{"report_id":"2746c8c5-b7ba-46df-bf8f-202bc278cb99","version":6,"status":"done","tags":[],"date":"2024-02-29T18:25:13Z","url":{"schema":"http","addr":"196.200.143.196","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":""},"ip":{"addr":"196.200.143.196","port":0,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"final":{"url":{"schema":"https","addr":"196.200.143.196/","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"title":"196.200.143.196/"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T22:44:18Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"geant.ocsp.sectigo.com","ip":{"addr":"104.18.38.233","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-08-16","domain_rank":50227,"first_seen":"2020-04-15 16:47:00","last_seen":"2024-02-29 14:30:58","alert_count":0,"request_count":1,"received_data":1220,"sent_data":334,"comment":"","tags":null,"fingerprints":null},{"fqdn":"196.200.143.196","ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":8,"request_count":8,"received_data":872214,"sent_data":3425,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"196.200.143.196/Scripts/jquery-3.0.0.min.js","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"introduction_type":"scriptElement","is_inline":false,"md5":"8718a315f515e7152aa01dcf9bd2a4ac","sha1":"7aa800f8a39816b5cb1e57563cf6d12a3d143f2e","sha256":"4a5d64babe8fb6a088d2bb985dd824b1c5bec04487b1d3e3f5780ed45be962c8","sha512":"535273756cf3214bf7afc8635be18519fc92a259785ac107979636bf9bc22b93aaa4f67a6de74ceadde27dc77f0c79a72c6cd5fd593a3b685796fadecf8ce4e7","ssdeep":"1536:35hEyisTikEJqRdXXe2pP7lgoVMEXvdVhvLgSh4xzAdXtqTyZSusjiKx/w7Ug2xV:1QGvHhvLIzuXkTScl//MTDU8CuQ","tlshash":"7583d5d9b2c670529b7730b850bf450bb17a98dab44c8c60f1a8d5d57db8a8d807bf2c","size":86345,"data":"","first_seen":"2023-03-10T03:05:50Z","last_seen":"2026-06-10T19:18:20.075526Z","times_seen":126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-12T01:48:45.160697Z","times_seen":16340841,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"geant.ocsp.sectigo.com/","fqdn":"geant.ocsp.sectigo.com","domain":"sectigo.com","tld":"com"},"ip":{"addr":"104.18.38.233","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-02-29T18:24:50.325235692Z","timestamp":1709231090325,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: geant.ocsp.sectigo.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 84\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 29 Feb 2024 18:24:50 GMT\r\nContent-Type: application/ocsp-response\r\nContent-Length: 728\r\nConnection: keep-alive\r\nLast-Modified: Mon, 26 Feb 2024 19:53:07 GMT\r\nExpires: Mon, 04 Mar 2024 19:53:06 GMT\r\nEtag: \"5b484693a49711f5f33f360e4cac669268881481\"\r\nCache-Control: max-age=352013,s-maxage=1800,public,no-transform,must-revalidate\r\nX-CCACDN-Proxy-ID: mcdpinlb5\r\nX-Frame-Options: SAMEORIGIN\r\nCF-Cache-Status: DYNAMIC\r\nServer: cloudflare\r\nCF-RAY: 85d2f24a2fa656c5-OSL\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":728,"size_decoded":728,"mime_type":"application/octet-stream","magic":"data","md5":"b44f429cc06084719babe10eb3310473","sha1":"5b484693a49711f5f33f360e4cac669268881481","sha256":"e2d97fd2a436d6d93c419b901270b18a8bb7605d95a4e9eed483df22edbbf89b","sha512":"e9cac0e41bd1a1722b7a0ff30ecbfbfe4b1ff040d4a382d832fead2a8f8e134cc0281bbc36d87ef9f1e40ecfbd1b4bdfcf9e3b52cd2982250b76924f6553a096","ssdeep":"","tlshash":"6a0199812c2e3c54d530efe217787406f484e2165063400f16f4e1dcc692bf23645d1c","first_seen":"2024-08-20T08:35:57.783939Z","last_seen":"2024-08-20T08:35:57.783939Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-02-29T18:24:54.407Z","timestamp":1709231094407,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 