Submitted URL: http://office.soft991.cn/soft_link_m.php?m=drawio&show=
Effective URL: http://stossbackup.libooc.com/installHelper/softlink/c6_drawio.exe?response-content-disposition=attachment%3Bfilename%3Dc6_dra...
Submission: On February 06 via api from US — Scanned from US

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 61.170.79.238, located in China and belongs to CHINANET-SH-AP China Telecom Group, CN. The main domain is stossbackup.libooc.com.
This is the only time stossbackup.libooc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

MIME: PE32 executable (GUI) Intel 80386, for MS Windows
Size: 4 MB (4377336 bytes, 100% done)
Downloaded from: http://stossbackup.libooc.com/installHelper/softlink/c6_drawio.exe?response-content-disposition=attachment%3Bfilename%3Dc6_drawio@422126524@.exe&OSSAccessKeyId=LTAI5tJMYQcPCjxQMn9iQHDv&Expires=1707195186&Signature=fcEYTPdP1Ye2ghDIdtolmHUUUmI%3D

Domain & IP information

IP Address AS Autonomous System
1 1 58.218.215.163 4134 (CHINANET-...)
1 61.170.79.238 4812 (CHINANET-...)
1 1
Apex Domain
Subdomains
Transfer
1 libooc.com
stossbackup.libooc.com
1 soft991.cn
office.soft991.cn
1 KB
1 2
Domain Requested by
1 stossbackup.libooc.com
1 office.soft991.cn 1 redirects
1 2

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://stossbackup.libooc.com/installHelper/softlink/c6_drawio.exe?response-content-disposition=attachment%3Bfilename%3Dc6_drawio@422126524@.exe&OSSAccessKeyId=LTAI5tJMYQcPCjxQMn9iQHDv&Expires=1707195186&Signature=fcEYTPdP1Ye2ghDIdtolmHUUUmI%3D
Frame ID: 5DC0BD71E606929C6E56B052DAA497D4
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

0 kB
Transfer

0 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.


Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request c6_drawio.exe
stossbackup.libooc.com/installHelper/softlink/
Redirect Chain
  • http://office.soft991.cn/soft_link_m.php?m=drawio&show=
  • http://stossbackup.libooc.com/installHelper/softlink/c6_drawio.exe?response-content-disposition=attachment%3Bfilename%3Dc6_drawio@422126524@.exe&OSSAccessKeyId=LTAI5tJMYQcPCjxQMn9iQHDv&Expires=1707...
0
0
Document
General
Full URL
http://stossbackup.libooc.com/installHelper/softlink/c6_drawio.exe?response-content-disposition=attachment%3Bfilename%3Dc6_drawio@422126524@.exe&OSSAccessKeyId=LTAI5tJMYQcPCjxQMn9iQHDv&Expires=1707195186&Signature=fcEYTPdP1Ye2ghDIdtolmHUUUmI%3D
Protocol
HTTP/1.1
Server
61.170.79.238 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS
238.79.170.61.broad.xw.sh.dynamic.163data.com.cn
Software
Tengine /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Ali-Swift-Global-Savetime
1707195070
Connection
keep-alive
Content-Disposition
attachment;filename=c6_drawio@422126524@.exe
Content-Length
4377336
Content-MD5
awWjYJJTXCIXRDm6fP1CTQ==
Content-Type
application/octet-stream
Date
Tue, 06 Feb 2024 04:51:10 GMT
ETag
"6B05A36092535C22174439BA7CFD424D"
EagleId
3daa4f2e17071950706454001e
Last-Modified
Fri, 26 Jan 2024 01:22:38 GMT
Server
Tengine
Timing-Allow-Origin
*
Via
cache44.l2cn3142[148,148,200-0,M], cache41.l2cn3142[149,0], ens-cache29.cn6011[203,203,200-0,M], ens-cache26.cn6011[217,0]
X-Cache
MISS TCP_MISS dirn:-2:-2
X-Swift-CacheTime
3600
X-Swift-SaveTime
Tue, 06 Feb 2024 04:51:10 GMT
x-oss-cdn-auth
success
x-oss-object-type
Symlink
x-oss-request-id
65C1BABE0ACE0538333912DB
x-oss-server-time
76
x-oss-storage-class
Standard

Redirect headers

Ali-Swift-Global-Savetime
1707195066
Cache-control
private
Connection
keep-alive
Content-Encoding
gzip
Content-Length
20
Content-Type
text/html; charset=utf-8
Date
Tue, 06 Feb 2024 04:51:06 GMT
EagleId
3adad01917071950664848645e
Server
Tengine
Timing-Allow-Origin
*
Vary
Accept-Encoding
Via
cache47.l2cn3142[122,122,302-0,M], cache19.l2cn3142[123,0], kunlun10.cn192[206,206,302-0,M], kunlun5.cn192[208,0]
X-Cache
MISS TCP_MISS dirn:-2:-2
X-Powered-By
PHP/7.1.23
X-Swift-CacheTime
0
X-Swift-SaveTime
Tue, 06 Feb 2024 04:51:06 GMT
location
http://stossbackup.libooc.com/installHelper/softlink/c6_drawio.exe?response-content-disposition=attachment%3Bfilename%3Dc6_drawio@422126524@.exe&OSSAccessKeyId=LTAI5tJMYQcPCjxQMn9iQHDv&Expires=1707195186&Signature=fcEYTPdP1Ye2ghDIdtolmHUUUmI%3D

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Domain/Path Name / Value
office.soft991.cn/ Name: acw_tc
Value: 3adad01917071950664848645eb65238f1ea3b6883d8ef5dcb7a06a357
office.soft991.cn/ Name: cdn_sec_tc
Value: 3adad01917071950664848645eb65238f1ea3b6883d8ef5dcb7a06a357
office.soft991.cn/ Name: real_ipd
Value: 38.132.118.68
office.soft991.cn/ Name: ECS_ID
Value: 4d077488ee91f724baee6db84742bd1159bccd22
office.soft991.cn/ Name: ECS[visit_times]
Value: 1
stossbackup.libooc.com/ Name: acw_tc
Value: 3daa4f2e17071950706454001e491b542d5d9b6da37f895f7926ad10a4
stossbackup.libooc.com/ Name: cdn_sec_tc
Value: 3daa4f2e17071950706454001e491b542d5d9b6da37f895f7926ad10a4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

office.soft991.cn
stossbackup.libooc.com
58.218.215.163
61.170.79.238