Accept-Encoding Server: DPS/2.0.0+sha-227ca78 X-Version: 227ca78 X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: f60de173097e5785f62b5bb4141ea539 Date: Sun, 29 Sep 2024 05:11:13 GMT Connection: close Transfer-Encoding: chunked
2024-09-29 05:11:13 UTC	551	IN	Data Raw: 32 31 62 0d 0a 7b 22 73 63 6f 70 65 22 3a 22 2f 22 2c 22 73 74 61 72 74 5f 75 72 6c 22 3a 22 2f 22 2c 22 64 69 73 70 6c 61 79 22 3a 22 73 74 61 6e 64 61 6c 6f 6e 65 22 2c 22 69 63 6f 6e 73 22 3a 5b 7b 22 73 69 7a 65 73 22 3a 22 31 39 32 78 31 39 32 22 2c 22 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 73 72 63 22 3a 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 69 73 74 65 61 6d 2f 69 70 2f 34 35 35 61 30 39 65 34 2d 37 66 65 33 2d 34 39 66 38 2d 38 65 36 62 2d 35 63 34 61 65 31 65 32 31 64 31 31 2f 66 61 76 69 63 6f 6e 2f 61 64 30 65 39 61 62 63 2d 61 37 38 61 2d 34 38 39 32 2d 38 32 65 39 2d 35 65 37 65 35 66 63 34 33 66 65 65 2e 70 6e 67 2f 3a 2f 72 73 3d 77 3a 31 39 32 2c 68 3a 31 39 32 2c 6d 22 7d 2c 7b 22 73 69 7a 65 73 22 3a 22 Data Ascii: 21b{"scope":"/","start_url":"/","display":"standalone","icons":[{"sizes":"192x192","type":"image/png","src":"//img1.wsimg.com/isteam/ip/455a09e4-7fe3-49f8-8e6b-5c4ae1e21d11/favicon/ad0e9abc-a78a-4892-82e9-5e7e5fc43fee.png/:/rs=w:192,h:192,m"},{"sizes":"

