Report - 14.143.108.245/

Report Overview

Submitted URL
14.143.108.245/
IP
14.143.108.245
ASN
#4755 TATA Communications formerly VSNL is Leading ISP
Submitted
2024-04-25 07:29:39
Access
public
Website Title
OpenVPN Connect
Final URL
14.143.108.245/?src=connect
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
	unknown				447 B	0 B	0.0.0.0
mitmdetection.services.mozilla.com	67826	1994-10-18	2019-07-22	2024-04-23	366 B	326 B	54.230.111.77
14.143.108.245	unknown	unknown	No data	No data	9.6 kB	170 kB	14.143.108.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed
2024-04-25	medium	14.143.108.245	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	14.143.108.245/?src=connect	162 B	2023-05-17	2024-04-29
Pretty URL 14.143.108.245/?src=connect IP 14.143.108.245 ASN #4755 TATA Communications formerly VSNL is Leading ISP Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-17 11:47:41 Last Seen2024-04-29 11:23:43 Times Seen13 Hash cfbf6d91652b9710ed15a8fd8f29180b 02f5983f8b9c1d0f4a4528ac98af8d68072a6bba 5d10251a90d34461d2f5f03846030c73d99aa56db7af3e85534234ceddaf5475 Loading...

	14.143.108.245/js/lib/jquery-3.2.1.min.js	87 kB	2023-03-07	2024-05-04
Pretty URL 14.143.108.245/js/lib/jquery-3.2.1.min.js IP 14.143.108.245 ASN #4755 TATA Communications formerly VSNL is Leading ISP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-04 10:44:12 Times Seen64419 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	14.143.108.245/js/lib-cws.js?v=1502995410	7.6 kB	2024-04-25	2024-04-29
Pretty URL 14.143.108.245/js/lib-cws.js?v=1502995410 IP 14.143.108.245 ASN #4755 TATA Communications formerly VSNL is Leading ISP Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 09:29:45 Last Seen2024-04-29 11:23:43 Times Seen4 Hash d5664ae9460f778b4b6d1221c05dd7f1 45d1504d08662a6c95a40bb403a6c2e00d31a609 53e7e6fedbe28db888bb85f48d0cc207f91a16035c00a28408ea80ad35c8dd52 Loading...

	14.143.108.245/js/connect-cws.js?v=1502995410	26 kB	2024-04-25	2024-04-29
Pretty URL 14.143.108.245/js/connect-cws.js?v=1502995410 IP 14.143.108.245 ASN #4755 TATA Communications formerly VSNL is Leading ISP Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 09:29:45 Last Seen2024-04-29 11:23:43 Times Seen4 Hash 4c20a61138bf69e95dcd3acf118cb275 d84cdb625195caa954111e4be3304606aeee4a33 705a39db82275145fd6e9277d250ce8840080dd4fc19fb083e7c7dc329f4061b Loading...

	14.143.108.245/js/lib/json2.min.js	3.4 kB	2023-05-17	2024-04-29
Pretty URL 14.143.108.245/js/lib/json2.min.js IP 14.143.108.245 ASN #4755 TATA Communications formerly VSNL is Leading ISP Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 11:47:41 Last Seen2024-04-29 11:23:43 Times Seen25 Hash 35ee2c48bc8e66cbf949aab854d65d04 e1a916748c79387ac69c4add0fe977607e47780a 6082321fa006c2afea53132ac86165e4a598f3e53b2721cc8dedcbeacb667e54 Loading...

	14.143.108.245/?src=connect	1.4 kB	2024-04-25	2024-04-29
Pretty URL 14.143.108.245/?src=connect IP 14.143.108.245 ASN #4755 TATA Communications formerly VSNL is Leading ISP Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 09:29:45 Last Seen2024-04-29 11:23:43 Times Seen2 Hash c3c94924369f85d242478bfeb1eb0bfe d6ddba8f6eb94f1e8a2616ebab8d8c2c86dae7f6 8487087891751bc09b83a868341b7991b14a95f4b54f10dfb887913eb36fec2d Loading...

