Ежедневно - 24/7
Specific paths where malicious payloads (like Trojans or Ransomware) are stored for "drive-by" downloads.
The database served as a real-time feed of "Indicators of Compromise" (IoCs). Its primary functions included:
Security practitioners can ingest malc0de’s list.txt into: malc0de.com database
Malc0de frequently lists URLs that appear in spam campaigns. Security teams can extract the root domains and add them to email gateway blocklists to prevent phishing links from reaching end users.
Malc0de.com was launched around 2008–2010, a period marked by rapid growth in exploit kits (e.g., Blackhole, Nuclear Pack). Its primary purpose was to share recent URLs that delivered binary malware (e.g., .exe, .dll, .scr) via HTTP/HTTPS. The site’s simple, minimalist interface — a reverse-chronological table of malicious links — has remained largely unchanged, emphasizing speed over aesthetics. Specific paths where malicious payloads (like Trojans or
A typical record in the malc0de.com database includes the following fields:
Despite the rise of paid platforms like VirusTotal Enterprise, ThreatConnect, and MISP, the malc0de.com database offers unique advantages. Security teams can extract the root domains and
Founded in 2010 by a security researcher known as "Kahu Security," Malc0de (pronounced "mal-code") was built with a simple mission: to track and list malicious URLs used to distribute malware. Unlike sandbox analysis platforms that focus on file behavior, malc0de focuses on the —the web addresses that host drive-by-downloads, exploit kits, and trojan payloads.