Windows Analysis Report
https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb

Overview

General Information

Sample URL: https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb
Analysis ID: 1544129
Infos:

Detection

Score: 21
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected landing page (webpage, office document or email)
Drops files with a non-matching file extension (content does not match file extension)
Stores files to the Windows start menu directory

Classification

Source: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: global traffic HTTP traffic detected: GET /References/Welcome/mpdGmd4KxRMBGjb HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==
Source: global traffic HTTP traffic detected: GET /Content/bootstrap?v=s8SxFDMr-eBJl8GY2Ji-1R70AkavwlKU1nTl9CWPJvk1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /styles/kendo?v=N-gm6eM_nWNXpsTqUaQ9XvO0CPharN713TrmmEEtKRM1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /styles/jqueryui?v=D-YWWoSj__5oFkStCpQ60Y36Bf4tIZOXuK8bGvBaZnk1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /styles/esoph?v=526TV1rimbNJiX1IMWG0GbOicnaGbIUqApIuNMhH2t41 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /styles/fonts?v=DUWOACtUUuPvOE2WI8GBuvpFx_4dhKeQhd38wtV3A8I1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /styles/tribute?v=GuBw4Pc-waI_9EJF1V_Cc3ywEsyvUPTNBzwzolV66OI1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/modernizr?v=2twPtszsTL39hTiKwvPlVlNga_BJ8EIzShIX0ej7LAo1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/esoph?v=NbIBHxPdqSRA-VP4yLXTd0TaarvJgeVeyRbAnmm13JY1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/jquery?v=UdeEEOXxYcVzRs5ceu3Y17hDfbjPxi8_UU6lUV15LVo1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /Content/GetLogo/1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/validation?v=PSc04pNH8q-tCxMJajaaRbnt7E2oMXn46b4bz7UAibw1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/esoph?v=NbIBHxPdqSRA-VP4yLXTd0TaarvJgeVeyRbAnmm13JY1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/modernizr?v=2twPtszsTL39hTiKwvPlVlNga_BJ8EIzShIX0ej7LAo1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/bootstrap?v=UFzCRZZKzf6Rz11TRh1pt2Tg9eMDz3OMlojM4P99Vfc1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/kendo?v=8uGZxrOV1d9aGgqDZk-vF5KTLX_2HtHQifJ9nfnVLrk1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/jquery?v=UdeEEOXxYcVzRs5ceu3Y17hDfbjPxi8_UU6lUV15LVo1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/esoph-ui?v=48FW-CDdYFCo1w5LyuRf25ubHUQUKzUDUf3B7t4qHT01 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/references?v=7RX8YxIyGrIbHud5lYbhJPRu0ELUH78ONxcSjmo0y8M1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/validation?v=PSc04pNH8q-tCxMJajaaRbnt7E2oMXn46b4bz7UAibw1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1322174135 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /Content/GetLogo/1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/bootstrap?v=UFzCRZZKzf6Rz11TRh1pt2Tg9eMDz3OMlojM4P99Vfc1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/references?v=7RX8YxIyGrIbHud5lYbhJPRu0ELUH78ONxcSjmo0y8M1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /Assets/Sounds/Notification%20chime%20fast%20trill.wav HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PMRange: bytes=0-