HTTP Transactions (20)

URL IP Response Size

mitmdetection.services.mozilla.com/

54.230.111.77

0 B

URL
mitmdetection.services.mozilla.com/
IP
54.230.111.77:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: mitmdetection.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-type: application/xml
date: Thu, 25 Apr 2024 07:29:15 GMT
server: AmazonS3
x-cache: Error from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kz-rww1aFPsU2iZR6ktZOoFFl6wzwXSJW2fLgNyF2fxa_F_kIWn7ZA==
X-Firefox-Spdy: h2

14.143.108.245/

14.143.108.245

302 Found

59 B

URL User Request GET HTTP/1.1
14.143.108.245/
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
HTML document, ASCII text
Size
59 B (59 bytes)
Hash
20b5dcc7a42ef848f11b67929654c7b2
1c4c4bbfb63f51eae1ae53cdd3baa83bbb998ca3
c49c6e7ed4e7f44391cff036e6eeca2371f324c272cd563cd551ea58f0995ac2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Location: https://14.143.108.245/__session_start__/
Server: OpenVPN-AS
Set-Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1; Expires=Thu, 25 Apr 2024 07:58:02 GMT; Path=/; Secure; HttpOnly

14.143.108.245/__session_start__/

14.143.108.245

302 Found

59 B

URL User Request GET HTTP/1.1
14.143.108.245/__session_start__/
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
HTML document, ASCII text
Size
59 B (59 bytes)
Hash
20b5dcc7a42ef848f11b67929654c7b2
1c4c4bbfb63f51eae1ae53cdd3baa83bbb998ca3
c49c6e7ed4e7f44391cff036e6eeca2371f324c272cd563cd551ea58f0995ac2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /__session_start__/ HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:02 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Location: https://14.143.108.245/
Server: OpenVPN-AS

14.143.108.245/

14.143.108.245

302 Found

0 B

URL User Request GET HTTP/1.1
14.143.108.245/
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Location: /?src=connect
Server: OpenVPN-AS

14.143.108.245/?src=connect

14.143.108.245

200 OK

3.4 kB

URL User Request GET HTTP/1.1
14.143.108.245/?src=connect
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
HTML document, ASCII text, with very long lines (669)
Size
3.4 kB (3400 bytes)
Hash
7858b4f3880c262754daa2e5cc2a0062
e5c98287f47e27513d9ff780c4e2563b13823a08
e902e71bd521e0e7026ac2e04aa417dad4d3b119dc2cb23d79d7eb56d8775e38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?src=connect HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 3400
Server: OpenVPN-AS
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 25 Apr 2024 07:28:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html

14.143.108.245/css/style.css?v=1502995410

14.143.108.245

200 OK

16 kB

URL GET HTTP/1.1
14.143.108.245/css/style.css?v=1502995410
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
ASCII text
Size
16 kB (15791 bytes)
Hash
993fa19e677585db2b0017c7dfdc9c82
15e82fec1ea97c47b43eec68dc0cdc2f5b4de0aa
691a5c2233d72769173537bccdc9b1b4dcd967ca26eb95b05b8a8a04bee41db3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:03 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Content-Length: 15791
Server: OpenVPN-AS

14.143.108.245/js/lib/json2.min.js

14.143.108.245

200 OK

3.4 kB

URL GET HTTP/1.1
14.143.108.245/js/lib/json2.min.js
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
JavaScript source, ASCII text, with very long lines (582), with CRLF line terminators
Size
3.4 kB (3436 bytes)
Hash
35ee2c48bc8e66cbf949aab854d65d04
e1a916748c79387ac69c4add0fe977607e47780a
6082321fa006c2afea53132ac86165e4a598f3e53b2721cc8dedcbeacb667e54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/lib/json2.min.js HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 3436
Server: OpenVPN-AS

