Overview

URL marklangenbahn.de/LYQX9284861979HOXR/23-Oct-17-76799617/YVCV-ERJH/2017/
IP81.169.145.163
ASNAS6724 STRATO AG
Location Germany
Report completed2017-11-30 14:06:23 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-11-30 14:12:29 CET 1  81.169.145.163 Client IP ET POLICY Office Document Download Containing AutoOpen Macro
2017-11-30 14:12:29 CET 2  81.169.145.163 Client IP ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-11-30 2 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-17-76799617/YVCV-ERJH/2017/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 81.169.145.163

Date UQ / IDS / BL URL IP
2018-07-14 07:45:01 +0200
0 - 1 - 0 mystiko.de/75yh4/8g4gffr.exe 81.169.145.163
2018-07-14 05:15:12 +0200
0 - 0 - 4 parenclub-devilsenangels.nl/08yhrf3 81.169.145.163
2018-07-04 06:05:13 +0200
0 - 0 - 1 netsuport.eu/ 81.169.145.163
2018-07-02 18:59:32 +0200
0 - 1 - 1 ikenna-amaechi.com/IkennasPress/GayBarcelona. (...) 81.169.145.163
2018-07-02 12:44:16 +0200
0 - 1 - 0 www.pangaea-verlag.de/drogiure/claorirtr.php? (...) 81.169.145.163
2018-07-02 00:14:06 +0200
0 - 0 - 5 vonlany.de/inv/dd-15997960223/ 81.169.145.163
2018-06-27 07:32:22 +0200
0 - 0 - 5 tobiaswuehr.de/WIRE-FORM/RRD-139857754091922 81.169.145.163
2018-06-13 15:07:02 +0200
0 - 0 - 5 stoertebeker-sylt.de/ 81.169.145.163
2018-06-13 14:59:39 +0200
0 - 0 - 5 stoertebeker-sylt.de/rechnung-04-Juni/ 81.169.145.163
2018-06-11 18:26:53 +0200
0 - 0 - 1 waeschemeister.org/fv/margaret@prolineemb.com 81.169.145.163

Last 10 reports on ASN: AS6724 STRATO AG

Date UQ / IDS / BL URL IP
2018-07-19 08:28:49 +0200
0 - 1 - 0 einstein-franchise.com/ 81.169.217.187
2018-07-19 08:27:46 +0200
0 - 0 - 16 sommerfeld-limousinen.de/ 85.214.51.232
2018-07-19 08:22:37 +0200
0 - 0 - 17 sommerfeldtransporte.de/ 85.214.51.232
2018-07-19 04:01:42 +0200
0 - 1 - 0 getraenke-gieselmann.de/ 85.214.76.165
2018-07-19 03:03:22 +0200
0 - 1 - 0 soporte1.inforey.com/ 81.169.133.237
2018-07-18 21:11:05 +0200
0 - 1 - 0 toplist.hamburg-funk.eu/ 85.214.55.125
2018-07-18 20:48:45 +0200
0 - 0 - 1 tana.holamundo.me/ 81.169.130.147
2018-07-18 17:19:44 +0200
0 - 0 - 4 heigermoser.de/ 81.169.184.253
2018-07-18 17:14:58 +0200
0 - 0 - 1 hartwig-mau.de/ 81.169.168.153
2018-07-18 14:52:48 +0200
0 - 0 - 1 teufelsmauer.eu/ 81.169.171.14

Last 10 reports on domain: marklangenbahn.de

Date UQ / IDS / BL URL IP
2017-12-28 02:02:10 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-27 21:49:17 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-26 23:30:05 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-26 17:48:12 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-25 08:49:16 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-24 21:50:37 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-22 20:48:56 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-22 16:48:37 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-21 07:40:49 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-21 00:51:27 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /LYQX9284861979HOXR/23-Oct-17-76799617/YVCV-ERJH/2017/ HTTP/1.1 
Host: marklangenbahn.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         81.169.145.163
HTTP/1.1 200 OK
Content-Type: application/msword
                                        
Date: Thu, 30 Nov 2017 13:12:25 GMT
Server: Apache/2.2.31 (Unix)
X-Powered-By: PHP/5.3.29
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Disposition: attachment; filename="222KVHB - 83QJBY.doc"
Content-Transfer-Encoding: binary
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: zAhmlkmq, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Oct 23 06:44:00 2017, Last Saved Time/Date: Mon Oct 23 06:44:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
Size:   83456
Md5:    2f620cf951271e61ea0c92ef0a6cff28
Sha1:   db4097543d9b6cd5d0821153dcded9e8cb6dfa80
Sha256: 97941c64cbac80731eee67cbe86bbc8efda12309391091b91cb483b77332010e

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET POLICY Office Document Download Containing AutoOpen Macro
    - ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide)