Overview

URL marklangenbahn.de/LYQX9284861979HOXR/23-Oct-17-76799617/YVCV-ERJH/2017/
IP81.169.145.163
ASNAS6724 STRATO AG
Location Germany
Report completed2017-11-30 14:06:23 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-11-30 14:12:29 CET 1  81.169.145.163 Client IP ET POLICY Office Document Download Containing AutoOpen Macro
2017-11-30 14:12:29 CET 2  81.169.145.163 Client IP ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-11-30 2 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-17-76799617/YVCV-ERJH/2017/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 81.169.145.163

Date UQ / IDS / BL URL IP
2017-12-16 06:00:19 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-15 18:41:50 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-15 12:36:10 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-13 13:40:11 +0100
0 - 1 - 0 www.automobile-timmer.de/ 81.169.145.163
2017-12-13 11:59:20 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-11 10:03:16 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-11 00:48:57 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-09 10:15:11 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-09 02:00:47 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-08 06:49:39 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163

Last 10 reports on ASN: AS6724 STRATO AG

Date UQ / IDS / BL URL IP
2017-12-16 08:10:44 +0100
0 - 1 - 0 soporte1.inforey.com/ 81.169.133.237
2017-12-16 08:10:10 +0100
0 - 2 - 0 getraenke-gieselmann.de/ 85.214.76.165
2017-12-16 08:04:48 +0100
0 - 1 - 0 soporte2.inforey.com/ 81.169.133.237
2017-12-16 07:46:36 +0100
0 - 0 - 2 avancesactivos.com/ 85.214.52.36
2017-12-16 07:29:00 +0100
0 - 1 - 0 hankey.nl/ 85.214.112.47
2017-12-16 06:54:38 +0100
0 - 1 - 0 xn--riethmller-heizung-r6b.de/ 85.214.57.5
2017-12-16 06:39:18 +0100
0 - 0 - 1 bjh.de 81.169.145.86
2017-12-16 06:27:26 +0100
0 - 0 - 37 houssamico.com/ 81.169.253.223
2017-12-16 06:23:45 +0100
0 - 1 - 0 dallwig-automobilberatung.de/ 81.169.235.131
2017-12-16 06:05:42 +0100
0 - 0 - 1 www.manxero.com/!@ 81.169.145.86

Last 10 reports on domain: marklangenbahn.de

Date UQ / IDS / BL URL IP
2017-12-16 06:00:19 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-15 18:41:50 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-15 12:36:10 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-13 11:59:20 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-11 10:03:16 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-11 00:48:57 +0100
0 - 2 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-09 10:15:11 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-09 02:00:47 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-08 06:49:39 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163
2017-12-05 03:52:41 +0100
0 - 0 - 1 marklangenbahn.de/LYQX9284861979HOXR/23-Oct-1 (...) 81.169.145.163


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /LYQX9284861979HOXR/23-Oct-17-76799617/YVCV-ERJH/2017/ HTTP/1.1 
Host: marklangenbahn.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         81.169.145.163
HTTP/1.1 200 OK
Content-Type: application/msword
                                        
Date: Thu, 30 Nov 2017 13:12:25 GMT
Server: Apache/2.2.31 (Unix)
X-Powered-By: PHP/5.3.29
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Content-Disposition: attachment; filename="222KVHB - 83QJBY.doc"
Content-Transfer-Encoding: binary
Keep-Alive: timeout=3, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: zAhmlkmq, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Oct 23 06:44:00 2017, Last Saved Time/Date: Mon Oct 23 06:44:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0
Size:   83456
Md5:    2f620cf951271e61ea0c92ef0a6cff28
Sha1:   db4097543d9b6cd5d0821153dcded9e8cb6dfa80
Sha256: 97941c64cbac80731eee67cbe86bbc8efda12309391091b91cb483b77332010e

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET POLICY Office Document Download Containing AutoOpen Macro
    - ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide)