nOtHINK

"dubium sapientiae initium"

• Home
• Malware network activity
  • DNS network traffic
  • IRC network traffic
  • HTTP network traffic
• Honeypot
  • SSH honeypot
  • Malicious binaries collected
  • Last threats (daily)
• Misc
  • Blacklist
  • Viruswatch

Nothink.org is a private project with no commercial interests. These pages are free and automatically created. You can find statistics, data and others stuff about malware/spyware. In particular lets you know the correspondence between a malicious binary (collected from my honeypot) and its activities in the network (DNS, HTTP and IRC connections).

This information can be used to perform analysis and filters in your work and home networks. If you have any doubts please consult the FAQ page or send me an email. Warning: all domains on this website should be considered dangerous. If you do not know what you are doing here, it is recommended you leave right away.

Latest malware binaries analyzed by the sandbox
generated 2012-05-17 22:00:01 UTC (daily)
Timestamp	MD5	SHA1	URL sandbox analysis report
2012-05-17	02e79ded0c1c937b72c9db02ecb05177	f2acfd46f7884ff7684f7a6230b7d90d4675f181	12c05abd014546bb46545df0813c28df1
2012-05-17	fb86af6ba7866139c20cbe92ef71072f	535d7297aa698dd609c6ca69534fb80b5de2ebbc	10dbf8956d2806c14416f167dad8e6144
2012-05-17	450467eb63d5f0ec997bf1ab16033e94	07d9b998f1e34f6402accd316c29ccf0fab0b013	1f677d530594b2884c9787c8a9f7e60b2
2012-05-17	9ac9d6ed7a16f54bac9e600777341513	328df5825362c672c92db51f21b56908127d22bb	17245eb9c372cf6f43910467d2871f828
2012-05-16	e4eb48ad107d9247cd7a47f6ae1c3cef	859cd6097bb72a2d55524c7778522613664c4cfe	13733ddc162266f64b5f9f4308c55543a
2012-05-16	2d895989cf1243ee0989fa7e83e0eca7	9a338476fe66817681d1266c961e41c3ca2d80ef	18186bcee4d31d9945940caefb77d283a
2012-05-16	9b491668f761a834fa8a7d283be028a4	bb361f40d97060ce04cd09d06c5f8d9710ccfa7e	1bb12e6ddb674be548dd80227cdbff0e5
2012-05-16	321d86b4bd846bdc9ff843b4154cb3eb	c5f018f377a3d72b4d1136730ec22a0e03fe1ff7	1f6118f84013a1b94d1d46b1b0c31e7e9
2012-05-16	7e31d0ae7b1778637537fab6ece41032	2074d4d8edf1888552ad9600bcd2be3d78e8fa56	118e12cd2887b47545dedb24b6f8bba9b
2012-05-16	5940ab22b570854c0aab272540ce9a8c	b5a7fbe46db12598e3a1dd625e9696f5de35a64c	1e76f9e2eca2e6e4429001c5df407486f

Latest entries about malware DNS network traffic
generated 2012-05-17 22:00:01 UTC (daily)
Timestamp	MD5	Name	Query result
2012-05-16	321d86b4bd846bdc9ff843b4154cb3eb	tv.homler.net	117.21.224.29 , 122.224.6.140
2012-05-15	d05276441b548403dfe814cd84e0af86	xi.r4t.biz	-
2012-05-15	519af1366c32618d1f807457d0b588ad	tv.homler.net	117.21.224.29 , 122.224.6.140
2012-05-14	585e40a82204221a4ba2c2675cde293b	tv.homler.net	117.21.224.29 , 122.224.6.140
2012-05-10	22646e61e3e92158696169ca682a8372	tv.homler.net	122.224.6.140 , 117.21.224.29
2012-05-09	b1efc25137fbe8d6d011e9be769ba551	d.homler.net	117.21.224.29 , 122.224.6.140
2012-05-07	c8e54388126cb41d585b5e3e2f1d993d	d.homler.net	117.21.224.29 , 122.224.6.140
2012-05-07	5e60a735afb32c3b19b186170964ffb9	gg.arrancar.org	69.43.160.145
2012-05-06	db9e4e86f133975e2114898f8adac417	d.homler.net	122.224.6.140 , 117.21.224.29
2012-05-04	5f9ef4e3f6fbc5ef88ee9026d38ccf8c	dcppng.rania-style.com	-

