nOtHINK
"dubium sapientiae initium"
Nothink.org is a private project with no commercial interests. These pages are free and automatically created. You can find statistics, data and others stuff about malware/spyware. In particular lets you know the correspondence between a malicious binary (collected from my honeypot) and its activities in the network (DNS, HTTP and IRC connections).
This information can be used to perform analysis and filters in your work and home networks. If you have any doubts please consult the
FAQ page or send me an email.
Warning: all domains on this website should be considered dangerous. If you do not know what you are doing here, it is recommended you leave right away.Latest entries about malware DNS network traffic |
| generated 2012-05-17 22:00:01 UTC (daily) |
| Timestamp | MD5 | Name | Query result |
|---|
| 2012-05-16 | 321d86b4bd846bdc9ff843b4154cb3eb | tv.homler.net | 117.21.224.29 , 122.224.6.140 |
| 2012-05-15 | d05276441b548403dfe814cd84e0af86 | xi.r4t.biz | - |
| 2012-05-15 | 519af1366c32618d1f807457d0b588ad | tv.homler.net | 117.21.224.29 , 122.224.6.140 |
| 2012-05-14 | 585e40a82204221a4ba2c2675cde293b | tv.homler.net | 117.21.224.29 , 122.224.6.140 |
| 2012-05-10 | 22646e61e3e92158696169ca682a8372 | tv.homler.net | 122.224.6.140 , 117.21.224.29 |
| 2012-05-09 | b1efc25137fbe8d6d011e9be769ba551 | d.homler.net | 117.21.224.29 , 122.224.6.140 |
| 2012-05-07 | c8e54388126cb41d585b5e3e2f1d993d | d.homler.net | 117.21.224.29 , 122.224.6.140 |
| 2012-05-07 | 5e60a735afb32c3b19b186170964ffb9 | gg.arrancar.org | 69.43.160.145 |
| 2012-05-06 | db9e4e86f133975e2114898f8adac417 | d.homler.net | 122.224.6.140 , 117.21.224.29 |
| 2012-05-04 | 5f9ef4e3f6fbc5ef88ee9026d38ccf8c | dcppng.rania-style.com | - |
Latest entries about malware IRC network traffic |
| generated 2012-05-17 22:00:01 UTC (daily) |
| Timestamp | MD5 | IP | Port | Nick | User | Pass | Channel | Channel pass |
|---|
| 2012-05-15 | d05276441b548403dfe814cd84e0af86 | 91.121.171.64 | 9040 | xUVEuwU | cjfsiemx | - | #j | - |
| 2012-05-03 | 886d83e63011c2562a4c77b5bc48fd4b | 91.121.171.64 | 9040 | SSCKGxs | dgawscan | - | #c | - |
| 2012-04-25 | 2361afcdd127e86b689119672dfccf21 | 91.121.171.64 | 9040 | xgCvcsv | ecdaliwd | - | #c | - |
| 2012-04-23 | f61ba933ea990e83a84c2cc9cbd6dc32 | 91.121.171.64 | 9040 | yYPbbrl | kuscvofb | - | #c | - |
| 2012-03-15 | 0f302c856d688340076859a02510507a | 83.68.16.30 | 80 | hntrtwtr | j020501 | - | - | - |
| 2012-03-06 | fed38516f0e4f97ad3208fba3fd1bc43 | 91.121.171.64 | 9040 | FKgdmPA | trcupsvm | - | #c | - |
| 2012-01-30 | ad5d79b867875b98278118c70ea102c4 | 46.166.162.116 | 8585 | yycIaIc | yudtouga | - | #c | - |
| 2012-01-14 | cf2b32e03d8985fc0b0afc55703850bf | 193.107.16.22 | 8718 | pSLXmPY | wqvryekc | - | #c | - |
| 2011-11-07 | eca3b59b3a6238f59a2dc16fbdba2b17 | 60.190.222.157 | 7475 | New{US-XP-x86}1486688 | 2183867 | 3v | #3v | 3x3 |
| 2011-08-28 | ed47eabe4d203e4d4a3b8e2024449508 | 67.20.27.189 | 8080 | ijJwtoxFq | yxihFekFB | secretpass | ##+ | DES-256 |
Latest entries about malware HTTP network traffic |
| generated 2012-05-17 22:00:01 UTC (daily) |
| Timestamp | MD5 | IP | Port | Hostname | Request |
|---|
| 2012-02-05 | 044fed7aa87e891e4ddd2b97f7d949d2 | 146.185.246.61 | 80 | 146.185.246.61 | GET /ngd.exe |
| 2012-02-04 | 27c9663740eef80f12c13d964ae6f8af | 146.185.246.61 | 80 | 146.185.246.61 | GET /ngk.exe |
| 2012-02-02 | 65c7bab2353e3c8a320e045d142ac976 | 146.185.246.139 | 80 | 146.185.246.139 | GET /ngr.exe |
| 2012-01-31 | 243aab68a7296f007d386802bd30c314 | 146.185.246.34 | 80 | 146.185.246.34 | GET /ngf.exe |
| 2012-01-27 | d873945b82fa4f366a4b2b65d08ce97c | 146.185.246.34 | 80 | 146.185.246.34 | GET /ngh.exe |
| 2012-01-27 | 75f2a6be36973cc9f3e1cc2a821bb05b | 146.185.246.139 | 80 | 146.185.246.139 | GET /ngu.exe |
| 2012-01-17 | 99646b15965ff8607423319a1e281b9a | 146.185.246.126 | 80 | 146.185.246.126 | GET /ngl.exe |
| 2012-01-13 | f8ddeea0b3d71b4a529847a3f5c8f284 | 146.185.246.180 | 80 | 146.185.246.180 | GET /ngl.exe |
| 2012-01-09 | f64833b8423c20414842fcb0bc2c8bc3 | 146.185.246.180 | 80 | 146.185.246.180 | GET /ngv.exe |
| 2011-12-29 | f6ccebd77b8be35fc56db7438132d510 | 146.185.246.139 | 80 | 146.185.246.139 | GET /ngui.exe |