class.malware.re - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2600:9000:2250:7000:1c:927f:2580:93a1, located in United States and belongs to . The main domain is class.malware.re.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 12th 2023. Valid for: a year.

This is the only time class.malware.re was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 1	2600:9000:225... 2600:9000:2250:de00:1c:927f:2580:93a1	() ()
5	2600:9000:225... 2600:9000:2250:7000:1c:927f:2580:93a1	() ()
6	2

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:de00:1c:927f:2580:93a1 (United States) 1 redirects

ASN- ()

class.malware.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2250:7000:1c:927f:2580:93a1 (United States)

ASN- ()

class.malware.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	malware.re 1 redirects class.malware.re	10 KB
1	t.co t.co — Cisco Umbrella Rank: 522	611 B
6	2

	Domain	Requested by
6	class.malware.re	1 redirects t.co class.malware.re
1	t.co
6	2

This site contains links to these domains. Also see Links.

Domain
github.com
eecs.ceas.uc.edu
ceas.uc.edu
www.uc.edu
www.youtube.com
class.snusbaum.com
securitykitten.github.io
malwareunicorn.org
www.csc.tntech.edu
contagiodump.blogspot.com
tuts4you.com
security.cs.rpi.edu
rpi.edu
www.malware-analyzer.com

Subject Issuer	Validity	Valid
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-11-14` - `2023-11-14`	a year	crt.sh
*.malware.re Amazon RSA 2048 M01	`2023-02-12` - `2024-03-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://class.malware.re/
Frame ID: 7683BCA8BC058D044996A58F53A1C935
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CS6038/CS5138 Malware Analysis, UC by ckane

Page URL History Show full URLs

https://t.co/FXJVbl2qqT Page URL
http://class.malware.re/ HTTP 301
https://class.malware.re/ Page URL

Page Statistics

6
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

10 kB
Transfer

20 kB
Size

1
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/ckane/CS7038-Malware-Analysis
Title: View on GitHub

Search URL Search Domain Scan URL

URL: https://eecs.ceas.uc.edu/
Title: Department of Electrical Engineering and Computing Systems

Search URL Search Domain Scan URL

URL: https://ceas.uc.edu/
Title: College of Engineering and Applied Science

Search URL Search Domain Scan URL

URL: https://www.uc.edu/
Title: University of Cincinnati

Search URL Search Domain Scan URL

URL: https://eecs.ceas.uc.edu/graduate/admissions-application
Title: Apply to Graduate School Here

Search URL Search Domain Scan URL

URL: https://github.com/ckane/CS7038-Malware-Analysis/issues/new
Title: Open an Issue in Github

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=vBGnQuD8uX0
Title: Malware Analysis on a Budget

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=aZIZarYeBDc&t=10s
Title: MalwareDNA

Search URL Search Domain Scan URL

URL: http://class.snusbaum.com/
Title: Scott Nusbaum taught this class in Spring 2019, here is his great curriculum

Search URL Search Domain Scan URL

URL: http://securitykitten.github.io/
Title: Adventures in Security (http://securitykitten.github.io/)

Search URL Search Domain Scan URL

URL: https://github.com/RPISEC/Malware
Title: RPISEC’s Malware Analysis Course

Search URL Search Domain Scan URL

URL: http://malwareunicorn.org/
Title: MalwareUnicorn (http://malwareunicorn.org/)

Search URL Search Domain Scan URL

URL: https://malwareunicorn.org/workshops/re101.html
Title: Malware Unicorn’s RE101

Search URL Search Domain Scan URL

URL: https://www.csc.tntech.edu/wicys/
Title: 2017 WiCyS Conference

Search URL Search Domain Scan URL

URL: https://malwareunicorn.org/workshops/re102.html
Title: Malware Unicorn’s RE102

Search URL Search Domain Scan URL

URL: http://contagiodump.blogspot.com/
Title: contagio malware dump (http://contagiodump.blogspot.com/)