302 Moved Temporarily\r\nLocation: https://196.200.143.196/\r\nServer: BigIP\r\nConnection: Keep-Alive\r\nContent-Length: 0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-12T01:48:45.160697Z","times_seen":16340841,"resource_available":true,"data":null}},"time_used":514,"timings":{"blocked":209,"dns":0,"connect":67,"send":0,"wait":81,"receive":0,"ssl":152},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-02-29T18:24:54.407Z","timestamp":1709231094407,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Encoding: gzip\r\nLast-Modified: Wed, 07 Feb 2018 17:10:39 GMT\r\nAccept-Ranges: bytes\r\nETag: \"80d1aa9336a0d31:0\"\r\nVary: Accept-Encoding\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 29 Feb 2024 18:24:54 GMT\r\nContent-Length: 1164\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1164,"size_decoded":4065,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","md5":"267f632597e06226d3596391ff16eef1","sha1":"14fe3900e0338440d08c943939cffdd34d102752","sha256":"9c2f2627e33205410627dc2816f0b4c564bb1076a1df173eb3eb9c7f52e3ef3b","sha512":"fbb6b6df381b81d1b3d8340b229a6578f68da3e7619d20906d44bb65f8b13106b77de00eb92b9c420e21da6f7d97e3387f542430cfbb24688c59d530c88100ed","ssdeep":"","tlshash":"1d81ac698ac75003247292a5cf312b9bef924103c74781283bdd67936fba9d9c913ad9","first_seen":"2024-08-20T08:35:57.785829Z","last_seen":"2024-08-20T08:35:57.785829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":209,"dns":0,"connect":67,"send":0,"wait":81,"receive":0,"ssl":152},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/Scripts/jquery-3.0.0.min.js","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://196.200.143.196/","date":"2024-02-29T18:24:55.291Z","timestamp":1709231095291,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET /Scripts/jquery-3.0.0.min.js HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://196.200.143.196/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: application/javascript\r\nContent-Encoding: gzip\r\nLast-Modified: Mon, 25 Mar 2019 17:24:04 GMT\r\nAccept-Ranges: bytes\r\nETag: \"052438b2fe3d41:0\"\r\nVary: Accept-Encoding\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 29 Feb 2024 18:24:54 GMT\r\nContent-Length: 38610\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":38610,"size_decoded":86348,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (32034), with CRLF line terminators","md5":"11760f617c2dc2fed5c703b8614cc87b","sha1":"da00a8e03a6831156f8e36936b6c2fa8c6b78758","sha256":"397067f67ecd1ed0ca3c680f2f4f025977fdd5dfed8f9054d70c63cece18f238","sha512":"e6df8bbfb24fcc105a1abc7e1f46609546bb621009407c9a5a5386adab73c9c9a4e2ddad79c2a26b899fabf5afd08b5becde2715596658697cdc4265ef6910a6","ssdeep":"1536:E5hEyisTikEJqRdXXe2pP7lgoVMEXvdVhvLgSh4xzAdXtqTyZSusjiKx/w7Ug2xV:uQGvHhvLIzuXkTScl//MTDU8CuQ","tlshash":"1783d5d9b2c670529b7730b850bf450bb17a98dab44c8c60f1a8d5d57db8a8d807bf2c","first_seen":"2024-08-20T08:35:57.792243Z","last_seen":"2024-08-20T08:35:57.792243Z","times_seen":1,"resource_available":false,"data":null}},"time_used":547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":299,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/images/LogoMenAr.png","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://196.200.143.196/","date":"2024-02-29T18:24:55.296Z","timestamp":1709231095296,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET /images/LogoMenAr.png HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://196.200.143.196/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/png\r\nLast-Modified: Fri, 13 May 2022 08:54:18 GMT\r\nAccept-Ranges: bytes\r\nETag: \"955cde7a766d81:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 29 Feb 