{"report_id":"bb53e981-a356-4503-9263-12f11adfaf23","version":6,"status":"done","tags":[],"date":"2025-11-30T15:08:40Z","url":{"schema":"http","addr":"www.ancientlocations.net/Export/KeyholeMarkup.aspx","fqdn":"www.ancientlocations.net","domain":"ancientlocations.net","tld":"net"},"ip":{"addr":"217.160.0.139","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing","dom":{"size":3632,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"884c8edb778dd55ef9d60d4a0ba8924a","sha1":"5140c39637f4c8cd953a2d4978cb95d3dc629311","sha256":"362a8b59fbbd71576a576d9e852b9384fe83c23a8daac2ab79d4b3304a0880ff","sha512":"846454abbe152ec5afc62294b2fd7c82834e6e79bb5ffc40ec905b2b1c5cc413ecfe0e22c7ef03b7c4cd1030d654b07ec83277e2ea3a67bb1f39efa3090c4e82","ssdeep":"","tlshash":"8c7156a514f0552714a383a5dd81bb1b9f827a07cf8c6a403b9f00f22f97d58886f20d","dom_hash":"domhash03f850468cad29251ed949292c202f85","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.ancientlocations.net/Export/KeyholeMarkup.aspx","fqdn":"www.ancientlocations.net","domain":"ancientlocations.net","tld":"net"},"ip":{"addr":"217.160.0.139","port":0,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-04T15:08:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-30T15:08:18Z","timestamp":1764515298,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.49","port":34274,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-11-30T15:08:18.419809+0000\",\"flow_id\":1504824958011334,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.49\",\"src_port\":34274,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"grupchatbkpjoin.duckdns.org\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":474,\"bytes_toclient\":116,\"start\":\"2025-11-30T15:04:50.018374+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-30T15:08:25Z","timestamp":1764515305,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.49","port":34356,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-11-30T15:08:25.041049+0000\",\"flow_id\":664506016677717,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.49\",\"src_port\":34356,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"grupchatbkpjoin.duckdns.org\",\"url\":\"/login.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":603,\"bytes_toclient\":116,\"start\":\"2025-11-30T15:04:51.671573+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-30T15:08:32Z","timestamp":1764515312,"ip_dst":{"addr":"192.169.69.26","port":80,"asn":27323,"as":"SERVERSTADIUM","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.49","port":34282,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain","source":"{\"timestamp\":\"2025-11-30T15:08:32.411719+0000\",\"flow_id\":1231486796829539,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.49\",\"src_port\":34282,\"dest_ip\":\"192.169.69.26\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2042937,\"rev\":2,\"signature\":\"ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_12_15\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1568\"],\"mitre_technique_name\":[\"Dynamic_Resolution\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_03_02\"]}},\"http\":{\"hostname\":\"grupchatbkpjoin.duckdns.org\",\"url\":\"/login.php\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":603,\"bytes_toclient\":116,\"start\":\"2025-11-30T15:04:50.201571+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.ancientlocations.net","ip":{"addr":"217.160.0.139","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"domain_registered":"2008-06-21","domain_rank":0,"first_seen":"2025-11-30T15:08:40.924657Z","last_seen":"2025-11-30T15:08:40.924658Z","alert_count":0,"request_count":1,"received_data":357458,"sent_data":518,"comment":"","tags":null,"fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"e3009122b5d93a61877570eb4d04a9ec","sha1":"139dbdc378fe83af4e3e83c6cc0cad3f2123fc85","sha256":"23273a72acff9ff7810899c2219371ae4100e9c5dc7d89fb6bf5a417a4b95b33","sha512":"395efe6983e8c8dd90fe37b76faedbf82d5d1ffc3e2cca66fe6efbd21c0026e84b714c0a7881fb31f88129954cec4f2ecf24c24a74c91c29323d5f90332bb117","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":357051,"url":{"schema":"https","addr":"www.ancientlocations.net/Export/KeyholeMarkup.aspx","fqdn":"www.ancientlocations.net","domain":"ancientlocations.net","tld":"net"},"ip":{"addr":"217.160.0.139","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"archive":[{"path":"doc.kml","filename":"doc.kml","modified":"2025-11-30T16:08:16Z","Modified":"","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1089), with CRLF line terminators","size":6232118,"md5":"0cd6a6417ffc61a9653634fbdb20707b","sha1":"ff53e9172445b256d9c6c24d20e41a08deac0a4b","sha256":"d19710bd363cb41ed87269aa260ab62ee69b0bd82076016131bff35895817c8f","sha512":"61e7ebee032666fde86cfaf441fd6309e9b5d87771099fabf83afad544328f9245ca16e9202b0bd4d580c99a091f5c19105af7f4f383ce1e9ed4241ae27569a4","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.ancientlocations.net/Export/KeyholeMarkup.aspx","fqdn":"www.ancientlocations.net","domain":"ancientlocations.net","tld":"net"},"ip":{"addr":"217.160.0.139","port":443,"asn":8560,"as":"IONOS SE","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-30T15:08:16.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.ancientlocations.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 03 Nov 2025 00:00:00 GMT","end":"Tue, 17 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:A0:14:6A:CA:05:42:26:25:06:9F:1E:BF:29:48:18:05:69:CD:C9","sha256":"9E:F7:56:79:2F:A7:3F:CC:19:E6:32:35:CD:88:46:B0:97:5A:AE:03:28:FE:E5:21:50:95:AC:6D:19:85:91:A5"}}},"request":{"raw":"GET /Export/KeyholeMarkup.aspx HTTP/1.1\r\nHost: www.ancientlocations.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/vnd.google-earth.kmz\r\ncontent-length: 357051\r\nx-ws-ratelimit-limit: 1000\r\nx-ws-ratelimit-remaining: 999\r\ncache-control: no-cache\r\npragma: no-cache\r\nexpires: -1\r\nserver: Microsoft-IIS/10.0\r\ncontent-disposition: attachment; filename=\"AncientLocations.kmz\"\r\nx-aspnet-version: 4.0.30319\r\nx-powered-by: ASP.NET\r\ndate: Sun, 30 Nov 2025 15:08:16 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":357051,"size_decoded":0,"mime_type":"application/vnd.google-earth.kmz","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"e3009122b5d93a61877570eb4d04a9ec","sha1":"139dbdc378fe83af4e3e83c6cc0cad3f2123fc85","sha256":"23273a72acff9ff7810899c2219371ae4100e9c5dc7d89fb6bf5a417a4b95b33","sha512":"395efe6983e8c8dd90fe37b76faedbf82d5d1ffc3e2cca66fe6efbd21c0026e84b714c0a7881fb31f88129954cec4f2ecf24c24a74c91c29323d5f90332bb117","ssdeep":"6144:0m+RTcdrB+wZfaaCyZ29tI+6EOYggYQkKMheeEbz9ZeBVWbxd/lmGShMUeRqQ1:VG4FB+6aaCXXI+rVYfhh1az9ZeBktd/l","tlshash":"d07423fe3ef60fd9b9b1444215a587f0babe1e83c4e986d79e22248305df2014bde195","first_seen":"2025-11-30T15:08:43.844447Z","last_seen":"2025-11-30T15:08:43.844447Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1687,"timings":{"blocked":424,"dns":84,"connect":34,"send":0,"wait":686,"receive":152,"ssl":305},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}