A daily list of URLs we have seen in our malware analysis that have been confirmed by at least one AV package as being involved in infection or the distribution of malware.
The Malicious URL Feed is a daily list of URLs we have seen in our malware analysis that have been confirmed by at least one AV package as being involved in infection or the distribution of malware. This makes it easy for an organization to check DNS query logs, proxy logs, or flows to spot workstations that have been used to visit these sites. We also include our manually reviewed phishing URL feed.
The Malware Binary Feed is a daily tar gzip file of malware that has been collected by us in the last 24 hours. All times are UTC.
Five daily sub-feeds
List of hashes of samples that we have run against 30 AV packages that have resulted in a 5% or more detection rate. This method can boost detection rates to up to 50% when combined with a single AV package
Consists of the hash plus the User-Agent string being used by the malware and can be used to identify infected hosts or differentiate between legitimate versus malicious traffic
Correlative listing of hashes from malware collected in the last 24 hours and AV engine signature names from most major AV engines
Hash and network flows seen during run-time analysis of malware collected in the last 24 hours
MD5 and SHA1 hash feed of all newly detected and reported samples