Source: global traffic HTTP traffic detected: GET /bundles/esoph-ui?v=48FW-CDdYFCo1w5LyuRf25ubHUQUKzUDUf3B7t4qHT01 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /bundles/kendo?v=8uGZxrOV1d9aGgqDZk-vF5KTLX_2HtHQifJ9nfnVLrk1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /Content/kendo/2021.1.330/styles/Bootstrap/loading-image.gif HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ohs39.esophaccess.com/styles/kendo?v=N-gm6eM_nWNXpsTqUaQ9XvO0CPharN713TrmmEEtKRM1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.26895587052974435 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM; ___utmvc=FoqIs5sbkp7rl3dQZosyy/erOv9xBKHIoJ1Zm9qyl/Wm6rQ4WqCLs2IOd/BYGnmvjJETbEK8/ytjEURxWm24hvUiBOgGIbP0oauxSvYbLdVn4rYHuPDP3QV1L1GVlSnVGbjn9dhl6fnudazZNxlpnkZGYXpgwoJyYjeu8SVrAdHS1XVkwGX9ZRHHBttvEcv8ljf3Ve91JYz+95boJvxklorAu7QczWOoaYINJ07Ut50vy22bZnzhn90rRBq8Iim111RVLDt0yflsOV9HJHoUVbDmzd/h9psOhizJPZV0DkLmKylXtabZ4zaCfwKkwBJWyveqyX+HV2YhwTL8qLsNyFH8vm7k6B/mLxK9y/O84f64R/mYAK1ZpoMo89FkyRa/OPzBYmQM66ygnSWIEeni/cm54W/ADrjIPtdctp2JHieV2eIYWv2/jK85Ya+Ij3vGA7rVSv4VWQN0/qBdJIvtku9ZnzEEqmlQu/Dk5n6W8fI8V73HBewho2MV8mo32M9SJ4JAPnr+4ovd1UzrW0j8alvtRtHzr31Tg43Ywj+qBdfE5o9E4DCkmu0yozSebNiH/dTVZOBZ/6K/UbxueALU2IjhR6iW2wUOXy28tya/ZdK5S06hStBgPksAJIFDjLnLuQnwQF1Fic0YC9as07DMLb5zrarUQ29WJWhLTTdpc3t5smdmkRN7RzsCl/4Ep5iXI4TNTuijrT3Dj8AQP9oWQiedRJHvb9K9jIBvGUwf+cE6XLwthhoTegp2EUsl7vAtjlV9GkcW6RKG/BB+oErk92VUJEkg3tQF8jdx8y5bBHSDkpZ9CMXXP2OL1N+x4FEe6Imgtd1vBFevXxa75a8A21O1fVx2vZkSSq+LS8X2sXZX94DmnJb9bRhdMfY51gQG5vCy1WfsSXJTuQ6lg7w7LscYfRWrTeEr6OcNBmsHp/AVvpb3A9CRPWOZ3TIZVpfb21LylySCme9rDYdeqrvDQ6E4Rb/j7Y6UMZt55JVK8vcuA7DsJWUUzQ7tsRiExVhKIA0hlqSnS5gcOv3WQlkdzZVDGtSzH3XAyM1mS9LRyVVkqAOPPDqqIz4A4SIC38ZLkIWu67p73iIR/+S9BjnmA60ZkgXwt14kGjNnhQC92FMH6I9XJzTGA5t+aQ/C7dCfb52XOonuL8HQwvKoW/9JCMHdV2F6t6nuABkhMLIuPXtyl2zGTFFQHnGmkfQ5GvDDY6t7xvTYOucS6XjOOQ++/MGRiSn1z8iDPGhgvxXw0rYCjwfuwtqzaBhPdAJSxD61/Vd1x4rSrjlq4SJnDE4ctUQcIcf9hqVZQdhDYJC3HEnR+Lj+mBcO3ZNPmGfkp/BDr1NUgZTbbGdM4ZHkpwTa76q43kj+ELkElIFW4SWZ0YP+FQyhLImJYuXAxmH8XTqoNUYXvA9jiISwcoEeLPqsQuJuIbb/e0CaYxXHyYVhb43pIF79/KOyEosos+3dvVaQKiSgOQExNb1taLsPGnes75O2sdY65oY/qACGQ/BiqX4AnpV9DDqZkHDapxPNZ+fFQGRdunzpLUceMoXUfHSu780DIGuvJ4IMoJr/2LUU3utj1743s83DQxOKaVYPqSXadxQPMk9Ss47YSpuq0XhDrHc3jLYpgTlz0IMJffTiuizmx4zHqV5GI/Z0jJAJoDPaQa+6Bk5JRbCrk5W4G98Bd8Wn9ZPe3Ej2T2w8aI7haug7nGY9AqxOGMc2byluiIvjGZhd5QNY/OG9mCUvi4T+NBYSayBegdFkk67Kblu1qzgQoanSDz05IEuqCeSeBvnvgPo75J0AiOYe4Oqd0nPECijiAsLcTlbbqZMxCT0Wro0DOuKmQ3NHYEAvelCR0HHfJc8fenwLJgGY7lS8nCpXOMzhtdQXeJ2JBZcEKrodnhIzbA4+jV6dGZLKEPO/qr/twzI2P2X4SCAHEUdx6Zc3+lHK2re3QKc7enhwGeAGKJk0uU1GMJtk7QszenY6K2PQNyem4hBazPzdP/HhoXznhK0zL
Source: global traffic HTTP traffic detected: GET /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1322174135 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /Assets/Sounds/Notification%20chime%20fast%20trill.wav HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: audioReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PMRange: bytes=0-
