C2s, Cryptominers, DGAs, Malware, Phish, Ransomware

Choose the Right Data for Your Needs

We offer cyber threat intelligence (CTI) feeds that work for a range of organization sizes and use cases, from protecting internal networks in small businesses to cyber security enterprises that develop products and conduct research:

Enterprise Data: A variety of feeds for companies that want to build their own threat intelligence package and/or require specific data for research/product development purposes. The feeds can be customized to fit ingestion requirements at no additional cost. They are sold separately, in discounted bundles, or get all feeds in our Big Data package.

Platform and Tool Integrations: Data feeds formatted to work with popular security tools, including:

Business Protect: Designed for small to medium-sized businesses, this offering includes active malware and ransomware URLs from the latest malicious campaigns in several different feed formats. Monthly or annual subscriptions and a free self-service, full-access trial available.

DNS RPZ Firewall: A set-it-and-forget-it automatic (AXFR/IXFR) BIND server transfer of six separate response policy zones of malicious domains related to: (1) C2s, (2) Cryptominers, (3) DGAs, (4) DNS-over-HTTPS servers, (5) Malware & Ransomware, and (6) Phishing sites.


Malware Patrol’s feeds are constantly verified to keep them fresh and actionable:

  • Each indicator is checked daily
  • DNS names are resolved 4-6 times a day
  • Newly discovered URLs are processed within an hour
  • Unlimited downloads.


Business Protect

DNS Firewall



SMBs & Security Service Providers
Security/DNS Service Providers
Cyber Security  Enterprises
Free data evaluation
Unlimited-use commercial license
Hourly updates
Unlimited downloads
Priority tech support
Subscription options: Monthly or Annual X X
Subscription options: Annual or multi-year X
Dedicated account manager X X
Free feed customization/formatting X X


Bitcoin Blockchain Strings X X
Bitcoin Transactions X X
C2 Addresses X X
Cryptomining X X
DNS Firewall X
DoH Servers X X
Domain Names Generated via DGAs X X
Intrusion Insights X X
Malicious Domains X X
Malicious IPs X X
Malware Hashes or Samples X X
Malware/Ransomware URLs X
Newly Registered Domains X X
Phishing X X
Scam Domains X X

What kind of threat data user are you?

Security Team

You need data to help block and detect threats, with a focus on the latest malicious campaigns. Or, as a security service provider, you use threat data to provide services to your customers.

Threat Researcher/Analyst

You need data or samples for research purposes, including reverse engineering and powering AI or machine learning tools.


Mature security program with a range of needs. You integrate IoCs into your SIEM, TIP or other tools for threat detection and response. You sell security services and use data from multiple vendors for maximum coverage.

The Value of Threat Data

Cyber threat intelligence is used by security professionals tasked with protecting their company’s assets against malicious actors. According to a study conducted by the Ponemon Institute:

  • 78% of respondents rate the importance of threat intelligence in achieving a strong cyber security posture as very high
  • 46% percent of respondents believe commercial data feeds provide more actionable intelligence than free sources.

Malware Patrol offers a wide variety of IoC feeds for use in all types of security environments and tools. Our data is verified and actionable. It protects your customers and networks against communications with botnets and command and control (C2) servers, malware infections and the transmission of compromised data.