Initially malc0de.com was created to link domains that were serving the same executable. What I found out in a very short period of time is the binaries are updated so frequently that this becomes almost impossible. Storing the MD5 is still useful just not as useful as I originally thought. The only purpose malc0de.com is to store and keep track of domains that host malicious binaries.

I have recently made a few adjustments to the database which should speed up the queries. I have also linked the IP addresses to a good friend of mines newly created website www.malwaregroup.com. Think of it as a robtex for malware domains.

For example here we can find a domain hosting the Neosploit exploit pack. The domain is hosted on 75.125.212.58. By searching malwaregroup.com we can see domains hosted on the same IP that are named in a similar fashion and are most likely also hosting Neosploit or being staged.