In the malware distribution area, Exploit Kit(EK) plays a important role. An EK exploit can be seen as a tool kit that contains a bunch of exploits, and they take advantage of vulnerable applications (Flash Player, Internet Explorer, etc) and secretly download and run malware on a target host. Palo Alto Networks also has an excellent EK guide here.
Most of the EK related domains are brand new FQDNs, and most of them are also short lived. From the DNS and URL requests perspective, there are also some interesting behaviors, combing the data from various data sources such as PDNS, whois, HTTP logs..etc, we are able to generate these highly suspicious EK feeds.
Currently, Neutrino EK and magnitude EK are pretty active in China so we make this two feeds public available.