Source: global traffic HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM; ___utmvc=FoqIs5sbkp7rl3dQZosyy/erOv9xBKHIoJ1Zm9qyl/Wm6rQ4WqCLs2IOd/BYGnmvjJETbEK8/ytjEURxWm24hvUiBOgGIbP0oauxSvYbLdVn4rYHuPDP3QV1L1GVlSnVGbjn9dhl6fnudazZNxlpnkZGYXpgwoJyYjeu8SVrAdHS1XVkwGX9ZRHHBttvEcv8ljf3Ve91JYz+95boJvxklorAu7QczWOoaYINJ07Ut50vy22bZnzhn90rRBq8Iim111RVLDt0yflsOV9HJHoUVbDmzd/h9psOhizJPZV0DkLmKylXtabZ4zaCfwKkwBJWyveqyX+HV2YhwTL8qLsNyFH8vm7k6B/mLxK9y/O84f64R/mYAK1ZpoMo89FkyRa/OPzBYmQM66ygnSWIEeni/cm54W/ADrjIPtdctp2JHieV2eIYWv2/jK85Ya+Ij3vGA7rVSv4VWQN0/qBdJIvtku9ZnzEEqmlQu/Dk5n6W8fI8V73HBewho2MV8mo32M9SJ4JAPnr+4ovd1UzrW0j8alvtRtHzr31Tg43Ywj+qBdfE5o9E4DCkmu0yozSebNiH/dTVZOBZ/6K/UbxueALU2IjhR6iW2wUOXy28tya/ZdK5S06hStBgPksAJIFDjLnLuQnwQF1Fic0YC9as07DMLb5zrarUQ29WJWhLTTdpc3t5smdmkRN7RzsCl/4Ep5iXI4TNTuijrT3Dj8AQP9oWQiedRJHvb9K9jIBvGUwf+cE6XLwthhoTegp2EUsl7vAtjlV9GkcW6RKG/BB+oErk92VUJEkg3tQF8jdx8y5bBHSDkpZ9CMXXP2OL1N+x4FEe6Imgtd1vBFevXxa75a8A21O1fVx2vZkSSq+LS8X2sXZX94DmnJb9bRhdMfY51gQG5vCy1WfsSXJTuQ6lg7w7LscYfRWrTeEr6OcNBmsHp/AVvpb3A9CRPWOZ3TIZVpfb21LylySCme9rDYdeqrvDQ6E4Rb/j7Y6UMZt55JVK8vcuA7DsJWUUzQ7tsRiExVhKIA0hlqSnS5gcOv3WQlkdzZVDGtSzH3XAyM1mS9LRyVVkqAOPPDqqIz4A4SIC38ZLkIWu67p73iIR/+S9BjnmA60ZkgXwt14kGjNnhQC92FMH6I9XJzTGA5t+aQ/C7dCfb52XOonuL8HQwvKoW/9JCMHdV2F6t6nuABkhMLIuPXtyl2zGTFFQHnGmkfQ5GvDDY6t7xvTYOucS6XjOOQ++/MGRiSn1z8iDPGhgvxXw0rYCjwfuwtqzaBhPdAJSxD61/Vd1x4rSrjlq4SJnDE4ctUQcIcf9hqVZQdhDYJC3HEnR+Lj+mBcO3ZNPmGfkp/BDr1NUgZTbbGdM4ZHkpwTa76q43kj+ELkElIFW4SWZ0YP+FQyhLImJYuXAxmH8XTqoNUYXvA9jiISwcoEeLPqsQuJuIbb/e0CaYxXHyYVhb43pIF79/KOyEosos+3dvVaQKiSgOQExNb1taLsPGnes75O2sdY65oY/qACGQ/BiqX4AnpV9DDqZkHDapxPNZ+fFQGRdunzpLUceMoXUfHSu780DIGuvJ4IMoJr/2LUU3utj1743s83DQxOKaVYPqSXadxQPMk9Ss47YSpuq0XhDrHc3jLYpgTlz0IMJffTiuizmx4zHqV5GI/Z0jJAJoDPaQa+6Bk5JRbCrk5W4G98Bd8Wn9ZPe3Ej2T2w8aI7haug7nGY9AqxOGMc2byluiIvjGZhd5QNY/OG9mCUvi4T+NBYSayBegdFkk67Kblu1qzgQoanSDz05IEuqCeSeBvnvgPo75J0AiOYe4Oqd0nPECijiAsLcTlbbqZMxCT0Wro0DOuKmQ3NHYEAvelCR0HHfJc8fenwLJgGY7lS8nCpXOMzhtdQXeJ2JBZcEKrodnhIzbA4+jV6dGZLKEPO/qr/twzI2P2X4SCAHEUdx6Zc3+lHK2re3QKc7enhwGeAGKJk0uU1GMJtk7QszenY6K2PQNyem4hBazPzdP/HhoXznhK0zLeHH8049oqgvLbejhbgYEiVOIMcc7rqMBfu6
Source: global traffic HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM; ___utmvc=FoqIs5sbkp7rl3dQZosyy/erOv9xBKHIoJ1Zm9qyl/Wm6rQ4WqCLs2IOd/BYGnmvjJETbEK8/ytjEURxWm24hvUiBOgGIbP0oauxSvYbLdVn4rYHuPDP3QV1L1GVlSnVGbjn9dhl6fnudazZNxlpnkZGYXpgwoJyYjeu8SVrAdHS1XVkwGX9ZRHHBttvEcv8ljf3Ve91JYz+95boJvxklorAu7QczWOoaYINJ07Ut50vy22bZnzhn90rRBq8Iim111RVLDt0yflsOV9HJHoUVbDmzd/h9psOhizJPZV0DkLmKylXtabZ4zaCfwKkwBJWyveqyX+HV2YhwTL8qLsNyFH8vm7k6B/mLxK9y/O84f64R/mYAK1ZpoMo89FkyRa/OPzBYmQM66ygnSWIEeni/cm54W/ADrjIPtdctp2JHieV2eIYWv2/jK85Ya+Ij3vGA7rVSv4VWQN0/qBdJIvtku9ZnzEEqmlQu/Dk5n6W8fI8V73HBewho2MV8mo32M9SJ4JAPnr+4ovd1UzrW0j8alvtRtHzr31Tg43Ywj+qBdfE5o9E4DCkmu0yozSebNiH/dTVZOBZ/6K/UbxueALU2IjhR6iW2wUOXy28tya/ZdK5S06hStBgPksAJIFDjLnLuQnwQF1Fic0YC9as07DMLb5zrarUQ29WJWhLTTdpc3t5smdmkRN7RzsCl/4Ep5iXI4TNTuijrT3Dj8AQP9oWQiedRJHvb9K9jIBvGUwf+cE6XLwthhoTegp2EUsl7vAtjlV9GkcW6RKG/BB+oErk92VUJEkg3tQF8jdx8y5bBHSDkpZ9CMXXP2OL1N+x4FEe6Imgtd1vBFevXxa75a8A21O1fVx2vZkSSq+LS8X2sXZX94DmnJb9bRhdMfY51gQG5vCy1WfsSXJTuQ6lg7w7LscYfRWrTeEr6OcNBmsHp/AVvpb3A9CRPWOZ3TIZVpfb21LylySCme9rDYdeqrvDQ6E4Rb/j7Y6UMZt55JVK8vcuA7DsJWUUzQ7tsRiExVhKIA0hlqSnS5gcOv3WQlkdzZVDGtSzH3XAyM1mS9LRyVVkqAOPPDqqIz4A4SIC38ZLkIWu67p73iIR/+S9BjnmA60ZkgXwt14kGjNnhQC92FMH6I9XJzTGA5t+aQ/C7dCfb52XOonuL8HQwvKoW/9JCMHdV2F6t6nuABkhMLIuPXtyl2zGTFFQHnGmkfQ5GvDDY6t7xvTYOucS6XjOOQ++/MGRiSn1z8iDPGhgvxXw0rYCjwfuwtqzaBhPdAJSxD61/Vd1x4rSrjlq4SJnDE4ctUQcIcf9hqVZQdhDYJC3HEnR+Lj+mBcO3ZNPmGfkp/BDr1NUgZTbbGdM4ZHkpwTa76q43kj+ELkElIFW4SWZ0YP+FQyhLImJYuXAxmH8XTqoNUYXvA9jiISwcoEeLPqsQuJuIbb/e0CaYxXHyYVhb43pIF79/KOyEosos+3dvVaQKiSgOQExNb1taLsPGnes75O2sdY65oY/qACGQ/BiqX4AnpV9DDqZkHDapxPNZ+fFQGRdunzpLUceMoXUfHSu780DIGuvJ4IMoJr/2LUU3utj1743s83DQxOKaVYPqSXadxQPMk9Ss47YSpuq0XhDrHc3jLYpgTlz0IMJffTiuizmx4zHqV5GI/Z0jJAJoDPaQa+6Bk5JRbCrk5W4G98Bd8Wn9ZPe3Ej2T2w8aI7haug7nGY9AqxOGMc2byluiIvjGZhd5QNY/OG9mCUvi4T+NBYSayBegdFkk67Kblu1qzgQoanSDz05IEuqCeSeBvnvgPo75J0AiOYe4Oqd0nPECijiAsLcTlbbqZMxCT0Wro0DOuKmQ3NHYEAvelCR0HHfJc8fenwLJgGY7lS8nCpXOMzhtdQXeJ2JBZcEKrodnhIzbA4+jV6dGZLKEPO/qr/twzI2P2X4SCAHEUdx6Zc3+lHK2re3QKc7enhwGeAGKJk0uU1GMJtk7QszenY6K2PQNyem4hBazPzdP/HhoXznhK0zLeHH8049oqgvLbejhbgYEiVOIMcc7rqMBfu6
Source: global traffic HTTP traffic detected: GET /_Incapsula_Resource?SWKMTFSR=1&e=0.26895587052974435 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM; ___utmvc=FoqIs5sbkp7rl3dQZosyy/erOv9xBKHIoJ1Zm9qyl/Wm6rQ4WqCLs2IOd/BYGnmvjJETbEK8/ytjEURxWm24hvUiBOgGIbP0oauxSvYbLdVn4rYHuPDP3QV1L1GVlSnVGbjn9dhl6fnudazZNxlpnkZGYXpgwoJyYjeu8SVrAdHS1XVkwGX9ZRHHBttvEcv8ljf3Ve91JYz+95boJvxklorAu7QczWOoaYINJ07Ut50vy22bZnzhn90rRBq8Iim111RVLDt0yflsOV9HJHoUVbDmzd/h9psOhizJPZV0DkLmKylXtabZ4zaCfwKkwBJWyveqyX+HV2YhwTL8qLsNyFH8vm7k6B/mLxK9y/O84f64R/mYAK1ZpoMo89FkyRa/OPzBYmQM66ygnSWIEeni/cm54W/ADrjIPtdctp2JHieV2eIYWv2/jK85Ya+Ij3vGA7rVSv4VWQN0/qBdJIvtku9ZnzEEqmlQu/Dk5n6W8fI8V73HBewho2MV8mo32M9SJ4JAPnr+4ovd1UzrW0j8alvtRtHzr31Tg43Ywj+qBdfE5o9E4DCkmu0yozSebNiH/dTVZOBZ/6K/UbxueALU2IjhR6iW2wUOXy28tya/ZdK5S06hStBgPksAJIFDjLnLuQnwQF1Fic0YC9as07DMLb5zrarUQ29WJWhLTTdpc3t5smdmkRN7RzsCl/4Ep5iXI4TNTuijrT3Dj8AQP9oWQiedRJHvb9K9jIBvGUwf+cE6XLwthhoTegp2EUsl7vAtjlV9GkcW6RKG/BB+oErk92VUJEkg3tQF8jdx8y5bBHSDkpZ9CMXXP2OL1N+x4FEe6Imgtd1vBFevXxa75a8A21O1fVx2vZkSSq+LS8X2sXZX94DmnJb9bRhdMfY51gQG5vCy1WfsSXJTuQ6lg7w7LscYfRWrTeEr6OcNBmsHp/AVvpb3A9CRPWOZ3TIZVpfb21LylySCme9rDYdeqrvDQ6E4Rb/j7Y6UMZt55JVK8vcuA7DsJWUUzQ7tsRiExVhKIA0hlqSnS5gcOv3WQlkdzZVDGtSzH3XAyM1mS9LRyVVkqAOPPDqqIz4A4SIC38ZLkIWu67p73iIR/+S9BjnmA60ZkgXwt14kGjNnhQC92FMH6I9XJzTGA5t+aQ/C7dCfb52XOonuL8HQwvKoW/9JCMHdV2F6t6nuABkhMLIuPXtyl2zGTFFQHnGmkfQ5GvDDY6t7xvTYOucS6XjOOQ++/MGRiSn1z8iDPGhgvxXw0rYCjwfuwtqzaBhPdAJSxD61/Vd1x4rSrjlq4SJnDE4ctUQcIcf9hqVZQdhDYJC3HEnR+Lj+mBcO3ZNPmGfkp/BDr1NUgZTbbGdM4ZHkpwTa76q43kj+ELkElIFW4SWZ0YP+FQyhLImJYuXAxmH8XTqoNUYXvA9jiISwcoEeLPqsQuJuIbb/e0CaYxXHyYVhb43pIF79/KOyEosos+3dvVaQKiSgOQExNb1taLsPGnes75O2sdY65oY/qACGQ/BiqX4AnpV9DDqZkHDapxPNZ+fFQGRdunzpLUceMoXUfHSu780DIGuvJ4IMoJr/2LUU3utj1743s83DQxOKaVYPqSXadxQPMk9Ss47YSpuq0XhDrHc3jLYpgTlz0IMJffTiuizmx4zHqV5GI/Z0jJAJoDPaQa+6Bk5JRbCrk5W4G98Bd8Wn9ZPe3Ej2T2w8aI7haug7nGY9AqxOGMc2byluiIvjGZhd5QNY/OG9mCUvi4T+NBYSayBegdFkk67Kblu1qzgQoanSDz05IEuqCeSeBvnvgPo75J0AiOYe4Oqd0nPECijiAsLcTlbbqZMxCT0Wro0DOuKmQ3NHYEAvelCR0HHfJc8fenwLJgGY7lS8nCpXOMzhtdQXeJ2JBZcEKrodnhIzbA4+jV6dGZLKEPO/qr/twzI2P2X4SCAHEUdx6Zc3+lHK2re3QKc7enhwGeAGKJk0uU1GMJtk7QszenY6K2PQNyem4hBazPzdP/HhoXznhK0zLeHH8049oqgvLbejhbgYEiVOIMcc7rqMBfu6BVXzriAK4BS5EmcRRmY/BkrGvO1ctX9tEaEHbJeAWH6eTaqTOwNZitPhn1prVnl///q5bqRuA0FZ56qdip+S+6nFcz/8dSmA3oexG/JE0ut4j2QpMjKhG6Kj4o/tOHTqz+u5FbjGlKrJOEeVHIRa5/obWb3SXvx/SFC45kOfvk/K6EkXQ3+SNm5K7zxYUkcFgXt8IiIShi9SYw1w+xM9jFdexFL/pS6Xqm2cHgApEpIdihdpBxoFcsHMCbXVN3i1DBrgBMUBD
Source: global traffic HTTP traffic detected: GET /Content/kendo/2021.1.330/styles/Bootstrap/loading-image.gif HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM; ___utmvc=FoqIs5sbkp7rl3dQZosyy/erOv9xBKHIoJ1Zm9qyl/Wm6rQ4WqCLs2IOd/BYGnmvjJETbEK8/ytjEURxWm24hvUiBOgGIbP0oauxSvYbLdVn4rYHuPDP3QV1L1GVlSnVGbjn9dhl6fnudazZNxlpnkZGYXpgwoJyYjeu8SVrAdHS1XVkwGX9ZRHHBttvEcv8ljf3Ve91JYz+95boJvxklorAu7QczWOoaYINJ07Ut50vy22bZnzhn90rRBq8Iim111RVLDt0yflsOV9HJHoUVbDmzd/h9psOhizJPZV0DkLmKylXtabZ4zaCfwKkwBJWyveqyX+HV2YhwTL8qLsNyFH8vm7k6B/mLxK9y/O84f64R/mYAK1ZpoMo89FkyRa/OPzBYmQM66ygnSWIEeni/cm54W/ADrjIPtdctp2JHieV2eIYWv2/jK85Ya+Ij3vGA7rVSv4VWQN0/qBdJIvtku9ZnzEEqmlQu/Dk5n6W8fI8V73HBewho2MV8mo32M9SJ4JAPnr+4ovd1UzrW0j8alvtRtHzr31Tg43Ywj+qBdfE5o9E4DCkmu0yozSebNiH/dTVZOBZ/6K/UbxueALU2IjhR6iW2wUOXy28tya/ZdK5S06hStBgPksAJIFDjLnLuQnwQF1Fic0YC9as07DMLb5zrarUQ29WJWhLTTdpc3t5smdmkRN7RzsCl/4Ep5iXI4TNTuijrT3Dj8AQP9oWQiedRJHvb9K9jIBvGUwf+cE6XLwthhoTegp2EUsl7vAtjlV9GkcW6RKG/BB+oErk92VUJEkg3tQF8jdx8y5bBHSDkpZ9CMXXP2OL1N+x4FEe6Imgtd1vBFevXxa75a8A21O1fVx2vZkSSq+LS8X2sXZX94DmnJb9bRhdMfY51gQG5vCy1WfsSXJTuQ6lg7w7LscYfRWrTeEr6OcNBmsHp/AVvpb3A9CRPWOZ3TIZVpfb21LylySCme9rDYdeqrvDQ6E4Rb/j7Y6UMZt55JVK8vcuA7DsJWUUzQ7tsRiExVhKIA0hlqSnS5gcOv3WQlkdzZVDGtSzH3XAyM1mS9LRyVVkqAOPPDqqIz4A4SIC38ZLkIWu67p73iIR/+S9BjnmA60ZkgXwt14kGjNnhQC92FMH6I9XJzTGA5t+aQ/C7dCfb52XOonuL8HQwvKoW/9JCMHdV2F6t6nuABkhMLIuPXtyl2zGTFFQHnGmkfQ5GvDDY6t7xvTYOucS6XjOOQ++/MGRiSn1z8iDPGhgvxXw0rYCjwfuwtqzaBhPdAJSxD61/Vd1x4rSrjlq4SJnDE4ctUQcIcf9hqVZQdhDYJC3HEnR+Lj+mBcO3ZNPmGfkp/BDr1NUgZTbbGdM4ZHkpwTa76q43kj+ELkElIFW4SWZ0YP+FQyhLImJYuXAxmH8XTqoNUYXvA9jiISwcoEeLPqsQuJuIbb/e0CaYxXHyYVhb43pIF79/KOyEosos+3dvVaQKiSgOQExNb1taLsPGnes75O2sdY65oY/qACGQ/BiqX4AnpV9DDqZkHDapxPNZ+fFQGRdunzpLUceMoXUfHSu780DIGuvJ4IMoJr/2LUU3utj1743s83DQxOKaVYPqSXadxQPMk9Ss47YSpuq0XhDrHc3jLYpgTlz0IMJffTiuizmx4zHqV5GI/Z0jJAJoDPaQa+6Bk5JRbCrk5W4G98Bd8Wn9ZPe3Ej2T2w8aI7haug7nGY9AqxOGMc2byluiIvjGZhd5QNY/OG9mCUvi4T+NBYSayBegdFkk67Kblu1qzgQoanSDz05IEuqCeSeBvnvgPo75J0AiOYe4Oqd0nPECijiAsLcTlbbqZMxCT0Wro0DOuKmQ3NHYEAvelCR0HHfJc8fenwLJgGY7lS8nCpXOMzhtdQXeJ2JBZcEKrodnhIzbA4+jV6dGZLKEPO/qr/twzI2P2X4SCAHEUdx6Zc3+lHK2re3QKc7enhwGeAGKJk0uU1GMJtk7QszenY6K2PQNyem4hBazPzdP/HhoXznhK0zLeHH8049oqgvLbejhbgYEiVOIMcc7rqMBfu6BVXzriAK4BS5EmcRRmY/BkrGvO1ctX9tEaEHbJeAWH6eTaqTOwNZitPhn1prVnl///q5bqRuA0FZ56qdip+S+6nFcz/8dSmA3oexG/JE0ut4j2QpMjKhG6Kj4o/tOHTqz+u5FbjGlKrJOEeVHIRa5/obWb3SXvx/SFC45kOfvk/K6EkXQ3+SNm5K7zxYUkcFgXt8IiIShi9SYw1w+xM9jFdexFL/pS6Xqm2cHgApEpIdihdpBxoFcsHMCbXVN3i1DB
Source: global traffic HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /site.webmanifest HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /References/DisplayAgreement/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1?agreementId=-1&id=0.6545967574477802 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: objectReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=D5R8rkTuVRZDnlg&MD=fO+53Tos HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=D5R8rkTuVRZDnlg&MD=fO+53Tos HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic DNS traffic detected: DNS query: ohs39.esophaccess.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 HTTP/1.1Host: ohs39.esophaccess.comConnection: keep-aliveContent-Length: 48sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://ohs39.esophaccess.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=vgnsb55xdzls5hgeoy2piyhl; visid_incap_1180954=nmuPFEGsQtC5YVgnIk3ng+b3H2cAAAAAQUIPAAAAAABoJiXOOmJZjOBVkQP/cipV; incap_ses_552_1180954=HNMuXNuHD32TLaTeQRmpB+b3H2cAAAAAqZkOaCHpDxTlqDBic9O3sw==; Accessed_cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1=10/28/2024 8:45:27 PM
