sci-hub.cc Open in urlscan Pro
2400:cb00:2048:1::6812:3b3f Malicious Activity! Public Scan

URL:
http://sci-hub.cc/
Submission: On October 27 via manual (October 27th 2017, 5:15:58 pm UTC) from NL

Summary HTTP 46 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 16 domains to perform 46 HTTP transactions. The main IP is 2400:cb00:2048:1::6812:3b3f, located in United States and belongs to CLOUDFLARENET - CloudFlare, Inc., US. The main domain is sci-hub.cc.

This is the only time sci-hub.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sci-Hub (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
19	2400:cb00:204... 2400:cb00:2048:1::6812:3b3f	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
2	198.232.125.113 198.232.125.113	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 2	95.213.4.234 95.213.4.234	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
1 5	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
2	31.131.252.91 31.131.252.91	49505 (SELECTEL) (SELECTEL)
3	31.131.252.90 31.131.252.90	49505 (SELECTEL) (SELECTEL)
1 2	88.212.201.194 88.212.201.194	39134 (UNITEDNET) (UNITEDNET)
3	31.131.252.94 31.131.252.94	49505 (SELECTEL) (SELECTEL)
4 6	188.42.131.52 188.42.131.52	7979 (SERVERS) (SERVERS - Servers.com)
3	185.15.175.135 185.15.175.135	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2 2	148.251.76.230 148.251.76.230	24940 (HETZNER-AS) (HETZNER-AS)
4 6	185.15.175.133 185.15.175.133	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	23.111.31.228 23.111.31.228	7979 (SERVERS) (SERVERS - Servers.com)
2 2	185.15.175.131 185.15.175.131	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	138.201.8.33 138.201.8.33	24940 (HETZNER-AS) (HETZNER-AS)
5 5	172.217.22.66 172.217.22.66	15169 (GOOGLE) (GOOGLE - Google Inc.)
2 3	35.157.112.200 35.157.112.200	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	136.243.131.40 136.243.131.40	24940 (HETZNER-AS) (HETZNER-AS)
1 1	88.212.246.68 88.212.246.68	7979 (SERVERS) (SERVERS - Servers.com)
46	14

19 2400:cb00:2048:1::6812:3b3f (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

sci-hub.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.232.125.113 (Los Angeles, United States)

ASN3257 (GTT-BACKBONE GTT, DE)
PTR: 113-125-232-198.static.unitasglobal.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.213.4.234 (Russian Federation) 1 redirects

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv234-4-213-95.vk.com

userapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6b8::1:119 (Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.131.252.91 (Russian Federation)

ASN49505 (SELECTEL, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.131.252.90 (Russian Federation)

ASN49505 (SELECTEL, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.194 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host194.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.131.252.94 (Russian Federation)

ASN49505 (SELECTEL, RU)

kitbit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 188.42.131.52 (Netherlands) 4 redirects

ASN7979 (SERVERS - Servers.com, Inc., US)
PTR: prod-sceu-facetz-lba-1.dca-ops.tech

front.facetz.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.15.175.135 (Russian Federation)

ASN43226 (SAFEDATA Uplinks, RU)

tag.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 148.251.76.230 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.230.76.251.148.clients.your-server.de

cm.p.altergeo.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.15.175.133 (Russian Federation) 4 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.31.228 (Netherlands) 1 redirects

ASN7979 (SERVERS - Servers.com, Inc., US)

sync.omnidsp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.15.175.131 (Russian Federation) 2 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.8.33 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.33.8.201.138.clients.your-server.de

amberdata-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.22.66 (Mountain View, United States) 5 redirects

ASN15169 (GOOGLE - Google Inc., US)
PTR: fra15s17-in-f66.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.112.200 (Frankfurt, Germany) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-157-112-200.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.243.131.40 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: prod-hzeu-facetz-lba-1.dca-ops.tech

front.facetz.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.212.246.68 (Russian Federation) 1 redirects

ASN7979 (SERVERS - Servers.com, Inc., US)
PTR: prod-scru-openstat-forwarder-4.dca-ops.tech

openstat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	sci-hub.cc sci-hub.cc	462 KB
11	digitaltarget.ru 6 redirects tag.digitaltarget.ru dmg.digitaltarget.ru	12 KB
7	facetz.net 4 redirects front.facetz.net	6 KB
5	doubleclick.net 5 redirects cm.g.doubleclick.net	2 KB
5	pluso.ru share.pluso.ru	39 KB
5	yandex.ru 1 redirects mc.yandex.ru	32 KB
3	eyeota.net 2 redirects ps.eyeota.net	663 B
3	kitbit.net kitbit.net	1 KB
2	altergeo.ru 2 redirects cm.p.altergeo.ru	1 KB
2	yadro.ru 1 redirects counter.yadro.ru	561 B
2	userapi.com 1 redirects userapi.com	26 KB
2	jquery.com code.jquery.com	116 KB
1	openstat.net 1 redirects openstat.net	472 B
1	rutarget.ru 1 redirects amberdata-sync.rutarget.ru	402 B
1	omnidsp.com 1 redirects sync.omnidsp.com	347 B
0	exe.bid Failed profile-eu.exe.bid Failed
46	16

	Domain	Requested by
19	sci-hub.cc	sci-hub.cc
8	dmg.digitaltarget.ru	6 redirects
7	front.facetz.net	4 redirects share.pluso.ru front.facetz.net
5	cm.g.doubleclick.net	5 redirects
5	share.pluso.ru	sci-hub.cc share.pluso.ru
5	mc.yandex.ru	1 redirects sci-hub.cc
3	ps.eyeota.net	2 redirects
3	tag.digitaltarget.ru	kitbit.net tag.digitaltarget.ru
3	kitbit.net	share.pluso.ru kitbit.net
2	cm.p.altergeo.ru	2 redirects
2	counter.yadro.ru	1 redirects
2	userapi.com	1 redirects sci-hub.cc
2	code.jquery.com	sci-hub.cc
1	openstat.net	1 redirects
1	amberdata-sync.rutarget.ru	1 redirects
1	sync.omnidsp.com	1 redirects
0	profile-eu.exe.bid Failed	front.facetz.net
46	17

This site contains links to these domains. Also see Links.

Domain
sci-hub.io
pluso.ru
vk.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
*.userapi.com GlobalSign Organization Validation CA - SHA256 - G2	`2017-06-14` - `2018-06-15`	a year	crt.sh
bs.yandex.ru Yandex CA	`2015-12-16` - `2017-12-15`	2 years	crt.sh
tag.digitaltarget.ru Let's Encrypt Authority X3	`2017-09-28` - `2017-12-27`	3 months	crt.sh
dmg.digitaltarget.ru Let's Encrypt Authority X3	`2017-09-28` - `2017-12-27`	3 months	crt.sh
COMODO RSA Domain Validation Secure Server CA	`2016-02-10` - `2018-02-09`	2 years	crt.sh

This page contains 3 frames:

Primary Page: http://sci-hub.cc/
Frame ID: 9778.1
Requests: 44 HTTP requests in this frame

Frame: http://front.facetz.net/crossd_pluso_iframe.html
Frame ID: 9778.2
Requests: 1 HTTP requests in this frame

Frame: http://profile-eu.exe.bid/sandbox/
Frame ID: 9778.3
Requests: 1 HTTP requests in this frame