Malware URLs

UPDATE: THE SERVICE IS NOT WORKING ANY MORE

After working on this project at home, completely alone, and without the help of anybody, with the exception of a few parties, like one European CERT, I decided to stop losing money and time with this project. There were a few companies using it, I had a lot of hobbistic and otherwise users but almost no one collaborated with the project. There was a "Donate" button for as long as 2 years and nobody ever clicked on it. As so, after hours of fixing a crash in the backend for no reason, I decided to shut-down this project. It will still work in my home, but no results will be ever again shared. The rest of the web page is left here for historic reasons.

Introduction

Malware URLs is a daily updated and free for research purposes feed offered by Joxean Koret to be used by security researchers, anti-malware researchers, etc... It can also be used by individuals to protect themselves, as the format of the feed (plain text) can be used with tools like Adblock Plus or integrated easily with other tools.

Feed

There are, as of September 2014, 3 different plain text files offered: one with the full set of URLs discovered, another one with just the domains and one more with all the URLs in the 'gray area'. The 'gray area' is an area where many malware URLs exists but there is also a big number of false positives as the gray area is the one where only 2 or 3 evidences were discovered. The 'gray area' should not be used for blocking domains or URLs, it's published only with the aim of helping malware researchers. You can download them here:

  1. URLs
  2. Domains
  3. Gray area

Future enhacements

In the future it's possible that other feeds will be released like, probably the most interesting one, the feed of URLs found in the "gray area". The "gray area" is the area where URLs with a number of evidences that makes them suspicious but, on the other hand, is not enough information to flag as malicious. There are a lot of malware and spam here and various (~5%) false positives.

False positives

If you noticed a false positive, please report it.

Disclaimer

THIS FEED IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE FEED OR THE USE OR OTHER DEALINGS IN THE FEED.

Contact

Contact information is available here.

Copyright (c) 2013, 2014 Joxean Koret