Initially was created to link domains that were serving the same executable. What I found out in a very short period of time is the binaries are updated so frequently that this becomes almost impossible. Storing the MD5 is still useful just not as useful as I originally thought. The only purpose is to store and keep track of domains that host malicious binaries.

I have recently made a few adjustments to the database which should speed up the queries. I have also linked the IP addresses to a good friend of mines newly created website Think of it as a robtex for malware domains.

For example here we can find a domain hosting the Neosploit exploit pack. The domain is hosted on By searching we can see domains hosted on the same IP that are named in a similar fashion and are most likely also hosting Neosploit or being staged.