{"report_id":"88da09a5-a6e3-40bb-9d3f-af540fadb5a9","version":6,"status":"done","tags":[],"date":"2025-11-08T22:42:16Z","url":{"schema":"http","addr":"formation.cmconsulting-group.net/","fqdn":"formation.cmconsulting-group.net","domain":"cmconsulting-group.net","tld":"net"},"ip":{"addr":"46.105.204.27","port":0,"asn":16276,"as":"OVH SAS","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"formation.cmconsulting-group.net/","fqdn":"formation.cmconsulting-group.net","domain":"cmconsulting-group.net","tld":"net"},"title":"Shiftin","dom":{"size":208,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"c2815db785f2ea9dcec8c57543b23d81","sha1":"f734e07a31ed201d7157833d155c07e2d3823002","sha256":"e9192d73fd4c8400109a1cf9a2e3e1f22e3c08224085c7ae3872088df5fa16f5","sha512":"b91b371f5a4dac479765aef7fedfdb08cc7a72bb4888b452282c4800a63a7344dfeb53cb765eb4f90e660a0f30c7679eca177195f56f75ce7d677426a6b5b340","ssdeep":"","tlshash":"c8d0224750f208080075c2200cd2fb482ce8582a43a74c807ec661be9e9e242c0e308c","dom_hash":"domhash16e1ff26cb195494e81dc562dbbc8ea9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"formation.cmconsulting-group.net/","fqdn":"formation.cmconsulting-group.net","domain":"cmconsulting-group.net","tld":"net"},"ip":{"addr":"46.105.204.27","port":0,"asn":16276,"as":"OVH SAS","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-13T22:42:16Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-08","alert":"Sinkholed","trigger":"formation.cmconsulting-group.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"formation.cmconsulting-group.net","ip":{"addr":"46.105.204.27","port":443,"asn":16276,"as":"OVH SAS","country":"United Kingdom","country_code":"GB"},"domain_registered":"2023-02-06","domain_rank":0,"first_seen":"2025-11-08T22:42:16.337732Z","last_seen":"2025-11-08T22:42:16.337732Z","alert_count":2,"request_count":2,"received_data":906,"sent_data":972,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"formation.cmconsulting-group.net/","fqdn":"formation.cmconsulting-group.net","domain":"cmconsulting-group.net","tld":"net"},"ip":{"addr":"46.105.204.27","port":443,"asn":16276,"as":"OVH SAS","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-08T22:41:54.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cmconsulting-group.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 02:11:20 GMT","end":"Fri, 26 Dec 2025 02:11:19 GMT"},"fingerprint":{"sha1":"3F:02:17:FB:03:80:A0:15:4D:FA:95:55:90:16:C5:51:33:DC:95:7F","sha256":"92:C8:26:57:CA:1A:20:5A:2A:8E:0D:47:2D:BD:63:D5:E0:E9:D3:1E:EF:4F:39:D2:C5:A2:10:05:B5:13:AE:99"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: formation.cmconsulting-group.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 08 Nov 2025 22:41:54 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-powered-by: PHP/7.4\r\ncontent-encoding: br\r\nage: 0\r\nx-cdn-cache: MISS\r\nx-cdn-request-id: 433527916\r\nx-cdn-pop: rbx\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":235,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"2485cd1b0cf1cbf1b136b60b3019f7fb","sha1":"3930bc22954714b57787306d3b82ecd30cf5f8f7","sha256":"6e4487e2d91f429fd1a07ad14685c540ee95ffe4671f102772cfcb542f70beef","sha512":"55d3485eef0bf162ee6b80d4d34d04060f3722cccbddafda7e959954d4c747c0350e4441e04e4acdf1e0b56c0d88f79fa1b62db91c01d57b999576419d25d99e","ssdeep":"","tlshash":"1fd0a9a720c51c0800b592384cd2f3a8ade629aa23931a4079c9713b6fba601c9e3288","first_seen":"2025-11-08T22:42:17.73002Z","last_seen":"2025-11-08T22:42:17.73002Z","times_seen":1,"resource_available":false,"data":null}},"time_used":181,"timings":{"blocked":77,"dns":14,"connect":22,"send":0,"wait":27,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-08","alert":"Sinkholed","trigger":"formation.cmconsulting-group.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"formation.cmconsulting-group.net/favicon.ico","fqdn":"formation.cmconsulting-group.net","domain":"cmconsulting-group.net","tld":"net"},"ip":{"addr":"46.105.204.27","port":443,"asn":16276,"as":"OVH SAS","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://formation.cmconsulting-group.net/","date":"2025-11-08T22:41:54.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cmconsulting-group.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 02:11:20 GMT","end":"Fri, 26 Dec 2025 02:11:19 GMT"},"fingerprint":{"sha1":"3F:02:17:FB:03:80:A0:15:4D:FA:95:55:90:16:C5:51:33:DC:95:7F","sha256":"92:C8:26:57:CA:1A:20:5A:2A:8E:0D:47:2D:BD:63:D5:E0:E9:D3:1E:EF:4F:39:D2:C5:A2:10:05:B5:13:AE:99"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: formation.cmconsulting-group.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://formation.cmconsulting-group.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Sat, 08 Nov 2025 22:41:54 GMT\r\ncontent-type: text/html; charset=iso-8859-1\r\ncontent-encoding: gzip\r\nage: 0\r\nx-cdn-cache: MISS\r\nx-cdn-request-id: 433527917\r\nx-cdn-pop: rbx\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":196,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"62962daa1b19bbcc2db10b7bfd531ea6","sha1":"d64bae91091eda6a7532ebec06aa70893b79e1f8","sha256":"80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880","sha512":"9002a0475fdb38541e78048709006926655c726e93e823b84e2dbf5b53fd539a5342e7266447d23db0e5528e27a19961b115b180c94f2272ff124c7e5c8304e7","ssdeep":"","tlshash":"c0d0129e9183638b442225907ac211d2654d13a6b87645e82d82a48a951857dc5ca69d","first_seen":"2023-03-07T12:06:54Z","last_seen":"2026-04-04T16:42:53.160546Z","times_seen":90081,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-08","alert":"Sinkholed","trigger":"formation.cmconsulting-group.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}