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://darlesson.com/contact/
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://darlesson.com/donate/
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://darlesson.com/jquery/
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Accordion#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Autocomplete#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Button#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Datepicker#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Dialog#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Menu#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Progressbar#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Resizable#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Selectable#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Slider#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Tabs#theming
Source: chromecache_119.1.dr String found in binary or memory: http://docs.jquery.com/UI/Theming/API
Source: chromecache_100.1.dr String found in binary or memory: http://fontawesome.io
Source: chromecache_100.1.dr String found in binary or memory: http://fontawesome.io/license
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://jqueryui.com
Source: chromecache_119.1.dr String found in binary or memory: http://jqueryui.com/about)
Source: chromecache_119.1.dr String found in binary or memory: http://jqueryui.com/themeroller/
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://mths.be/placeholder
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://www.darlesson.com/
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_117.1.dr, chromecache_112.1.dr, chromecache_103.1.dr String found in binary or memory: http://www.telerik.com/kendo-ui)
Source: chromecache_117.1.dr, chromecache_112.1.dr, chromecache_103.1.dr String found in binary or memory: http://www.telerik.com/purchase/license-agreement/kendo-ui-complete
Source: chromecache_109.1.dr, chromecache_106.1.dr, chromecache_110.1.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_92.1.dr, chromecache_102.1.dr String found in binary or memory: https://github.com/kriskowal/es5-shim/blob/master/es5-shim.js
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: https://github.com/mattyork/fuzzy
Source: chromecache_106.1.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_97.1.dr, chromecache_90.1.dr String found in binary or memory: https://jqueryvalidation.org/
Source: chromecache_91.1.dr String found in binary or memory: https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb)
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: https://stackoverflow.com/questions/29850407/how-do-i-replace-unicode-character-u00a0-with-a-space-i
Source: chromecache_118.1.dr, chromecache_99.1.dr String found in binary or memory: https://www.google.com/maps/search/
