malc0de (malc0de.com) is a long-standing, free malware URL and malicious domain database. It primarily tracks websites hosting malware (drive-by download pages, exploit kits, malware payloads). It’s maintained by a single researcher (often referred to as unknown or Mike), with updates dating back to 2008.
If malc0de is not sufficient for your needs, consider these complementary resources: malc0de database
| Resource | Strength | Weakness | | :--- | :--- | :--- | | URLhaus (by abuse.ch) | Large community, fast updates, API rich | Requires community validation | | PhishTank | Focused on phishing, not malware | Slower confirmation times | | OpenPhish | Commercial grade, very fast | Expensive for full feed | | MalwareDomains (Ransomware Tracker) | Focused on ransomware distribution | Less maintained since 2020 | malc0de (malc0de
For most analysts, the best approach is to combine malc0de with URLhaus. Use malc0de for exploit kit landing pages and URLhaus for general malware binaries. If malc0de is not sufficient for your needs,
Founded by the enigmatic security researcher known as Kafeine (later associated with Proofpoint), Malc0de started as a personal sandbox. The concept was brutally simple: Run a piece of malware in a controlled environment, watch where it "phones home" to download secondary payloads (malware binaries), and log that URL.
Unlike commercial feeds that aggregate data from thousands of sensors, Malc0de’s original engine was lean. It primarily tracked Exploit Kits—the automated attack platforms that delivered ransomware like CryptoLocker and TeslaCrypt in the mid-2010s. When a user visited a compromised website (a drive-by-download), the Exploit Kit would redirect the browser to a landing page hosting malicious JavaScript or Flash files. Malc0de caught those redirections.
The database became famous for one specific feature: The "Malware Domain Blocklist" (MDL). Security professionals could import Malc0de’s DNS feed into their firewalls or Pi-hole servers to block requests to known malicious hosts in real-time.