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:14 UTC	670	OUT	GET /services HTTP/1.1 Host: uphold-login-account23.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://uphold-login-account23.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=1&C_TOUCH=2024-09-29T05:11:08.389Z
2024-09-29 05:11:14 UTC	1019	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.2.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-227ca78 X-Version: 227ca78 X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: b5a31e58714e382f6e326f9016a76b9b Date: Sun, 29 Sep 2024 05:11:14 GMT Connection: close Transfer-Encoding: chunked
2024-09-29 05:11:14 UTC	15365	IN	Data Raw: 31 30 62 64 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 49 4e 22 3e 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 69 73 74 65 61 6d 2f 69 70 2f 34 35 35 61 30 39 65 34 2d 37 66 65 33 2d 34 39 66 38 2d 38 65 36 62 2d 35 63 34 61 65 31 65 32 31 64 31 31 2f 66 61 76 69 63 6f 6e 2f 61 64 30 65 39 61 62 63 2d 61 37 38 61 2d 34 38 39 32 2d 38 32 65 39 2d 35 65 37 65 35 66 63 34 33 66 65 65 2e 70 6e 67 2f 3a 2f 72 73 3d 77 3a 31 36 2c 68 3a 31 36 2c 6d 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d Data Ascii: 10bd7<!DOCTYPE html><html lang="en-IN"><head><link rel="icon" href="//img1.wsimg.com/isteam/ip/455a09e4-7fe3-49f8-8e6b-5c4ae1e21d11/favicon/ad0e9abc-a78a-4892-82e9-5e7e5fc43fee.png/:/rs=w:16,h:16,m" sizes="16x16"/><link rel="icon" href="//img1.wsimg.com
2024-09-29 05:11:14 UTC	16384	IN	Data Raw: 74 2d 63 68 69 6c 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 2e 78 20 2e 63 31 2d 33 65 7b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 31 36 37 65 6d 7d 2e 78 20 2e 63 31 2d 33 66 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 67 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 68 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 69 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 6a 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 36 70 78 7d 2e 78 20 2e 63 31 2d 33 6b 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 36 70 78 7d 2e 78 20 2e 63 31 2d 33 6c 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 70 78 7d 2e 78 20 2e 63 31 2d 33 Data Ascii: t-child{padding-left:0}.x .c1-3e{letter-spacing:0.167em}.x .c1-3f{margin-left:-6px}.x .c1-3g{margin-right:-6px}.x .c1-3h{margin-top:-6px}.x .c1-3i{margin-bottom:-6px}.x .c1-3j{padding-left:6px}.x .c1-3k{padding-right:6px}.x .c1-3l{padding-top:6px}.x .c1-3
2024-09-29 05:11:14 UTC	16384	IN	Data Raw: 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 38 30 70 78 29 7b 2e 78 20 2e 63 31 2d 32 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 34 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 38 30 70 78 29 7b 2e 78 20 2e 63 31 2d 32 73 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 38 30 70 78 29 7b 2e 78 20 2e 63 31 2d 33 7a 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 38 30 70 78 29 7b 2e 78 20 2e 63 31 2d 36 33 7b 77 69 64 74 68 3a 31 31 36 30 70 78 7d 7d 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 67 6c 61 6d 6f 72 3d 22 63 78 73 2d 78 6c 2d 73 68 65 65 74 22 3e 40 Data Ascii: }@media (min-width: 1280px){.x .c1-2n{font-size:44px}}@media (min-width: 1280px){.x .c1-2s{font-size:32px}}@media (min-width: 1280px){.x .c1-3z{font-size:12px}}@media (min-width: 1280px){.x .c1-63{width:1160px}}</style><style data-glamor="cxs-xl-sheet">@
2024-09-29 05:11:14 UTC	16384	IN	Data Raw: 35 20 63 31 2d 79 20 63 31 2d 32 33 20 63 31 2d 32 34 20 63 31 2d 32 7a 20 63 31 2d 33 30 20 63 31 2d 33 31 20 63 31 2d 33 34 20 63 31 2d 31 39 20 63 31 2d 33 32 20 63 31 2d 33 35 20 63 31 2d 33 33 20 63 31 2d 31 6f 20 63 31 2d 31 70 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 6c 69 20 72 6f 6c 65 3d 22 6d 65 6e 75 69 74 65 6d 22 20 64 61 74 61 2d 75 78 3d 22 4e 61 76 69 67 61 74 69 6f 6e 44 72 61 77 65 72 4c 69 73 74 49 74 65 6d 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 6c 69 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 33 36 20 63 31 2d 79 20 63 31 2d 34 6b 20 63 31 2d 36 37 20 63 31 2d 36 38 20 63 31 2d 36 39 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 34 6c 20 63 31 2d 36 61 20 63 31 2d Data Ascii: 5 c1-y c1-23 c1-24 c1-2z c1-30 c1-31 c1-34 c1-19 c1-32 c1-35 c1-33 c1-1o c1-1p c1-b c1-c c1-d c1-e c1-f c1-g"><li role="menuitem" data-ux="NavigationDrawerListItem" class="x-el x-el-li c1-1 c1-2 c1-36 c1-y c1-4k c1-67 c1-68 c1-69 c1-b c1-c c1-4l c1-6a c1-
2024-09-29 05:11:14 UTC	4064	IN	Data Raw: 67 72 61 70 68 79 3d 22 4c 69 6e 6b 41 6c 70 68 61 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 61 20 63 31 2d 31 6c 20 63 31 2d 31 6d 20 63 31 2d 31 6e 20 63 31 2d 31 6f 20 63 31 2d 31 70 20 63 31 2d 31 71 20 63 31 2d 31 72 20 63 31 2d 34 6d 20 63 31 2d 62 20 63 31 2d 31 77 20 63 31 2d 33 6e 20 63 31 2d 31 78 20 63 31 2d 31 79 20 63 31 2d 31 7a 20 63 31 2d 33 78 20 63 31 2d 39 75 20 63 31 2d 39 67 20 63 31 2d 33 79 20 63 31 2d 33 7a 20 63 31 2d 34 30 22 20 64 61 74 61 2d 74 63 63 6c 3d 22 75 78 32 2e 46 4f 4f 54 45 52 2e 66 6f 6f 74 65 72 34 2e 4c 61 79 6f 75 74 2e 44 65 66 61 75 6c 74 2e 4c 69 6e 6b 2e 44 65 66 61 75 6c 74 2e 33 35 35 37 38 39 2e 63 6c 69 63 6b 2c 63 6c 69 63 6b 22 3e 47 6f 44 61 64 64 79 3c 2f 61 3e 3c 2f 73 70 61 6e 3e 3c Data Ascii: graphy="LinkAlpha" class="x-el x-el-a c1-1l c1-1m c1-1n c1-1o c1-1p c1-1q c1-1r c1-4m c1-b c1-1w c1-3n c1-1x c1-1y c1-1z c1-3x c1-9u c1-9g c1-3y c1-3z c1-40" data-tccl="ux2.FOOTER.footer4.Layout.Default.Link.Default.355789.click,click">GoDaddy</a></span><