Source: chromecache_116.1.dr, chromecache_93.1.dr String found in binary or memory: https://www.webdavsystem.com/ajax/
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49750 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49749 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49752 version: TLS 1.2
Source: classification engine Classification label: sus21.win@27/63@10/5
Source: chromecache_91.1.dr Initial sample: https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb
Source: chromecache_91.1.dr Initial sample: https://ohs39.esophaccess.com/references/welcome/mpdgmd4kxrmbgjb
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1936,i,10593669525886243470,14782374400954985264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb"
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\downloaded.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1984,i,572909283732964070,11348627644156835322,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1936,i,10593669525886243470,14782374400954985264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1984,i,572909283732964070,11348627644156835322,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected

Persistence and Installation Behavior
barindex
AI detected landing page (webpage, office document or email)
Source: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 LLM: Page contains button: 'Click here to Continue' Source: '0.0.pages.csv'
Source: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 LLM: Page contains button: 'Click here to Continue' Source: '0.1.pages.csv'
Source: https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 LLM: Page contains button: 'Click here to Continue' Source: '0.2.pages.csv'
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 91
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 91 Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1544129 URL: https://ohs39.esophaccess.c... Startdate: 28/10/2024 Architecture: WINDOWS Score: 21 30 AI detected landing page (webpage, office document or email) 2->30 6 chrome.exe 20 2->6         started        9 chrome.exe 2->9         started        11 rundll32.exe 2->11         started        13 chrome.exe 2->13         started        process3 dnsIp4 20 192.168.2.16, 443, 49698, 49699 unknown unknown 6->20 22 239.255.255.250 unknown Reserved 6->22 15 chrome.exe 6->15         started        18 chrome.exe 9->18         started        process5 dnsIp6 24 vvrzupu.x.incapdns.net 107.154.80.142, 443, 49698, 49699 INCAPSULAUS United States 15->24 26 www.google.com 172.217.16.196, 443, 49714 GOOGLEUS United States 15->26 28 2 other IPs or domains 15->28
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
216.58.212.132
 unknown United States
15169 GOOGLEUS false
107.154.80.142
 vvrzupu.x.incapdns.net United States
19551 INCAPSULAUS false
172.217.16.196
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
vvrzupu.x.incapdns.net 107.154.80.142 true
www.google.com 172.217.16.196 true
ohs39.esophaccess.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://ohs39.esophaccess.com/bundles/bootstrap?v=UFzCRZZKzf6Rz11TRh1pt2Tg9eMDz3OMlojM4P99Vfc1 false
    		unknown
    https://ohs39.esophaccess.com/bundles/jquery?v=UdeEEOXxYcVzRs5ceu3Y17hDfbjPxi8_UU6lUV15LVo1 false