2024 18:24:55 GMT\r\nContent-Length: 21290\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21290,"size_decoded":21290,"mime_type":"image/png","magic":"PNG image data, 500 x 70, 8-bit/color RGBA, non-interlaced","md5":"88af6017ef13bc70022212a592c649ff","sha1":"90852e5305146fa70b940fb7d5971d87a32353a4","sha256":"dd0d4e604d63836c322cff871a92f705daa2467c1528595eae40e113d40740fb","sha512":"44e039dce74d9cad5052f07f8c99781e49cccda582ca13d85bd755cedaf188723bae57ce73576e13004ef73193f91657869b9c537c6156661d710de34291ee8c","ssdeep":"384:g5gT8bd2RCZOx93307eJO2yQPjzwtnrm+rkXSC9BklNX003yybs4nmH+S69ewy18:aM8BMNj3307AO9yUtnDrkDCl3a+S6swP","tlshash":"98a2d0463cce9e88d1c2784e5ba5ddb50273f21757744d7481a86cf83883a396e660e3","first_seen":"2024-08-20T08:35:57.793626Z","last_seen":"2024-08-20T08:35:57.793626Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1370,"timings":{"blocked":538,"dns":0,"connect":71,"send":0,"wait":218,"receive":69,"ssl":264},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/images/img_bienvenue.gif","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://196.200.143.196/","date":"2024-02-29T18:24:55.303Z","timestamp":1709231095303,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET /images/img_bienvenue.gif HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://196.200.143.196/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/gif\r\nLast-Modified: Mon, 25 Mar 2019 17:24:02 GMT\r\nAccept-Ranges: bytes\r\nETag: \"025128a2fe3d41:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 29 Feb 2024 18:24:55 GMT\r\nContent-Length: 33605\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33605,"size_decoded":33605,"mime_type":"image/gif","magic":"GIF image data, version 89a, 278 x 170","md5":"b8ca39467620c900ec1509e95d01a210","sha1":"f1660c9594b91ad1383acb7823fc5ebf1edab9ab","sha256":"e763f085f1bbb3c73ad2178f99215d756a84b38ed8e50fdc18521eaf6bd24d55","sha512":"e33206af94ba21db7d07a3a9316653920e629135c3ec36876377f7058bf600f07b360c5d8188b60d665150f28ec3f7e4d69fa97df1a1bde0f3b21641dc68a1e1","ssdeep":"768:G1swu3Fg7zIOqzYQbHpWM4p5Q0SjCvPZdgRxw76VPG3ExC/YUo8:G1sf3NYQLT4p5TSWvvgs76VPqExC/Yl8","tlshash":"d1e2e1057b52f5cb40b8b2dd893b827b14a32608e3acbd1fed64e91515abd0dfa205c6","first_seen":"2024-08-20T08:35:57.80013Z","last_seen":"2024-08-20T08:35:57.80013Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1417,"timings":{"blocked":532,"dns":0,"connect":75,"send":0,"wait":139,"receive":202,"ssl":286},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/images/eleves.jpg","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://196.200.143.196/","date":"2024-02-29T18:24:55.305Z","timestamp":1709231095305,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET /images/eleves.jpg HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://196.200.143.196/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/jpeg\r\nLast-Modified: Mon, 25 Mar 2019 17:24:02 GMT\r\nAccept-Ranges: bytes\r\nETag: \"025128a2fe3d41:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 29 Feb 2024 18:24:55 GMT\r\nContent-Length: 50323\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50323,"size_decoded":50323,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 488x292, components 