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:15 UTC	672	OUT	GET /contact-us HTTP/1.1 Host: uphold-login-account23.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://uphold-login-account23.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=1&C_TOUCH=2024-09-29T05:11:08.389Z
2024-09-29 05:11:15 UTC	1019	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.2.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/muli/v29/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30eg.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/quicksand/v31/6xKtdSZaM9iE8KbpRA_hK1QN.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-227ca78 X-Version: 227ca78 X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 2d94354439ac07cefa02026d2a5bb467 Date: Sun, 29 Sep 2024 05:11:15 GMT Connection: close Transfer-Encoding: chunked
2024-09-29 05:11:15 UTC	15365	IN	Data Raw: 31 30 31 62 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 49 4e 22 3e 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 69 73 74 65 61 6d 2f 69 70 2f 34 35 35 61 30 39 65 34 2d 37 66 65 33 2d 34 39 66 38 2d 38 65 36 62 2d 35 63 34 61 65 31 65 32 31 64 31 31 2f 66 61 76 69 63 6f 6e 2f 61 64 30 65 39 61 62 63 2d 61 37 38 61 2d 34 38 39 32 2d 38 32 65 39 2d 35 65 37 65 35 66 63 34 33 66 65 65 2e 70 6e 67 2f 3a 2f 72 73 3d 77 3a 31 36 2c 68 3a 31 36 2c 6d 22 20 73 69 7a 65 73 3d 22 31 36 78 31 36 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d Data Ascii: 101bf<!DOCTYPE html><html lang="en-IN"><head><link rel="icon" href="//img1.wsimg.com/isteam/ip/455a09e4-7fe3-49f8-8e6b-5c4ae1e21d11/favicon/ad0e9abc-a78a-4892-82e9-5e7e5fc43fee.png/:/rs=w:16,h:16,m" sizes="16x16"/><link rel="icon" href="//img1.wsimg.com
2024-09-29 05:11:15 UTC	16384	IN	Data Raw: 72 73 74 2d 63 68 69 6c 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 2e 78 20 2e 63 31 2d 33 65 7b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 2e 31 36 37 65 6d 7d 2e 78 20 2e 63 31 2d 33 66 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 67 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 68 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 69 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 2d 36 70 78 7d 2e 78 20 2e 63 31 2d 33 6a 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 36 70 78 7d 2e 78 20 2e 63 31 2d 33 6b 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 36 70 78 7d 2e 78 20 2e 63 31 2d 33 6c 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 70 78 7d 2e 78 20 2e 63 31 Data Ascii: rst-child{padding-left:0}.x .c1-3e{letter-spacing:0.167em}.x .c1-3f{margin-left:-6px}.x .c1-3g{margin-right:-6px}.x .c1-3h{margin-top:-6px}.x .c1-3i{margin-bottom:-6px}.x .c1-3j{padding-left:6px}.x .c1-3k{padding-right:6px}.x .c1-3l{padding-top:6px}.x .c1
2024-09-29 05:11:15 UTC	16384	IN	Data Raw: 3e 3c 6c 69 20 64 61 74 61 2d 75 78 3d 22 4c 69 73 74 49 74 65 6d 49 6e 6c 69 6e 65 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 6c 69 20 6e 61 76 2d 69 74 65 6d 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 33 36 20 63 31 2d 32 33 20 63 31 2d 33 37 20 63 31 2d 31 66 20 63 31 2d 33 38 20 63 31 2d 33 39 20 63 31 2d 33 61 20 63 31 2d 33 62 20 63 31 2d 75 20 63 31 2d 32 66 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 33 63 20 63 31 2d 33 64 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 61 20 72 65 6c 3d 22 22 20 72 6f 6c 65 3d 22 6c 69 6e 6b 22 20 61 72 69 61 2d 68 61 73 70 6f 70 75 70 3d 22 66 61 6c 73 65 22 20 64 61 74 61 2d 75 78 3d 22 4e 61 76 4c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 22 20 64 61 74 61 2d 70 61 67 65 3d 22 61 Data Ascii: ><li data-ux="ListItemInline" class="x-el x-el-li nav-item c1-1 c1-2 c1-36 c1-23 c1-37 c1-1f c1-38 c1-39 c1-3a c1-3b c1-u c1-2f c1-b c1-c c1-3c c1-3d c1-d c1-e c1-f c1-g"><a rel="" role="link" aria-haspopup="false" data-ux="NavLink" target="" data-page="a
2024-09-29 05:11:15 UTC	16384	IN	Data Raw: 45 4e 44 45 52 45 44 5f 30 22 20 64 61 74 61 2d 74 79 70 6f 67 72 61 70 68 79 3d 22 42 6f 64 79 41 6c 70 68 61 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 31 6f 20 63 31 2d 31 70 20 63 31 2d 34 6f 20 63 31 2d 32 35 20 63 31 2d 79 20 63 31 2d 62 20 63 31 2d 37 36 20 63 31 2d 63 20 63 31 2d 32 38 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 20 78 2d 72 74 22 3e 3c 70 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 22 3e 3c 73 70 61 6e 3e 41 64 64 20 61 6e 20 61 6e 73 77 65 72 20 74 6f 20 74 68 69 73 20 69 74 65 6d 2e 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 68 72 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 72 6f 6c 65 3d 22 73 65 70 61 72 61 Data Ascii: ENDERED_0" data-typography="BodyAlpha" class="x-el c1-1 c1-2 c1-1o c1-1p c1-4o c1-25 c1-y c1-b c1-76 c1-c c1-28 c1-d c1-e c1-f c1-g x-rt"><p style="margin:0"><span>Add an answer to this item.</span></p></div></div></div><hr aria-hidden="true" role="separa
2024-09-29 05:11:15 UTC	1480	IN	Data Raw: 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 61 20 64 61 74 61 2d 75 78 2d 62 74 6e 3d 22 70 72 69 6d 61 72 79 22 20 64 61 74 61 2d 75 78 3d 22 42 75 74 74 6f 6e 50 72 69 6d 61 72 79 22 20 68 72 65 66 3d 22 22 20 64 61 74 61 2d 61 69 64 3d 22 46 4f 4f 54 45 52 5f 43 4f 4f 4b 49 45 5f 43 4c 4f 53 45 5f 52 45 4e 44 45 52 45 44 22 20 69 64 3d 22 39 62 39 62 39 65 61 34 2d 64 33 62 62 2d 34 66 35 65 2d 38 62 63 65 2d 30 63 30 35 37 64 31 32 37 32 37 33 2d 61 63 63 65 70 74 22 20 64 61 74 61 2d 74 79 70 6f 67 72 61 70 68 79 3d 22 42 75 74 74 6f 6e 41 6c 70 68 61 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 61 20 63 31 2d 61 30 20 63 31 2d 32 31 20 63 31 2d 61 31 20 63 31 2d 61 32 20 63 31 2d 61 33 20 63 31 2d 61 34 20 63 31 2d 31 34 20 63 31 2d 35 73 20 Data Ascii: c1-f c1-g"><a data-ux-btn="primary" data-ux="ButtonPrimary" href="" data-aid="FOOTER_COOKIE_CLOSE_RENDERED" id="9b9b9ea4-d3bb-4f5e-8bce-0c057d127273-accept" data-typography="ButtonAlpha" class="x-el x-el-a c1-a0 c1-21 c1-a1 c1-a2 c1-a3 c1-a4 c1-14 c1-5s

