Malware is everywhere!
Updated every hour
Online since 06/2005 - 7.000.000 hits/month
Last database update: 2014-04-17 02:30 UTC

Search MBL#:    

Bookmark and Share


Welcome to the Malware Patrol project! We provide feeds of malware URLs and CryptoLocker domains and IPs, so you can protect yourself and your network users from getting infected by Malware. Block lists are available in several formats, including the most popular anti-spam, anti-virus and web proxy systems.

CryptoLocker Alert!


Computer criminals have a new weapon in their arsenal, a malware called CryptoLocker that is being distributed across the world via phishing scams. When a computer is infected, all important personal/business files (.doc, jpg, ppt, pst, etc) are encrypted. The attacker is the only one who knows the decryption key and asks the victim for a ransom that must be payed within 72 hours.

Apart from advising you to keep your anti-virus up to date, to run regular backups and to exercise caution with e-mails containing attachments and links, we are offering an additional security layer. We've created block lists of the domains used by the malware to contact its command servers and also of IP addresses of these domains. If the malware can't contact its C&Cs, it won't retrieve the encryption key and therefore will not encrypt files. As usual, block lists are available in multiple formats, including the most popular web proxies, anti-spam and anti-virus systems.

Premium subscribers can download the CryptolLocker feeds. Subscribe today!

Subscribe Now!

Since June/2005 we provide accurate and up to date feeds/block lists that help prevent Malware infections around the world. To be able to provide high quality data, we've implemented a subscription system.

We continue supporting free of charge data, but registration is now required. Customers can choose between the Premium and the Free subscription options.

Please visit our feeds page for more details. The Premium subscription allows access to all available formats of URLs and CryptoLocker block lists and is updated every hour. The Free subscription is only updated every 48/72 hours. Premium subscriptions helps us maintain the project and develop the many long awaited features. To know more about why you should choose the Premium subscribption, please watch this video.

Have questions or comments? Contact us at orders (a t) malwarepatrol . net. False positives should be reported to fp (a t)

Your use of this web site constitutes agreement to all Terms and Conditions. If you want to use our feeds/block lists in a commercial product or service, please contact us for licensing information.

Want to know more about the project, visit the About Us page.

Our Stats

New/Queued: 8,848/19,569

Blocked: 63,515

Dangerous: 1,355,116

Recent Malware detected


14 Mar 14: Keep suspicious URLs coming to . We'll not accept submissions via the online form anymore starting today.

24 Feb 14: We are happy to announce the availability of block lists of CryptoLocker command and control domains and IP addresses. If the ransomware can't access its servers, it won't be able to encrypt the victim's files and ask for a ransom.


Follow us on Twitter!

Follow the MalwarePatrol on Twitter for more news

Why use a block list of URLs?

One of the most frequent questions is: "We have a firewall, anti-virus, anti-malware, IDS/IPS, etc - why do we need block lists of URLs in our proxy or router?"

That is a great question. First of all, it is certainly very important to have multiple protection layers and trusted intelligence sources when it comes to Internet security, no single vendor can protect you from all the current threats. This is known as layered security. Also, fraudsters are always improving their attacks that range from simple URLs pointing to malware files to complex exploit kits that can leverage vulnerabilities to download malicious software to the victims' computers. On top of that, distributed malware frequently has very low anti-virus detection rates. Attackers are also heavily using "downloaders", these are softwares which only intent is to download other malicious binaries that happens to be malware. We collect and track URLs that point to malware, including the ones used by exploit kits and downloaders, this is why it is so important to use our block lists.

So, why take chances when you can get extra protection? Waste no more time and start protecting your network with the data provided by the Malware Patrol. Click here to find all the feeds/block lists available.

Our thanks to