Latest entries about malware IRC network traffic
generated 2012-05-17 22:00:01 UTC (daily)
Timestamp	MD5	IP	Port	Nick	User	Pass	Channel	Channel pass
2012-05-15	d05276441b548403dfe814cd84e0af86	91.121.171.64	9040	xUVEuwU	cjfsiemx	-	#j	-
2012-05-03	886d83e63011c2562a4c77b5bc48fd4b	91.121.171.64	9040	SSCKGxs	dgawscan	-	#c	-
2012-04-25	2361afcdd127e86b689119672dfccf21	91.121.171.64	9040	xgCvcsv	ecdaliwd	-	#c	-
2012-04-23	f61ba933ea990e83a84c2cc9cbd6dc32	91.121.171.64	9040	yYPbbrl	kuscvofb	-	#c	-
2012-03-15	0f302c856d688340076859a02510507a	83.68.16.30	80	hntrtwtr	j020501	-	-	-
2012-03-06	fed38516f0e4f97ad3208fba3fd1bc43	91.121.171.64	9040	FKgdmPA	trcupsvm	-	#c	-
2012-01-30	ad5d79b867875b98278118c70ea102c4	46.166.162.116	8585	yycIaIc	yudtouga	-	#c	-
2012-01-14	cf2b32e03d8985fc0b0afc55703850bf	193.107.16.22	8718	pSLXmPY	wqvryekc	-	#c	-
2011-11-07	eca3b59b3a6238f59a2dc16fbdba2b17	60.190.222.157	7475	New{US-XP-x86}1486688	2183867	3v	#3v	3x3
2011-08-28	ed47eabe4d203e4d4a3b8e2024449508	67.20.27.189	8080	ijJwtoxFq	yxihFekFB	secretpass	##+	DES-256

Latest entries about malware HTTP network traffic
generated 2012-05-17 22:00:01 UTC (daily)
Timestamp	MD5	IP	Port	Hostname	Request
2012-02-05	044fed7aa87e891e4ddd2b97f7d949d2	146.185.246.61	80	146.185.246.61	GET /ngd.exe
2012-02-04	27c9663740eef80f12c13d964ae6f8af	146.185.246.61	80	146.185.246.61	GET /ngk.exe
2012-02-02	65c7bab2353e3c8a320e045d142ac976	146.185.246.139	80	146.185.246.139	GET /ngr.exe
2012-01-31	243aab68a7296f007d386802bd30c314	146.185.246.34	80	146.185.246.34	GET /ngf.exe
2012-01-27	d873945b82fa4f366a4b2b65d08ce97c	146.185.246.34	80	146.185.246.34	GET /ngh.exe
2012-01-27	75f2a6be36973cc9f3e1cc2a821bb05b	146.185.246.139	80	146.185.246.139	GET /ngu.exe
2012-01-17	99646b15965ff8607423319a1e281b9a	146.185.246.126	80	146.185.246.126	GET /ngl.exe
2012-01-13	f8ddeea0b3d71b4a529847a3f5c8f284	146.185.246.180	80	146.185.246.180	GET /ngl.exe
2012-01-09	f64833b8423c20414842fcb0bc2c8bc3	146.185.246.180	80	146.185.246.180	GET /ngv.exe
2011-12-29	f6ccebd77b8be35fc56db7438132d510	146.185.246.139	80	146.185.246.139	GET /ngui.exe