| mitmdetection.services.mozilla.com/ | 54.230.111.77 | | 0 B |
URL mitmdetection.services.mozilla.com/ IP54.230.111.77:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: mitmdetection.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-type: application/xml
date: Thu, 25 Apr 2024 07:29:15 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kz-rww1aFPsU2iZR6ktZOoFFl6wzwXSJW2fLgNyF2fxa_F_kIWn7ZA==
X-Firefox-Spdy: h2
|
|
| | 14.143.108.245 | 302 Found | 59 B |
URL User Request GET HTTP/1.1IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeHTML document, ASCII text Hash20b5dcc7a42ef848f11b67929654c7b2 1c4c4bbfb63f51eae1ae53cdd3baa83bbb998ca3 c49c6e7ed4e7f44391cff036e6eeca2371f324c272cd563cd551ea58f0995ac2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Location: https://14.143.108.245/__session_start__/
Server: OpenVPN-AS
Set-Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1; Expires=Thu, 25 Apr 2024 07:58:02 GMT; Path=/; Secure; HttpOnly
|
|
| 14.143.108.245/__session_start__/ | 14.143.108.245 | 302 Found | 59 B |
URL User Request GET HTTP/1.114.143.108.245/__session_start__/ IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeHTML document, ASCII text Hash20b5dcc7a42ef848f11b67929654c7b2 1c4c4bbfb63f51eae1ae53cdd3baa83bbb998ca3 c49c6e7ed4e7f44391cff036e6eeca2371f324c272cd563cd551ea58f0995ac2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /__session_start__/ HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Location: https://14.143.108.245/
Server: OpenVPN-AS
|
|
| | 14.143.108.245 | 302 Found | 0 B |
URL User Request GET HTTP/1.1IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Location: /?src=connect
Server: OpenVPN-AS
|
|
| 14.143.108.245/?src=connect | 14.143.108.245 | 200 OK | 3.4 kB |
URL User Request GET HTTP/1.114.143.108.245/?src=connect IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeHTML document, ASCII text, with very long lines (669) Hash7858b4f3880c262754daa2e5cc2a0062 e5c98287f47e27513d9ff780c4e2563b13823a08 e902e71bd521e0e7026ac2e04aa417dad4d3b119dc2cb23d79d7eb56d8775e38
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?src=connect HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 3400
Server: OpenVPN-AS
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 25 Apr 2024 07:28:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
|
|
| 14.143.108.245/css/style.css?v=1502995410 | 14.143.108.245 | 200 OK | 16 kB |
URL GET HTTP/1.114.143.108.245/css/style.css?v=1502995410 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
Hash993fa19e677585db2b0017c7dfdc9c82 15e82fec1ea97c47b43eec68dc0cdc2f5b4de0aa 691a5c2233d72769173537bccdc9b1b4dcd967ca26eb95b05b8a8a04bee41db3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /css/style.css?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Content-Length: 15791
Server: OpenVPN-AS
|
|
| 14.143.108.245/js/lib/json2.min.js | 14.143.108.245 | 200 OK | 3.4 kB |
URL GET HTTP/1.114.143.108.245/js/lib/json2.min.js IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeJavaScript source, ASCII text, with very long lines (582), with CRLF line terminators Hash35ee2c48bc8e66cbf949aab854d65d04 e1a916748c79387ac69c4add0fe977607e47780a 6082321fa006c2afea53132ac86165e4a598f3e53b2721cc8dedcbeacb667e54
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/lib/json2.min.js HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 3436
Server: OpenVPN-AS
|
|
| 14.143.108.245/js/lib/qrcode.js | 14.143.108.245 | 404 Not Found | 120 B |
URL GET HTTP/1.114.143.108.245/js/lib/qrcode.js IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeHTML document, ASCII text, with no line terminators Hash6499b5b4c1df2274377462d826bda594 9791e33e15a9d3243c435ec0f3a126968d6df8e9 69188b95759fc039a8295f53ba5f9b3e2c24171cbb1156cdd466914c9bfe725c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/lib/qrcode.js HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Server: OpenVPN-AS
|
|
| 14.143.108.245/js/lib-cws.js?v=1502995410 | 14.143.108.245 | 200 OK | 7.6 kB |
URL GET HTTP/1.114.143.108.245/js/lib-cws.js?v=1502995410 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeJavaScript source, ASCII text, with very long lines (543) Hashd5664ae9460f778b4b6d1221c05dd7f1 45d1504d08662a6c95a40bb403a6c2e00d31a609 53e7e6fedbe28db888bb85f48d0cc207f91a16035c00a28408ea80ad35c8dd52
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/lib-cws.js?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 7634
Server: OpenVPN-AS
|
|
| 14.143.108.245/logo | 14.143.108.245 | 200 OK | 11 kB |
IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typePNG image data, 200 x 52, 8-bit/color RGBA, non-interlaced Hashe542c0ab6565c8731c4f168954203612 650977aa164dc3d77e2e07cda538e7d49db890de d2147247fc4213622fa70b5037d43db2f00641a8319273a69fd4d892cbbd0f63
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /logo HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 10982
Expires: Thu, 25 Apr 2024 07:28:04 GMT
Server: OpenVPN-AS
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
|
|
| 14.143.108.245/js/connect-cws.js?v=1502995410 | 14.143.108.245 | 200 OK | 26 kB |