14.143.108.245/js/lib/qrcode.js

14.143.108.245

404 Not Found

120 B

URL GET HTTP/1.1
14.143.108.245/js/lib/qrcode.js
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
120 B (120 bytes)
Hash
6499b5b4c1df2274377462d826bda594
9791e33e15a9d3243c435ec0f3a126968d6df8e9
69188b95759fc039a8295f53ba5f9b3e2c24171cbb1156cdd466914c9bfe725c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/lib/qrcode.js HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Server: OpenVPN-AS

14.143.108.245/js/lib-cws.js?v=1502995410

14.143.108.245

200 OK

7.6 kB

URL GET HTTP/1.1
14.143.108.245/js/lib-cws.js?v=1502995410
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
JavaScript source, ASCII text, with very long lines (543)
Size
7.6 kB (7634 bytes)
Hash
d5664ae9460f778b4b6d1221c05dd7f1
45d1504d08662a6c95a40bb403a6c2e00d31a609
53e7e6fedbe28db888bb85f48d0cc207f91a16035c00a28408ea80ad35c8dd52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/lib-cws.js?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 7634
Server: OpenVPN-AS

14.143.108.245/logo

14.143.108.245

200 OK

11 kB

URL GET HTTP/1.1
14.143.108.245/logo
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
PNG image data, 200 x 52, 8-bit/color RGBA, non-interlaced
Size
11 kB (10982 bytes)
Hash
e542c0ab6565c8731c4f168954203612
650977aa164dc3d77e2e07cda538e7d49db890de
d2147247fc4213622fa70b5037d43db2f00641a8319273a69fd4d892cbbd0f63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /logo HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 10982
Expires: Thu, 25 Apr 2024 07:28:04 GMT
Server: OpenVPN-AS
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png

14.143.108.245/js/connect-cws.js?v=1502995410

14.143.108.245

200 OK

26 kB

URL GET HTTP/1.1
14.143.108.245/js/connect-cws.js?v=1502995410
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
JavaScript source, ASCII text, with very long lines (548)
Size
26 kB (25648 bytes)
Hash
4c20a61138bf69e95dcd3acf118cb275
d84cdb625195caa954111e4be3304606aeee4a33
705a39db82275145fd6e9277d250ce8840080dd4fc19fb083e7c7dc329f4061b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/connect-cws.js?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 25648
Server: OpenVPN-AS

14.143.108.245/js/lib/jquery-3.2.1.min.js

14.143.108.245

200 OK

87 kB

URL GET HTTP/1.1
14.143.108.245/js/lib/jquery-3.2.1.min.js
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/lib/jquery-3.2.1.min.js HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Content-Length: 86659
Server: OpenVPN-AS

14.143.108.245/favicon.ico

14.143.108.245

200 OK

1.2 kB

URL GET HTTP/1.1
14.143.108.245/favicon.ico
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
32a8c07c149098f52cda6c0d6b19fdce
b4f5917543a5c593ea6131159f4c93cae0462a3b
b63c06fc9bee3e2135aedbb6f96b44c777b75a00ad8d3df8dcf572f9ab2bde75

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/x-icon
Content-Length: 1150
Server: OpenVPN-AS

14.143.108.245/html/login.html?v=1502995410

14.143.108.245

200 OK

767 B

URL GET HTTP/1.1
14.143.108.245/html/login.html?v=1502995410
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
ASCII text
Size
767 B (767 bytes)
Hash
f786c1bc7b1d30b794df53e82cc1861a
d917eb46539750a4f901df1b59e1278aee41402b
eb50d2e348da3ebf6efa20f248e493c4d9f85a59e13b26588ae9a4a649536e0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/login.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 767
Server: OpenVPN-AS