3","md5":"e2eabb8fd75f53420ab6fe86a9bc2600","sha1":"ee664268f541626a01855b42d47eb4d1702f291f","sha256":"dee5554328da32a9755e0052016fe0bd4ac0e9344989e6592a6592b819370bb2","sha512":"393c1dfbac04aa29caa6ce098cb871c118b5fb1a12dc098e4791323c19084295d8b47aa846d3a651c60befdf8a8bb467882ed1e606a0936bad79a9ac84b6475f","ssdeep":"768:Iet7TmaMYA6WzvfG/RhaaNtOgT2xKYvEFqlQlr2eNwrwgZPiOQ3FYX9Tngjb3P8X:IetfmNvfARx8gtYleNlgMOQ1YOjbfBo","tlshash":"0733f245e812a6bd443d25f4b050deef76378186eeee8776b07471bbb7d32006a0862d","first_seen":"2024-08-20T08:35:57.801255Z","last_seen":"2024-08-20T08:35:57.801255Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1757,"timings":{"blocked":529,"dns":0,"connect":78,"send":0,"wait":83,"receive":598,"ssl":259},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/favicon.ico","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://196.200.143.196/","date":"2024-02-29T18:24:56.455Z","timestamp":1709231096455,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://196.200.143.196/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: text/html\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 29 Feb 2024 18:24:56 GMT\r\nContent-Length: 1245\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":1245,"size_decoded":1245,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"5343c1a8b203c162a3bf3870d9f50fd4","sha1":"04b5b886c20d88b57eea6d8ff882624a4ac1e51d","sha256":"dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f","sha512":"e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949","ssdeep":"","tlshash":"7b21422992983814f69384a061f277c23f078286e66f1b68a023b263e4c26e281d33c4","first_seen":"2023-03-09T23:36:42Z","last_seen":"2026-06-12T01:15:29.38846Z","times_seen":60318,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"196.200.143.196/images/bg_eleve.png","fqdn":"196.200.143.196","domain":"196.200.143.196","tld":"196"},"ip":{"addr":"196.200.143.196","port":443,"asn":30983,"as":"Moroccan Academic Network","country":"Morocco","country_code":"MA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://196.200.143.196/","date":"2024-02-29T18:24:56.087Z","timestamp":1709231096087,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.men.gov.ma","organization":"MINISTERE DE L EDUCATION ET DE LA FORMATION PROFESSIONNELLE"},"issuer":{"commonName":"GEANT OV RSA CA 4","organization":"GEANT Vereniging"},"validity":{"start":"Tue, 11 Apr 2023 00:00:00 GMT","end":"Wed, 10 Apr 2024 23:59:59 GMT"},"fingerprint":{"sha1":"40:FA:D2:52:DC:13:50:98:54:8E:E9:74:02:41:5B:5F:09:A0:0C:A8","sha256":"58:5C:90:78:89:12:E0:E4:86:D8:DC:B9:C7:E0:19:D9:89:A8:91:CA:07:DA:17:7D:CF:6F:03:F5:FC:CC:26:93"}}},"request":{"raw":"GET /images/bg_eleve.png HTTP/1.1\r\nHost: 196.200.143.196\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://196.200.143.196/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: image/png\r\nLast-Modified: Mon, 25 Mar 2019 17:24:02 GMT\r\nAccept-Ranges: bytes\r\nETag: \"025128a2fe3d41:0\"\r\nServer: Microsoft-IIS/10.0\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 29 Feb 2024 18:24:55 GMT\r\nContent-Length: 724101\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":724101,"size_decoded":724101,"mime_type":"image/png","magic":"PNG image data, 1280 x 750, 8-bit/color RGB, non-interlaced","md5":"a43f54f5ec68ec9cf22df13a2503d8cc","sha1":"07edf8f0585f04f28e2175ee239eddd668f5c3f1","sha256":"c0e96dcfcd0a1e245eeefb25db952f35413fa228da4069d7f09c9ca537fae0ae","sha512":"054aa63548697bd0d8bf14bdf13c8887e0c3367fb4b701b59e12c389a7fa9fe0b000aca4db39f38edc52eae44df7d788457d0870e46ea4e61bbcca74ce8067e6","ssdeep":"12288:GQap9kKtjbeLKYa2PDpvqkUnNGsZR98vhG52dHeo4EytpG4g5apO+sb0:GQ6kKtTj2rNqkUNHZj8ZG8d+o/Oc4gM","tlshash":"adf4339236b9a03c67c933510938e379ead078aff508c55199c8b39bd1f16663ca4372","first_seen":"2024-08-20T08:35:57.803106Z","last_seen":"2024-08-20T08:35:57.803106Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3387,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":211,"receive":3176,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-02-29","alert":"Sinkholed","trigger":"196.200.143.196","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}