Maltrail is a malicious traffic detection system, using publicly available (black)lists containing malicious and/or generally suspicious trails, static trails compiled from various AV reports and custom user-defined lists, and (optionally) advanced heuristic mechanisms that can help in the discovery of unknown threats (for example, new malware). It is based on a Traffic -> Sensor <-> Server <-> Client Architecture.
Trail can be anything from a:
domain name (like
zvpprsensinaix.com for Banjori malware)
http://188.8.131.52/harsh02.exefor known malicious executable)
IP address (for example
184.108.40.206for known attacker)
HTTP User-Agent header value (like
sqlmapfor automatic SQL injection and database takeover tool).
It can be found on Github stamparm/maltrail.