Exploit kit


In the malware distribution area, Exploit Kit(EK) plays a important role. An EK exploit can be seen as a tool kit that contains a bunch of exploits, and they take advantage of vulnerable applications (Flash Player, Internet Explorer, etc) and secretly download and run malware on a target host. Palo Alto Networks also has an excellent EK guide here.

Download Feeds


Last update at 1508380410000 .


Last update at 1564367841000 .


2016-09-24 :

From 2016-09-24, we notice the neutrino had disapeared from our data.

More info, please check coffee blog.

2017-09-16 :

From 2017-09-15, we notice the magnitude had disapeared from our data.

If you know anything about it, please contact us.

How we detect EK?

Most of the EK related domains are brand new FQDNs, and most of them are also short lived. From the DNS and URL requests perspective, there are also some interesting behaviors, combing the data from various data sources such as PDNS, whois, HTTP logs..etc, we are able to generate these highly suspicious EK feeds.

Neutrino & Magnitude

Currently, Neutrino EK and magnitude EK are pretty active in China so we make this two feeds public available.

Sample Data

Family TS IP Domain URL