NoThink

"do ut des"

Nothink.org is a private project with no commercial interests. These pages are free and automatically created. You can find statistics, data and others stuff about malware/spyware. In particular lets you know the correspondence between a malicious binary (collected from my honeypot) and its activities in the network (DNS, HTTP and IRC connections).

This information can be used to perform analysis and filters in your work and home networks. If you have any doubts please consult the FAQ page or send me an email. Warning: all domains on this website should be considered dangerous. If you do not know what you are doing here, it is recommended you leave right away.

Download the last complete 'Malware Network Activity details' in XML format!

Download the last complete 'blocklist' about malware DNS,IRC and HTTP network traffic!

Timestamp	MD5	SHA1	URL sandbox analysis report
Latest malware binaries analyzed by the sandbox
generated 2012-01-26 23:00:04 UTC (daily)
2012-01-26	a1da77646a58b98d7302f7ca9b1f1f3b	89f6fd0ef54e2826e031b0924b982526d5f695ce	19475bea39257e424f53d0287e13a463d
2012-01-26	fb7e6238e6874f91144b77ebe6ca20ed	ea4a2b9e6ecb4063fa49802a297ff29a502aa856	105248bd1db5120c41d65db83640f6773
2012-01-26	31b9cefce84d16ca9b5f1e83668b491a	26a25881ef571da387b188a55ae8bde75f9d94e9	138cd82398909d214d545b660f7f3814f
2012-01-26	8fa68c2c44d3b44cefaab4ec24ce3846	a485a04528ec76aa302b7e1ad2699c15cc7ccfb3	11fa927b1b32a707415169d5b8215c7ee
2012-01-26	aaedc78466673f044013f8ea51714f19	564040bedae166cea3a9d7cdb2897d6224bc9bcb	12e6c359d6be1b12461df8258a2b60834
2012-01-26	4708cc08a345fa459c2778d897138062	861d42dce1be84bcc144aa076cc817a658a55c59	1680d12248822f9744de5c7126c10353e
2012-01-26	a7782ea30ce05e4869d70f6c3c95491a	65c00798222d48aeacdbd01d102379427791d00e	1dd1760cd93c028249de59c1b8c782cfd
2012-01-26	7b5baa50e765c3abcd52aead208bcb0a	9b9a977983aec6d325ae595aabb69a4d8310446f	18093f9e6dcfd7594e169faa14c96792e
2012-01-26	5f6b787000308c6d46fdc2f8a399a20b	788e3c4f44aadbfbbf5f6484126dbbddd47d0c85	112f19511c943f6044946951df2c2716a
2012-01-26	b0f8811efebaffc4046b1913ef2700b6	d341b3d45b786859711c6b7558271a16f37a2b9f	16e0c8e948826a5448d225f42a41be674

Timestamp	MD5	Name	Query result
Latest entries about malware DNS network traffic
generated 2012-01-26 23:00:04 UTC (daily)
2012-01-25	45cb35fc407b252204adc601d5f2aff6	dd.ka3ek.com	60.190.223.150 , 60.190.217.55
2012-01-24	c8909e91c4fec7617dbc6bbdbd6c742c	dd.ka3ek.com	60.190.223.150 , 60.190.217.55
2012-01-24	a36003cb42c7d6358769a4d0ef630825	dd.ka3ek.com	60.190.217.55 , 60.190.223.150
2012-01-23	3d74fa02baba600c57248db4f7741854	dd.ka3ek.com	60.190.223.150 , 60.190.217.55
2012-01-22	5393a8b71d68792fe5082b4deb78ae7b	dd.ka3ek.com	60.190.217.55 , 60.190.223.150
2012-01-21	214768fb1137decf5c1c7d9d3b8b2e7e	dd.ka3ek.com	60.190.223.150 , 60.190.217.55
2012-01-20	ac79d8abd2e845d159d38a79b5f7675c	dd.ka3ek.com	60.190.217.55 , 60.190.223.150
2012-01-19	3cbe5222679a7bada5e0f834330395e2	proxim.ntkrnlpa.info	83.68.16.30
2012-01-19	cbf77665b10c271a0f8d3665b240d198	proxim.ntkrnlpa.info	83.68.16.30
2012-01-18	f3612f74807a98dd49c2a8493a8e0bc0	dd.ka3ek.com	60.190.217.55 , 60.190.223.150