URL GET HTTP/1.114.143.108.245/js/connect-cws.js?v=1502995410 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeJavaScript source, ASCII text, with very long lines (548) Hash4c20a61138bf69e95dcd3acf118cb275 d84cdb625195caa954111e4be3304606aeee4a33 705a39db82275145fd6e9277d250ce8840080dd4fc19fb083e7c7dc329f4061b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/connect-cws.js?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 25648
Server: OpenVPN-AS
|
|
| 14.143.108.245/js/lib/jquery-3.2.1.min.js | 14.143.108.245 | 200 OK | 87 kB |
URL GET HTTP/1.114.143.108.245/js/lib/jquery-3.2.1.min.js IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeJavaScript source, ASCII text, with very long lines (32058) Hashc9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /js/lib/jquery-3.2.1.min.js HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 86659
Server: OpenVPN-AS
|
|
| 14.143.108.245/favicon.ico | 14.143.108.245 | 200 OK | 1.2 kB |
URL GET HTTP/1.114.143.108.245/favicon.ico IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Hash32a8c07c149098f52cda6c0d6b19fdce b4f5917543a5c593ea6131159f4c93cae0462a3b b63c06fc9bee3e2135aedbb6f96b44c777b75a00ad8d3df8dcf572f9ab2bde75
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/x-icon
Content-Length: 1150
Server: OpenVPN-AS
|
|
| 14.143.108.245/html/login.html?v=1502995410 | 14.143.108.245 | 200 OK | 767 B |
URL GET HTTP/1.114.143.108.245/html/login.html?v=1502995410 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
Hashf786c1bc7b1d30b794df53e82cc1861a d917eb46539750a4f901df1b59e1278aee41402b eb50d2e348da3ebf6efa20f248e493c4d9f85a59e13b26588ae9a4a649536e0b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /html/login.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 767
Server: OpenVPN-AS
|
|
| 14.143.108.245/html/login-challenge.html?v=1502995410 | 14.143.108.245 | 200 OK | 419 B |
URL GET HTTP/1.114.143.108.245/html/login-challenge.html?v=1502995410 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
Hash881a17e1075d9966e1c8c1f8be39206e c829e3e8acbb1f7c10126accbad06e858e530277 57773f236df38620368c2248a170a6eac77e3ca1ea6732e150d65f1bfcebcb02
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /html/login-challenge.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 419
Server: OpenVPN-AS
|
|
| 14.143.108.245/html/progress.html?v=1502995410 | 14.143.108.245 | 200 OK | 111 B |
URL GET HTTP/1.114.143.108.245/html/progress.html?v=1502995410 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
Hash58bc937a354b4a4d911de8bc6ea03a57 9f21560ebbdf9b774ad0a7c32a9474ca17977974 a21527d28fab7d64866d36b4a9a6483c2fde23059e823bfb07f15675e48ecd1c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /html/progress.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 111
Server: OpenVPN-AS
|
|
| 14.143.108.245/html/downloads.html?v=1502995410 | 14.143.108.245 | 200 OK | 2.2 kB |
URL GET HTTP/1.114.143.108.245/html/downloads.html?v=1502995410 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeHTML document, ASCII text Hashec25a1b1abe16b1bd1bd64022b356a9b afda4b8ebf48aebabf20e9ac6aa8b51b7ea3f9c4 365a620cbcb8a1fa9a16b8750f463b3654396bf3146f68e1e847248bb1870f9b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /html/downloads.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 2152
Server: OpenVPN-AS
|
|
| 14.143.108.245/images/progress.gif | 14.143.108.245 | 200 OK | 8.7 kB |
URL GET HTTP/1.114.143.108.245/images/progress.gif IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeGIF image data, version 89a, 48 x 48 Hashd7fdf29a6b3c355128d9b710e5701a4b 76507d9bf8fea48a7180cca0846629d9871e056a cc8a777b5634abf4a6beef8fe28c0add3351b3f5c52db0cabee122165d5fa3da
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /images/progress.gif HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Content-Length: 8711
Server: OpenVPN-AS
|
|
| 14.143.108.245/session2.json?_ts=1714030160220 | 14.143.108.245 | 404 Not Found | 120 B |
URL GET HTTP/1.114.143.108.245/session2.json?_ts=1714030160220 IP14.143.108.245:443 ASN#4755 TATA Communications formerly VSNL is Leading ISP
Requested byhttps://14.143.108.245/?src=connect CertificateIssuer Subjectconnect.tataiq.xyz Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4 ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT
File typeHTML document, ASCII text, with no line terminators Hash6499b5b4c1df2274377462d826bda594 9791e33e15a9d3243c435ec0f3a126968d6df8e9 69188b95759fc039a8295f53ba5f9b3e2c24171cbb1156cdd466914c9bfe725c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /session2.json?_ts=1714030160220 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/plain, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-OpenVPN: 1
X-CWS-Proto-Ver: 2
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Server: OpenVPN-AS
|
|
| client.openvpn.net:946/detect.png?_ts=1714030160221 | 0.0.0.0 | | 0 B |
URL GET client.openvpn.net:946/detect.png?_ts=1714030160221 IP0.0.0.0:0
Requested byhttps://14.143.108.245/?src=connect
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /detect.png?_ts=1714030160221 HTTP/1.1
Host: client.openvpn.net:946
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|