Timestamp	Bytes transferred	Direction	Data
2024-09-29 05:11:27 UTC	738	OUT	GET /sw.js HTTP/1.1 Host: uphold-login-account23.godaddysites.com Connection: keep-alive Cache-Control: max-age=0 Accept: / Service-Worker: script Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: serviceworker Referer: https://uphold-login-account23.godaddysites.com/sw.js User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1; _tccl_visitor=1f985082-7d2c-4729-933b-cb38027af52d; _tccl_visit=1f985082-7d2c-4729-933b-cb38027af52d; _scc_session=pc=3&C_TOUCH=2024-09-29T05:11:24.499Z If-None-Match: 3ca849560265e27b92c251b4546c3e70
2024-09-29 05:11:27 UTC	271	IN	HTTP/1.1 304 Not Modified Vary: Accept-Encoding Server: DPS/2.0.0+sha-227ca78 X-Version: 227ca78 X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 3ca849560265e27b92c251b4546c3e70 Date: Sun, 29 Sep 2024 05:11:27 GMT Connection: close

Target ID:	0
Start time:	01:10:58
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	01:11:01
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=2024,i,18371166248541657203,7649873792208682438,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	01:11:03
Start date:	29/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://uphold-login-account23.godaddysites.com/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://uphold-login-account23.godaddysites.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 241

Chrome Cache Entry: 242

Chrome Cache Entry: 243

Chrome Cache Entry: 244

Chrome Cache Entry: 245

Chrome Cache Entry: 246

Chrome Cache Entry: 247

Chrome Cache Entry: 248

Chrome Cache Entry: 249

Chrome Cache Entry: 250

Chrome Cache Entry: 251

Chrome Cache Entry: 252

Chrome Cache Entry: 253

Chrome Cache Entry: 254

Chrome Cache Entry: 255

Chrome Cache Entry: 256

Chrome Cache Entry: 257

Chrome Cache Entry: 258

Chrome Cache Entry: 259

Chrome Cache Entry: 260

Windows Analysis Report
https://uphold-login-account23.godaddysites.com/