Search URL Search Domain Scan URL

URL: https://tuts4you.com/download.php
Title: tuts4you (https://tuts4you.com/download.php)

Search URL Search Domain Scan URL

URL: http://security.cs.rpi.edu/courses/malware-spring2013/
Title: RPI Malware Analysis Course

Search URL Search Domain Scan URL

URL: http://rpi.edu/
Title: Rensselaer Polytechnic Institute

Search URL Search Domain Scan URL

URL: https://github.com/ytisf/theZoo
Title: theZoo

Search URL Search Domain Scan URL

URL: https://github.com/PaulSec/awesome-sec-talks
Title: Awesome Security Talks (github repository)

Search URL Search Domain Scan URL

URL: http://www.malware-analyzer.com/
Title: Malware Analyzer

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/FXJVbl2qqT Page URL
http://class.malware.re/ HTTP 301
https://class.malware.re/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 FXJVbl2qqT
t.co/ 262 B
611 B 182ms
126ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/FXJVbl2qqT

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 187
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Sat, 05 Aug 2023 17:57:55 GMT
expires: Sat, 05 Aug 2023 18:02:55 GMT
perf: 7626143928
referrer-policy: unsafe-url
server: tsa_f
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 06c7d1524c2b670e7773a3adc475f6b3230c2038612cc1900c197dfea1325ea3
x-response-time: 103
x-transaction-id: 1eb0c892ccd2c597
x-xss-protection: 0

GET
H2

200

Primary Request / Show response
class.malware.re/
Redirect Chain

http://class.malware.re/
https://class.malware.re/

13 KB
4 KB

30ms
7ms

Document
text/html

2600:9000:2250:7000:1c:927f:2580:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://class.malware.re/
Requested by: Host: t.co
URL: https://t.co/FXJVbl2qqT
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:7000:1c:927f:2580:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f0d2fe24512872c1908eea5114ef3e689e73c42bd6b9b2bc1587eb13e1eddea8

Request headers

Referer: https://t.co/FXJVbl2qqT
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 62259
content-encoding: gzip
content-type: text/html
date: Sat, 05 Aug 2023 00:40:18 GMT
etag: W/"37a9b550fa84dfacea267080982c1f9d"
last-modified: Tue, 21 Dec 2021 20:50:07 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
x-amz-cf-id: CgvnNU91LV6W9ET6ErQ1FvRGzUOwbl8znByK5ZfcZp9PElH3jjKgow==
x-amz-cf-pop: FRA60-P2
x-cache: Hit from cloudfront

Redirect headers

Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Sat, 05 Aug 2023 17:57:56 GMT
Location: https://class.malware.re/
Server: CloudFront
Via: 1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
X-Amz-Cf-Id: SogZYBNI4mnF3K_qmg6DGl0lEzE4nECLEhSdnm82I_YyI7qKGKeLRw==
X-Amz-Cf-Pop: FRA60-P2
X-Cache: Redirect from cloudfront

GET
H2 200 style.css
class.malware.re/assets/css/ 5 KB
2 KB 8ms
7ms Stylesheet
text/css 2600:9000:2250:7000:1c:927f:2580:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://class.malware.re/assets/css/style.css?v=f311e5e74435c2f258715e9023cad9f29da8de09
Requested by: Host: class.malware.re
URL: https://class.malware.re/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:7000:1c:927f:2580:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f3b4cb18c3a9a220cf96c66a3221dd4273a4c09d66e7d7d6d1df9f03251d95ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://class.malware.re/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 13:10:22 GMT
content-encoding: gzip
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Tue, 21 Dec 2021 20:50:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 22782
etag: W/"3968c5299a92d6512af55e2550c4459b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: -3eUjj1-K3yz58JgrZAHjL85psy2a6zX4WwsC-DxIimYJw1qmrzs3A==