      		unknown
      https://ohs39.esophaccess.com/bundles/modernizr?v=2twPtszsTL39hTiKwvPlVlNga_BJ8EIzShIX0ej7LAo1 false
        		unknown
        https://ohs39.esophaccess.com/References/DisplayAgreement/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1?agreementId=-1&id=0.6545967574477802 false
          		unknown
          https://ohs39.esophaccess.com/Content/GetLogo/1 false
            		unknown
            https://ohs39.esophaccess.com/_Incapsula_Resource?SWKMTFSR=1&e=0.26895587052974435 false
              		unknown
              https://ohs39.esophaccess.com/styles/esoph?v=526TV1rimbNJiX1IMWG0GbOicnaGbIUqApIuNMhH2t41 false
                		unknown
                https://ohs39.esophaccess.com/bundles/esoph-ui?v=48FW-CDdYFCo1w5LyuRf25ubHUQUKzUDUf3B7t4qHT01 false
                  		unknown
                  https://ohs39.esophaccess.com/References/Welcome/mpdGmd4KxRMBGjb false
                    		unknown
                    https://ohs39.esophaccess.com/bundles/validation?v=PSc04pNH8q-tCxMJajaaRbnt7E2oMXn46b4bz7UAibw1 false
                      		unknown
                      https://ohs39.esophaccess.com/styles/fonts?v=DUWOACtUUuPvOE2WI8GBuvpFx_4dhKeQhd38wtV3A8I1 false
                        		unknown
                        https://ohs39.esophaccess.com/Content/kendo/2021.1.330/styles/Bootstrap/loading-image.gif false
                          		unknown
                          https://ohs39.esophaccess.com/styles/jqueryui?v=D-YWWoSj__5oFkStCpQ60Y36Bf4tIZOXuK8bGvBaZnk1 false
                            		unknown
                            https://ohs39.esophaccess.com/site.webmanifest false
                              		unknown
                              file:///C:/Users/user/Downloads/downloaded.htm false
                                		unknown
                                https://ohs39.esophaccess.com/References/Agreements/cc6ea4b4-7ef2-4da9-bbd2-aa004c3564b1 true
                                  		unknown
                                  https://ohs39.esophaccess.com/bundles/kendo?v=8uGZxrOV1d9aGgqDZk-vF5KTLX_2HtHQifJ9nfnVLrk1 false
                                    		unknown
                                    https://ohs39.esophaccess.com/bundles/references?v=7RX8YxIyGrIbHud5lYbhJPRu0ELUH78ONxcSjmo0y8M1 false
                                      		unknown
                                      https://ohs39.esophaccess.com/favicon-32x32.png false
                                        		unknown
                                        https://ohs39.esophaccess.com/Content/bootstrap?v=s8SxFDMr-eBJl8GY2Ji-1R70AkavwlKU1nTl9CWPJvk1 false
                                          		unknown
                                          https://ohs39.esophaccess.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=1322174135 false
                                            		unknown
                                            https://ohs39.esophaccess.com/styles/tribute?v=GuBw4Pc-waI_9EJF1V_Cc3ywEsyvUPTNBzwzolV66OI1 false
                                              		unknown
                                              https://ohs39.esophaccess.com/Assets/Sounds/Notification%20chime%20fast%20trill.wav false
                                                		unknown