NOTHINK

"excusatio non petita, accusatio manifesta"

Nothink.org is a private project with no commercial interests. These pages are free and automatically created. You can find statistics, data and others stuff about malware/spyware. In particular lets you know the correspondence between a malicious binary (collected from my honeypot) and its activities in the network (DNS, HTTP and IRC connections).

This information can be used to perform analysis and filters in your work and home networks. If you have any doubts please consult the FAQ page or send me an email. Warning: all domains on this website should be considered dangerous. If you do not know what you are doing here, it is recommended you leave right away.

Download the last complete 'Malware Network Activity details' in XML format!

Download the last complete 'blocklist' about malware DNS,IRC and HTTP network traffic!

Timestamp	MD5	SHA1	URL sandbox analysis report
Latest malware binaries analyzed by the sandbox
generated 2012-02-04 23:00:04 UTC (daily)
2012-02-04	27c9663740eef80f12c13d964ae6f8af	e5275cfdcd518c4225705afd49aac426d37e05a2	19b9a325cf7b9599481108ded896f2b0a
2012-02-04	be306aee79eb26cd5581b83e67c6bade	19ac79b82f546214cc682c9b5c15b263c5af1e5b	1ea67ccf6cde84c3455b2692888a0c56f
2012-02-03	5c9c84b2106dc294e39e528be565db71	27d8412210f3158a8406833de4cdc5d8d5c42083	1737005d73fdd60f499015dd85bebcf85
2012-02-02	65c7bab2353e3c8a320e045d142ac976	5c3fcdaf3fae2c707e615b29c9887c3f5ed81247	1ce0c74eadc109dd47d910df6e79762e5
2012-02-02	1a50b8f81ef6c9d27c4d97e59cb85e9e	a6439cd827b234636b7be8ff635177838b0e66de	1f4c0c7f144c86dd4fd2a534d87e554fe
2012-02-01	566400d3216495f8c50ced8ddb088763	356276d04d6acc8866475b2fa79199802d0d5080	13e22cd79fe2382347df9be98dc14caee
2012-01-31	4375c9475bce8ca1996381ba51376d03	a257b80cfaec612375127566082e89db6ca7ac35	17db43a8fc79b38b4994d1f4e14c7f935
2012-01-31	243aab68a7296f007d386802bd30c314	9074874b06c787e9b0d903e4abe5e486c9274de9	1ab4120ffdf2b6a9481256146fe05d5d8
2012-01-30	ad5d79b867875b98278118c70ea102c4	78452100e9dcd64e6b2298b70407f007e412d08e	169bfa20d03ab1ce4e5afcee92746ed6e
2012-01-30	6660fc3fe295416b8f52e24f1a6b827c	c1ecc179ef5c656e920e21b85ccd135a6fdba8e8	1ab467e8705076ae49d55a169ac007aa5

Timestamp	MD5	Name	Query result
Latest entries about malware DNS network traffic
generated 2012-02-04 23:00:04 UTC (daily)
2012-02-04	27c9663740eef80f12c13d964ae6f8af	d.homler.net	60.190.217.55 , 60.190.223.150
2012-02-04	be306aee79eb26cd5581b83e67c6bade	gmail.com	alt2.gmail-smtp-in.l.google.com , alt3.gmail-smtp-in.l.google....
2012-02-03	5c9c84b2106dc294e39e528be565db71	d.homler.net	60.190.223.150 , 60.190.217.55
2012-02-02	65c7bab2353e3c8a320e045d142ac976	d.homler.net	60.190.217.55 , 60.190.223.150
2012-02-02	1a50b8f81ef6c9d27c4d97e59cb85e9e	d.homler.net	60.190.217.55 , 60.190.223.150
2012-02-01	566400d3216495f8c50ced8ddb088763	d.homler.net	60.190.223.150 , 60.190.217.55
2012-01-31	4375c9475bce8ca1996381ba51376d03	proxim.ntkrnlpa.info	83.68.16.30
2012-01-31	243aab68a7296f007d386802bd30c314	d.homler.net	60.190.223.150 , 60.190.217.55
2012-01-30	ad5d79b867875b98278118c70ea102c4	xi.r4t.biz	-
2012-01-30	6660fc3fe295416b8f52e24f1a6b827c	d.homler.net	60.190.217.55 , 60.190.223.150

Timestamp	MD5	IP	Port	Nick	User	Pass	Channel	Channel pass
Latest entries about malware IRC network traffic
generated 2012-02-04 23:00:04 UTC (daily)
2012-01-30	ad5d79b867875b98278118c70ea102c4	46.166.162.116	8585"	yycIaIc	yudtouga	-	#c	-
2012-01-14	cf2b32e03d8985fc0b0afc55703850bf	193.107.16.22	8718"	pSLXmPY	wqvryekc	-	#c	-
2011-11-07	eca3b59b3a6238f59a2dc16fbdba2b17	60.190.222.157	7475	New{US-XP-x86}1486688	2183867	3v	#3v	3x3
2011-08-28	ed47eabe4d203e4d4a3b8e2024449508	67.20.27.189	8080	ijJwtoxFq	yxihFekFB	secretpass	##+	DES-256
2011-08-05	31e8653e8a95ad07effa4c7bff6e8a46	83.68.16.30	80	ayolsdpl	g020501	-	-	-
2011-07-17	28724f47348bc1c5f8ccddc22a1c522b	92.241.164.191	8718	taAODJGm	nftmukqp	-	#c	-
2011-07-11	84d9e3284d06707cddfaca3fe9f6dc49	92.241.164.191	8718	FjFQvtVv	agtyjaco	-	#c	-
2011-06-10	44de3158ba49bb1a84b4a21bf3e4c62a	83.68.16.30	80	iljzrejw	i020501	-	-	-
2011-05-20	2e379cb2fc26b4f77fcc57edefcc1d30	83.68.16.30	80	iuapnufw	c020501	-	-	-
2011-05-17	342ff49fff5b134d991b1f80d0347048	78.24.188.201	55003	AUT\|00\|XP\|SP3\|L\|708656	cwqrqhgb	-	##sodoma_3	s0dom4j03

Timestamp	MD5	IP	Port	Hostname	Request
Latest entries about malware HTTP network traffic
generated 2012-02-04 23:00:04 UTC (daily)
2012-02-04	27c9663740eef80f12c13d964ae6f8af	146.185.246.61	80" e	146.185.246.61	GET /ngk.exe
2012-02-02	65c7bab2353e3c8a320e045d142ac976	146.185.246.139	80" e	146.185.246.139	GET /ngr.exe
2012-01-31	243aab68a7296f007d386802bd30c314	146.185.246.34	80" e	146.185.246.34	GET /ngf.exe
2012-01-27	d873945b82fa4f366a4b2b65d08ce97c	146.185.246.34	80" e	146.185.246.34	GET /ngh.exe
2012-01-27	75f2a6be36973cc9f3e1cc2a821bb05b	146.185.246.139	80" e	146.185.246.139	GET /ngu.exe
2012-01-17	99646b15965ff8607423319a1e281b9a	146.185.246.126	80" e	146.185.246.126	GET /ngl.exe
2012-01-13	f8ddeea0b3d71b4a529847a3f5c8f284	146.185.246.180	80	146.185.246.180	GET /ngl.exe
2012-01-09	f64833b8423c20414842fcb0bc2c8bc3	146.185.246.180	80" e	146.185.246.180	GET /ngv.exe
2011-12-29	f6ccebd77b8be35fc56db7438132d510	146.185.246.139	80" e	146.185.246.139	GET /ngui.exe
2011-12-26	b52c1e330914f8418d325682e3284ffd	146.185.246.139	80	146.185.246.139	GET /ngbn.exe

NOTHINK

"excusatio non petita, accusatio manifesta"

Latest malware binaries analyzed by the sandbox

Latest entries about malware DNS network traffic

Latest entries about malware IRC network traffic

Latest entries about malware HTTP network traffic