14.143.108.245/html/login-challenge.html?v=1502995410

14.143.108.245

200 OK

419 B

URL GET HTTP/1.1
14.143.108.245/html/login-challenge.html?v=1502995410
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
ASCII text
Size
419 B (419 bytes)
Hash
881a17e1075d9966e1c8c1f8be39206e
c829e3e8acbb1f7c10126accbad06e858e530277
57773f236df38620368c2248a170a6eac77e3ca1ea6732e150d65f1bfcebcb02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/login-challenge.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:04 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 419
Server: OpenVPN-AS

14.143.108.245/html/progress.html?v=1502995410

14.143.108.245

200 OK

111 B

URL GET HTTP/1.1
14.143.108.245/html/progress.html?v=1502995410
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
ASCII text
Size
111 B (111 bytes)
Hash
58bc937a354b4a4d911de8bc6ea03a57
9f21560ebbdf9b774ad0a7c32a9474ca17977974
a21527d28fab7d64866d36b4a9a6483c2fde23059e823bfb07f15675e48ecd1c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/progress.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 111
Server: OpenVPN-AS

14.143.108.245/html/downloads.html?v=1502995410

14.143.108.245

200 OK

2.2 kB

URL GET HTTP/1.1
14.143.108.245/html/downloads.html?v=1502995410
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
HTML document, ASCII text
Size
2.2 kB (2152 bytes)
Hash
ec25a1b1abe16b1bd1bd64022b356a9b
afda4b8ebf48aebabf20e9ac6aa8b51b7ea3f9c4
365a620cbcb8a1fa9a16b8750f463b3654396bf3146f68e1e847248bb1870f9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /html/downloads.html?v=1502995410 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html
Content-Length: 2152
Server: OpenVPN-AS

14.143.108.245/images/progress.gif

14.143.108.245

200 OK

8.7 kB

URL GET HTTP/1.1
14.143.108.245/images/progress.gif
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
GIF image data, version 89a, 48 x 48
Size
8.7 kB (8711 bytes)
Hash
d7fdf29a6b3c355128d9b710e5701a4b
76507d9bf8fea48a7180cca0846629d9871e056a
cc8a777b5634abf4a6beef8fe28c0add3351b3f5c52db0cabee122165d5fa3da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/progress.gif HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Content-Length: 8711
Server: OpenVPN-AS

14.143.108.245/session2.json?_ts=1714030160220

14.143.108.245

404 Not Found

120 B

URL GET HTTP/1.1
14.143.108.245/session2.json?_ts=1714030160220
IP
14.143.108.245:443
ASN
#4755 TATA Communications formerly VSNL is Leading ISP

Requested by
https://14.143.108.245/?src=connect
Certificate
Issuer
Subjectconnect.tataiq.xyz
Fingerprint74:87:69:FC:B3:7E:F5:36:73:60:BA:13:F1:E5:2C:65:02:EC:7E:E4
ValiditySat, 08 Dec 2018 10:26:25 GMT - Tue, 12 Dec 2028 10:26:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
120 B (120 bytes)
Hash
6499b5b4c1df2274377462d826bda594
9791e33e15a9d3243c435ec0f3a126968d6df8e9
69188b95759fc039a8295f53ba5f9b3e2c24171cbb1156cdd466914c9bfe725c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /session2.json?_ts=1714030160220 HTTP/1.1
Host: 14.143.108.245
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/plain, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-OpenVPN: 1
X-CWS-Proto-Ver: 2
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/?src=connect
Cookie: openvpn_sess_9116d918178787bade1a956d643f0007=9b754ddb6cff0caf395481f1d12769e1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Transfer-Encoding: chunked
Date: Thu, 25 Apr 2024 07:28:05 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=UTF-8
Server: OpenVPN-AS

client.openvpn.net:946/detect.png?_ts=1714030160221

0.0.0.0

0 B

URL GET
client.openvpn.net:946/detect.png?_ts=1714030160221
IP
0.0.0.0:0
ASN
#0

Requested by
https://14.143.108.245/?src=connect

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /detect.png?_ts=1714030160221 HTTP/1.1
Host: client.openvpn.net:946
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://14.143.108.245/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (20)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate