Exploit kit


In the malware distribution area, Exploit Kit(EK) plays a important role. An EK exploit can be seen as a tool kit that contains a bunch of exploits, and they take advantage of vulnerable applications (Flash Player, Internet Explorer, etc) and secretly download and run malware on a target host. Palo Alto Networks also has an excellent EK guide here.

Download Feeds


Last update at 1498525695000 .


Last update at 1498538603000 .


2016-09-24 :

From 2016-09-24, we notice the neutrino had disapeared from our data.

More info, please check coffee blog.

How we detect EK?

Most of the EK related domains are brand new FQDNs, and most of them are also short lived. From the DNS and URL requests perspective, there are also some interesting behaviors, combing the data from various data sources such as PDNS, whois, HTTP logs..etc, we are able to generate these highly suspicious EK feeds.

Neutrino & Magnitude

Currently, Neutrino EK and magnitude EK are pretty active in China so we make this two feeds public available.

Sample Data

Family TS IP Domain URL
Magnitude 1498525421 de2m7d6b2r34.routean.site N/A
Magnitude 1498525421 0di63na5c0edl0jaz.norhang.racing N/A