Protection Against Malware, Ransomware, C2s, and DGAs 

Business Protect

Small and medium sized businesses (SMBs) remain frequent targets for cyber criminals. Our Business Protect threat data feeds are a highly reliable layer of protection for your customers and networks against malware infections, the transmission of compromised data, and communications with botnets and command and control (C2s) servers.

For ease of use, the data is formatted for compatibility with the most common security platforms and software – no API required – and:

– Our database is updated constantly by crawlers in the cloud

– Each indicator is verified daily

– DNS names are resolved 4-6 times a day

– Newly discovered URLs are processed within an hour.

Threat Data

About Our Data

Malware Patrol’s threat data is aggregated from diverse and highly reliable sources, including web crawlers, botnet monitors, spam traps, honeypots, research teams, partners and historical data about malicious campaigns. All the data is carefully inspected. As a result, our feeds contain thoroughly vetted indicators sourced from the real world.

Security budgets are usually limited. Therefore, it is important to rely on a data source that provides coverage for the current malicious campaigns and threats that directly affect your company and your customers, maintaining a high level of security but using the minimum amount of resources possible.

How Malware Patrol Can Help Your Business

As a SMB, MSP, MSSP, ISP or similar company, there are many ways to use our data to protect your assets, employees and networks, as well as your customers:

  • Reinforce your network defenses by adding continuously updated data to your SIEM, firewalls, IPS/IDS, proxy, and DNS servers.
  • Prevent the exfiltration of sensitive data and intellectual property from infected machines, detecting compromised assets.
  • Detect malicious content hosted on your networks and servers.
  • Improve incident response and forensic capabilities by providing your teams with meaningful information about threats.
  • Grow your business by providing industry-leading threat data as a premium service to your customers.

Configuration Guides


SpamAssassin Configuration Guide

Malware Patrol provides block lists compatible with SpamAssassin.   "Apache SpamAssassin is the #1 Open Source anti-spam platform giving...

Accessing threat data on AWS S3 buckets

Malware Patrol provides some of its threat data feeds via AWS/Amazon S3 buckets. Among the feeds are the "Malware Samples (Binaries)"...

BIND9 Configuration Guide

Bind is the world’s most used DNS server. Keep reading to learn how to configure Bind 9. Malware Patrol provides a zone file compatible with Bind 9....

Cisco ASA FirePOWER Configuration Guide

“With Cisco ASA with FirePOWER Services, you consolidate multiple security layers in a single platform, eliminating the cost of buying and managing...

RPZ – DNS Firewall Configuration Guide

BIND is the world’s most used DNS server and can be configured as a DNS Firewall using RPZ zone files (RPZ - DNS). Response Policy Zone (RPZ)...
pfsense logo

pfSense Configuration Guide

pfSense software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely...
pfsense logo

pfBlockerNG Configuration Guide

Malware Patrol provides block lists compatible with pfBlockerNG, a package for pfSense version 2.x that allows the usage of custom block list, IP...

Clam AV Software Configuration Guide

“Clam AV is an open source ant-virus engine for detecting trojans, viruses, malware & other malicious threats.” Malware Patrol provides signatures...
squid logo

Squid3 Web Proxy Configuration Guide

Squid is a proxy for the web that provides extensive access control lists, reduces bandwidth consumption and improves response times by caching and...

Feed Details

Data Feed Contents

Active Malware URLs
IPs of C2s and Active DGAs
RPZ DNS Firewall Zones:
– Malware URLs

Data Feed Formats

BIND9 RPZ – DNS Firewall
Carbon Black 4.1+ domains IOCs
ClamAV Virus DB (basic)
ClamAV Virus DB (extended)
Postfix MTA
Snort IDS (C&Cs)
SquidGuard block list
Squid Web Proxy
Suricata IDS / IPS block list
Malware URLs – Sanitized Feed Format (Protocol, host name, domain name, and directories)


Data Feeds
Hourly updates
Historically rich
Unlimited downloads
Access to the CyberChef tool set

Dedicated account manager
Priority tech support

Subscription Options
Free data evaluation & technical consultation
Unlimited use commercial license
6-month or 1-year subscriptions