Timestamp	MD5	IP	Port	Nick	User	Pass	Channel	Channel pass
Latest entries about malware IRC network traffic
generated 2012-01-26 23:00:04 UTC (daily)
2012-01-14	cf2b32e03d8985fc0b0afc55703850bf	193.107.16.22	8718"	pSLXmPY	wqvryekc	-	#c	-
2011-11-07	eca3b59b3a6238f59a2dc16fbdba2b17	60.190.222.157	7475	New{US-XP-x86}1486688	2183867	3v	#3v	3x3
2011-08-28	ed47eabe4d203e4d4a3b8e2024449508	67.20.27.189	8080	ijJwtoxFq	yxihFekFB	secretpass	##+	DES-256
2011-08-05	31e8653e8a95ad07effa4c7bff6e8a46	83.68.16.30	80	ayolsdpl	g020501	-	-	-
2011-07-17	28724f47348bc1c5f8ccddc22a1c522b	92.241.164.191	8718	taAODJGm	nftmukqp	-	#c	-
2011-07-11	84d9e3284d06707cddfaca3fe9f6dc49	92.241.164.191	8718	FjFQvtVv	agtyjaco	-	#c	-
2011-06-10	44de3158ba49bb1a84b4a21bf3e4c62a	83.68.16.30	80	iljzrejw	i020501	-	-	-
2011-05-20	2e379cb2fc26b4f77fcc57edefcc1d30	83.68.16.30	80	iuapnufw	c020501	-	-	-
2011-05-17	342ff49fff5b134d991b1f80d0347048	78.24.188.201	55003	AUT\|00\|XP\|SP3\|L\|708656	cwqrqhgb	-	##sodoma_3	s0dom4j03
2011-04-19	1e3eb2a8e28930dae966a555fcbe0ebe	78.47.158.33	6667	AUT\|01346	zjeei	-	##alb##	b!

Timestamp	MD5	IP	Port	Hostname	Request
Latest entries about malware HTTP network traffic
generated 2012-01-26 23:00:04 UTC (daily)
2012-01-17	99646b15965ff8607423319a1e281b9a	146.185.246.126	80" e	146.185.246.126	GET /ngl.exe
2012-01-13	f8ddeea0b3d71b4a529847a3f5c8f284	146.185.246.180	80	146.185.246.180	GET /ngl.exe
2012-01-09	f64833b8423c20414842fcb0bc2c8bc3	146.185.246.180	80" e	146.185.246.180	GET /ngv.exe
2011-12-29	f6ccebd77b8be35fc56db7438132d510	146.185.246.139	80" e	146.185.246.139	GET /ngui.exe
2011-12-26	b52c1e330914f8418d325682e3284ffd	146.185.246.139	80	146.185.246.139	GET /ngbn.exe
2011-12-18	dbe40f79e96ed9881bab25b8bdc3c036	146.185.246.134	80	146.185.246.134	GET /ngrold.exe
2011-12-07	c3976306587bc43ba40bf1a37a6803e6	70.38.98.236	80	img102.herosh.com	GET /2011/12/06/771918837.gif
2011-12-02	6932684e7fe10d01fea5199622e35890	91.121.11.69	8080	vendor.almsyar.com:8080	GET /images/crypted_build.exe
2011-11-30	972e4ef408d94468daacf2acb4dbf062	146.185.246.132	80	146.185.246.132	GET /ngop.exe
2011-11-20	c940f4c6d619f52ee6cab8849420a298	146.185.246.106	80	146.185.246.106	GET /ngck.exe

NoThink

"do ut des"

Latest malware binaries analyzed by the sandbox

Latest entries about malware DNS network traffic

Latest entries about malware IRC network traffic

Latest entries about malware HTTP network traffic