Thank you for that additional info, very interesting indeed.
Shodan.io and Censys.io for that matter are among your best friends online.
I have a personal Censys account and the data, they sit on, are often quite revealing.
For quite other security background info use https://intelx.io/
Peter Kleissner’s specific info search engine, quite remarkable to say the least.
This security expert educated me on sinkholing, a couple of years ago,
while seeking ways to automate the process, which was hard to do.
Combine with the findings of a Dazzlepod IP scan and you know so much more,
what is behind an address or service there.
You can use these results according to these site’s policies,
but are never allowed to use such retrieved info against a(ny) particular website.
That is a big no-no against the Confidentiality Integrity Awareness regulations.
This is whenever you operate in the field of website security.
Then see: https://urlscan.io/ also a source not to be missed in website security analysis and website error-hunting
malicious word documents, which avast detects: https://www.virustotal.com/gui/file/14445473a8b471e550c9e36677223a3d0ffb017647dc8d7a01ae88efd1b993ac/detection
Payload from the fake .doc (downloader) is Emotet banking trojan