GET
H2 200 bkg.png
class.malware.re/assets/images/ 1 KB
2 KB 8ms
7ms Image
image/png 2600:9000:2250:7000:1c:927f:2580:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://class.malware.re/assets/images/bkg.png
Requested by: Host: class.malware.re
URL: https://class.malware.re/assets/css/style.css?v=f311e5e74435c2f258715e9023cad9f29da8de09
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:7000:1c:927f:2580:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 14a8e47232ebb00c166626359bf4c619ebd273300fce4046afdd55c90ba55c23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://class.malware.re/assets/css/style.css?v=f311e5e74435c2f258715e9023cad9f29da8de09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 11:43:29 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Tue, 17 Aug 2021 21:50:11 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 22781
etag: "360842dce3f69f728aa77ae005424fe8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 1218
x-amz-cf-id: k9y0cdSU5hJRRx-crg8ZOQKnmT7gVqmsqRRdbKEyCmAGNLKKO1ySyA==

GET
H2 200 blacktocat.png
class.malware.re/assets/images/ 268 B
611 B 8ms
7ms Image
image/png 2600:9000:2250:7000:1c:927f:2580:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://class.malware.re/assets/images/blacktocat.png
Requested by: Host: class.malware.re
URL: https://class.malware.re/assets/css/style.css?v=f311e5e74435c2f258715e9023cad9f29da8de09
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:7000:1c:927f:2580:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bc7ee2aa402ed7fee29e7309da565399c223321056676f10938ddcda4e1902bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://class.malware.re/assets/css/style.css?v=f311e5e74435c2f258715e9023cad9f29da8de09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 19:37:31 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Tue, 17 Aug 2021 21:50:11 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 80426
etag: "63f291a3168cc5e02daaa6156756b122"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 268
x-amz-cf-id: 9X7I-sP3heOWCTykXsqI_-J_IQFSJNuSG8642jkwkKBv-G3KG05NfA==

GET
H2 200 bullet.png
class.malware.re/assets/images/ 603 B
947 B 8ms
8ms Image
image/png 2600:9000:2250:7000:1c:927f:2580:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://class.malware.re/assets/images/bullet.png
Requested by: Host: class.malware.re
URL: https://class.malware.re/assets/css/style.css?v=f311e5e74435c2f258715e9023cad9f29da8de09
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:7000:1c:927f:2580:93a1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 09d9bd0781b2937f7fa3119cea2702dc4570e7f8c92a9d53d5de7e49f4de9c5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://class.malware.re/assets/css/style.css?v=f311e5e74435c2f258715e9023cad9f29da8de09
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 11:43:30 GMT
via: 1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
last-modified: Tue, 17 Aug 2021 21:50:11 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 22467
etag: "03ac3148397e2db4a517b649dda1473b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 603
x-amz-cf-id: TLYCkWh_-qCYftVrXzXe9lrVnagR16S7nWMjRElYfr4AMRuSqMdF9A==

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.t.co/	1970-01-20 23:17:52	Name: muc Value: 173270db-3bea-43f5-bed0-f38aedcb164f

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://t.co/FXJVbl2qqT Message: Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

class.malware.re
t.co
104.244.42.133
2600:9000:2250:7000:1c:927f:2580:93a1
2600:9000:2250:de00:1c:927f:2580:93a1
09d9bd0781b2937f7fa3119cea2702dc4570e7f8c92a9d53d5de7e49f4de9c5a
14a8e47232ebb00c166626359bf4c619ebd273300fce4046afdd55c90ba55c23
bc7ee2aa402ed7fee29e7309da565399c223321056676f10938ddcda4e1902bb
f0d2fe24512872c1908eea5114ef3e689e73c42bd6b9b2bc1587eb13e1eddea8
f3b4cb18c3a9a220cf96c66a3221dd4273a4c09d66e7d7d6d1df9f03251d95ab

class.malware.re Open in urlscan Pro 2600:9000:2250:7000:1c:927f:2580:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

67 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

10 kBTransfer

20 kBSize

1 Cookies

22 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

class.malware.re Open in urlscan Pro
2600:9000:2250:7000:1c:927f:2580:93a1 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

10 kB
Transfer

20 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions