+1.813.321.0987

ENTERPRISE THREAT INTELLIGENCE

For All Your Cyber Security Needs

Get Only The Data You Need

From malicious IPs to malware samples, we offer a series of historically rich and reliable IoCs feeds to help companies of all sizes fill their threat intelligence gaps and better focus scarce IT resources. They are offered individually or in packages, depending on your needs.

Data Feed Descriptions

Bitcoin

Bitcoin became the most popular cryptocurrency in the world and, apart from its legitimate uses, is commonly utilized to receive ransom payments among other criminal activities. Bitcoin transaction or blockchain string data can be especially interesting to threat researchers and companies monitoring data sources for potential brand infringement.

The Bitcoin Transactions Feed includes easy-to-parse information on all blocks and transactions since the genesis block on January 3, 2009. An average of 50,000 transactions happen every day. We produce a simple JSON file for each transaction, as soon as information is available.

Formats:

The Bitcoin Blockchain Strings Data Feed contains all the text from the Bitcoin blockchain since its inception. This includes information that ranges from miner names, poems, and tributes to URLs that point to obscure and illegal websites, encoded files, and malicious source code. This data feed is available for free to our Enterprise customers. Updated every 6 hours.

Formats:

Command & Control Addresses + MITRE ATT&CK

Most malware and ransomware families implement some sort of communication with a command and control (C2) system that is responsible for relaying stolen financial information, personal data, and anything the malware captures. It is also used to instruct the malicious software which institutions to target and receive webinjects.

With this feed of C2 addresses, drop zones, and control panels, companies can block access, create alerts on IDS/IPS systems or investigate communications between samples and C2s. It contains the addresses used as C2s by more than 460 malicious families and includes information on MITRE ATT&CK TTPS and groups.  Updated every hour.

Formats:        

C2s + MITRE ATT&CK Sample Feed

{
“C2_URL”: “tcp://129.174.188.243:1177/”,
“malware_family”: “njRAT”,
“detection_timestamp”: “2017-09-07 00:47:40”,
“MITRE_ATTACK”: [{
“id”: “S0385”,
“name”: “njRAT”,
“reference”: “https://attack.mitre.org/software/S0385”,
“aliases”: [
“njRAT”,
“Njw0rm”,
“LV”,
“Bladabindi”
],
“type”: “malware”,
“description”: “[njRAT](https://attack.mitre.org/software/S0385) is a remote access tool (RAT) that was first observed in 2012. It has been used by threat actors in the Middle East.(Citation: Fidelis njRAT June 2013)”,
“platforms”: [
“Windows”
],
“techniques”: [{
“id”: “T1132”,
“description”: “Data Encoding”,
“reference”: “https://attack.mitre.org/techniques/T1132”,
“defenses_bypassed”: []
},
{
“id”: “T1107”,
“description”: “File Deletion”,
“reference”: “https://attack.mitre.org/techniques/T1107”,
“defenses_bypassed”: [
“Host forensic analysis”
]
},
{
“id”: “T1091”,
“description”: “Replication Through Removable Media”,
“reference”: “https://attack.mitre.org/techniques/T1091”,
“defenses_bypassed”: []
},
{
“id”: “T1503”,
“description”: “Credentials from Web Browsers”,
“reference”: “https://attack.mitre.org/techniques/T1503”,
“defenses_bypassed”: []
},
{
“id”: “T1033”,
“description”: “System Owner/User Discovery”,
“reference”: “https://attack.mitre.org/techniques/T1033”,
“defenses_bypassed”: []
},
{
“id”: “T1059”,
“description”: “Command-Line Interface”,
“reference”: “https://attack.mitre.org/techniques/T1059”,
“defenses_bypassed”: []
},
{
“id”: “T1113”,
“description”: “Screen Capture”,
“reference”: “https://attack.mitre.org/techniques/T1113”,
“defenses_bypassed”: []
},
{
“id”: “T1060”,
“description”: “Registry Run Keys / Startup Folder”,
“reference”: “https://attack.mitre.org/techniques/T1060”,
“defenses_bypassed”: []
},
{
“id”: “T1125”,
“description”: “Video Capture”,
“reference”: “https://attack.mitre.org/techniques/T1125”,
“defenses_bypassed”: []
},
{
“id”: “T1094”,
“description”: “Custom Command and Control Protocol”,
“reference”: “https://attack.mitre.org/techniques/T1094”,
“defenses_bypassed”: []
},
{
“id”: “T1065”,
“description”: “Uncommonly Used Port”,
“reference”: “https://attack.mitre.org/techniques/T1065”,
“defenses_bypassed”: []
},
{
“id”: “T1083”,
“description”: “File and Directory Discovery”,
“reference”: “https://attack.mitre.org/techniques/T1083”,
“defenses_bypassed”: []
},
{
“id”: “T1112”,
“description”: “Modify Registry”,
“reference”: “https://attack.mitre.org/techniques/T1112”,
“defenses_bypassed”: [
“Host forensic analysis”
]
},
{
“id”: “T1089”,
“description”: “Disabling Security Tools”,
“reference”: “https://attack.mitre.org/techniques/T1089”,
“defenses_bypassed”: [
“File monitoring”,
“Host intrusion prevention systems”,
“Signature-based detection”,
“Log analysis”,
“Anti-virus”
]
},
{
“id”: “T1076”,
“description”: “Remote Desktop Protocol”,
“reference”: “https://attack.mitre.org/techniques/T1076”,
“defenses_bypassed”: []
},
{
“id”: “T1018”,
“description”: “Remote System Discovery”,
“reference”: “https://attack.mitre.org/techniques/T1018”,
“defenses_bypassed”: []
},
{
“id”: “T1082”,
“description”: “System Information Discovery”,
“reference”: “https://attack.mitre.org/techniques/T1082”,
“defenses_bypassed”: []
},
{
“id”: “T1105”,
“description”: “Remote File Copy”,
“reference”: “https://attack.mitre.org/techniques/T1105”,
“defenses_bypassed”: []
},
{
“id”: “T1010”,
“description”: “Application Window Discovery”,
“reference”: “https://attack.mitre.org/techniques/T1010”,
“defenses_bypassed”: []
},
{
“id”: “T1120”,
“description”: “Peripheral Device Discovery”,
“reference”: “https://attack.mitre.org/techniques/T1120”,
“defenses_bypassed”: []
},
{
“id”: “T1005”,
“description”: “Data from Local System”,
“reference”: “https://attack.mitre.org/techniques/T1005”,
“defenses_bypassed”: []
},
{
“id”: “T1056”,
“description”: “Input Capture”,
“reference”: “https://attack.mitre.org/techniques/T1056”,
“defenses_bypassed”: []
}
],
“groups”: [{
“id”: “G0078”,
“name”: “Gorgon Group”,
“url”: “https://attack.mitre.org/groups/G0078”,
“aliases”: [
“Gorgon Group”
]
},
{
“id”: “G0043”,
“name”: “Group5”,
“url”: “https://attack.mitre.org/groups/G0043”,
“aliases”: [
“Group5”
]
},
{
“id”: “G0096”,
“name”: “APT41”,
“url”: “https://attack.mitre.org/groups/G0096”,
“aliases”: [
“APT41”
]
}
]
}]
}

Cryptomining | Cryptojacking

Cryptocurrency mining is a website monetization service in which a JavaScript code utilizes the visitor’s CPU to mine. It is advertised as an alternative to online ads, however, it is frequently being employed without users’ consent.

Our Anti-Mining Data Feed features sites that use these scripts. An additional JSON file is provided that contains snippets of the code found running on the website. This data feed is available for free to our Enterprise customers. Updated every day.

Formats:  

DDoS Attacks (Real-Time)

DDoS attacks are a major threat to companies of all sizes. Many systems and protocols widely available on the Internet are abused by attackers to generate abnormal amounts of traffic, including NTP, DNS, CharGEN, SSDP, among others. These are the services that our honeypots mimic to capture real-time information about attacks, without taking part in them.

In addition to DDoS mitigation strategies, access to data on the latest attacks is vital to understanding the current landscape and its trends. We maintain a data feed containing live records showing the victims of amplification and reflection DDoS attacks that have happened in the last 24 hours. It is produced with data collected by sensors deployed all over the Internet. Updated every 20 minutes.

Formats:  Malicious IPs

DNS-over-HTTPS (DoH) Resolvers

DNS-over-HTTPS (DoH) resolvers. In the context of cybersecurity, particularly an enterprise environment, DoH allows users to bypass the DNS-level controls – and internet usage policies – put in place to protect your network against known threats. For example, DoH users are able to access malicious sites and infected machines can communicate with command and control servers. Many security tools and solutions are made ineffective by the use of DoH, yet the task of protecting your users and organization’s data remains the same.

We developed this feed to help security teams control the use of DoH in their environment, or, alternatively, for researchers looking to track its adoption and utilization. To keep this information fresh and useful, we actively search for new servers on a continuous basis. Updated every hour.

Learn more here.

Formats: Malicious IPs  

DNS RPZ Firewall

RPZ (Response Policy Zone) DNS was developed by the ISC as an open and vendor-neutral component of the BIND Domain Name Server. RPZ functions as a DNS firewall in which rules are expressed in specially constructed zone files. This segmented structure provides an effective – and granular – method of leveraging threat data for the detection and prevention of malware and ransomware activities at the DNS level.

Our customers can choose to use a combination or all six RPZ zone files, including domains hosting (1) C2s, (2) Cryptominers, (3) DGAs (used by over 40 malware and ransomware families), (4) DNS-over-HTTPS Servers, (5) Malware, and (6) Phishing sites. Configuration instructions are available here. Updated every hour.

Formats:Malicious Ips

Domain Names Generated via DGAs

Malware Patrol acquires and monitors domain generation algorithms (DGAs) used by multiple malware and ransomware families. Most ransomware won’t be able to encrypt files if they are unable to reach a C2 server to retrieve cryptographic keys. Blocking access to domains generated via DGA is an effective way to prevent data loss and extortion. Monitoring DNS queries and network traffic to such domains is a way to determine computers in the internal network may be infected. Updated every hour.      

Formats:  Malicious IPs   

Malicious Domains

Contains domains actively involved in malicious activities. The data is derived from five of our Enterprise feeds Anti-Mining, Command & Control (C2) Addresses, Domain Names Generated via DGAs, Malware & Ransomware URLs, and Phishing URLs. We include the Cisco Umbrella ranking for each domain to allow for customized whitelisting by our customers. Monitoring traffic destined to these sites. As well as potentially blocking access to the ones that host C2s, DGAs, and phishing, for example, is an effective network protection measure. Updated every hour.

Formats:

Malicious IPs

This feed contains IP addresses known to actively host malicious files and C2 systems for malware and ransomware. Monitoring traffic destined to such addresses, as well as potentially blocking access to the ones that host C2s, for example, is an effective network protection measure and provides valuable information for research purposes. Updated every hour.

 

Formats:  Malicious IPs       

Malware & Ransomware URLs

This is used to block access to URLs hosting malware, as a method to prevent the infection of network devices. Also, companies that want to use malware data for research purposes will find this very useful.

We offer the feed with URLs in two formats: (1) sanitized, which includes protocol, hostname, domain name, and directories, but not the binary file name; and (2) unsanitized, which includes protocol, hostname, domain name, directories and also the file name and extension of the malware. Sanitized feeds are useful when there is no need to download the binary or to block it granularly. When downloading and/or monitoring the malware is important, the unsanitized feed is a better choice. Updated every hour.

Formats:   Malicious IPs    

Malware Hashes or Binaries

Samples are collected around the internet and analyzed by our internal systems and multiple anti-virus products. If no malware is detected, our automated engines make an analysis of the binary to determine its potential to be a new (unclassified) sample as well as packer detection and binary and PE header characteristics. Once a binary is classified as malware, the sample and its hashes are immediately made available to customers.

Malware Hashes Feed contains MD5 and SHA-1 hashes of malware and ransomware samples currently available on the internet. Updated every hour.

Formats:   Malicious IPs     

Malware Binaries (Samples) Feed contains malicious binaries currently available on the internet, shared immediately after categorization. We can alert customers about new malware uploaded by sending POST requests via HTTP and HTTPS or email messages. Updated every hour.

Formats:  

Newly Registered Domains

On average, 175,000 new domains are registered every day. Most of these names are created for legitimate purposes, but there is a significant portion that only exists for malicious purposes. These include look-a-likes, typo-squatting, and brand-abusive domains.

Malware Patrol not only collects information about all new names but also correlates this information with indicators of compromise (IOCs) from our other data feeds. Updated every hour.

Formats: Malicious IPs

TLDs included in the Newly Registered Domains data feed

aaa
aarp
abarth
abb
abbott
abbvie
abc
able
abogado
abudhabi
ac
academy
accenture
accountant
accountants
aco
active
actor
ad
adac
ads
adult
ae
aeg
aero
aetna
af
afamilycompany
afl
africa
ag
agakhan
agency
ai
aig
aigo
airbus
airforce
airtel
akdn
al
alfaromeo
alibaba
alipay
allfinanz
allstate
ally
alsace
alstom
am
amazon
americanexpress
americanfamily
amex
amfam
amica
amsterdam
an
analytics
android
anquan
anz
ao
aol
apartments
app
apple
aq
aquarelle
ar
arab
aramco
archi
army
arpa
art
arte
as
asda
asia
associates
at
athleta
attorney
au
auction
audi
audible
audio
auspost
author
auto
autos
avianca
aw
aws
ax
axa
az
azure
ba
baby
baidu
banamex
bananarepublic
band
bank
bar
barcelona
barclaycard
barclays
barefoot
bargains
baseball
basketball
bauhaus
bayern
bb
bbc
bbt
bbva
bcg
bcn
bd
be
beats
beauty
beer
bentley
berlin
best
bestbuy
bet
bf
bg
bh
bharti
bi
bible
bid
bike
bing
bingo
bio
biz
bj
bl
black
blackfriday
blanco
blockbuster
blog
bloomberg
blue
bm
bms
bmw
bn
bnl
bnpparibas
bo
boats
boehringer
bofa
bom
bond
boo
book
booking
boots
bosch
bostik
boston
bot
boutique
box
bq
br
bradesco
bridgestone
broadway
broker
brother
brussels
bs
bt
budapest
bugatti
build
builders
business
buy
buzz
bv
bw
by
bz
bzh
ca
cab
cafe
cal
call
calvinklein
cam
camera
camp
cancerresearch
canon
capetown
capital
capitalone
car
caravan
cards
care
career
careers
cars
cartier
casa
case
caseih
cash
casino
cat
catering
catholic
cba
cbn
cbre
cbs
cc
cd
ceb
center
ceo
cern
cf
cfa
cfd
cg
ch
chanel
channel
charity
chase
chat
cheap
chintai
chloe
christmas
chrome
chrysler
church
ci
cipriani
circle
cisco
citadel
citi
citic
city
cityeats
ck
cl
claims
cleaning
click
clinic
clinique
clothing
cloud
club
clubmed
cm
cn
co
coach
codes
coffee
college
cologne
com
comcast
commbank
community
company
compare
computer
comsec
condos
construction
consulting
contact
contractors
cooking
cookingchannel
cool
coop
corsica
country
coupon
coupons
courses
cpa
cr
credit
creditcard
creditunion
cricket
crown
crs
cruise
cruises
csc
cu
cuisinella
cv
cw
cx
cy
cymru
cyou
cz
dabur
dad
dance
data
date
dating
datsun
day
dclk
dds
de
deal
dealer
deals
degree
delivery
dell
deloitte
delta
democrat
dental
dentist
desi
design
dev
dhl
diamonds
diet
digital
direct
directory
discount
discover
dish
diy
dj
dk
dm
dnp
do
docs
doctor
dodge
dog
doha
domains
doosan
dot
download
drive
dtv
dubai
duck
dunlop
duns
dupont
durban
dvag
dvr
dz
earth
eat
ec
eco
edeka
edu
education
ee
eh
email
emerck
energy
engineer
engineering
enterprises
epost
epson
equipment
er
ericsson
erni
esq
estate
esurance
et
etisalat
eu
eurovision
eus
events
everbank
exchange
expert
exposed
express
extraspace
fage
fail
fairwinds
faith
family
fan
fans
farm
farmers
fashion
fast
fedex
feedback
ferrari
ferrero
fi
fiat
fidelity
fido
film
final
finance
financial
fire
firestone
firmdale
fish
fishing
fit
fitness
fj
fk
flickr
flights
flir
florist
flowers
flsmidth
fly
fm
fo
foo
food
foodnetwork
football
ford
forex
forsale
forum
foundation
fox
fr
free
fresenius
frl
frogans
frontdoor
frontier
ftr
fujitsu
fujixerox
fun
fund
furniture
futbol
fyi
ga
gal
gallery
gallo
gallup
game
games
gap
garden
gay
gb
gbiz
gd
gdn
ge
gea
gent
genting
george
gf
gg
ggee
gh
gi
gift
gifts
gives
giving
gl
glade
glass
gle
global
globo
gm
gmail
gmbh
gmo
gmx
gn
godaddy
gold
goldpoint
golf
goo
goodhands
goodyear
goog
google
gop
got
gov
gp
gq
gr
grainger
graphics
gratis
green
gripe
grocery
group
gs
gt
gu
guardian
gucci
guge
guide
guitars
guru
gw
gy
hair
hamburg
hangout
haus
hbo
hdfc
hdfcbank
health
healthcare
help
helsinki
here
hermes
hgtv
hiphop
hisamitsu
hitachi
hiv
hk
hkt
hm
hn
hockey
holdings
holiday
homedepot
homegoods
homes
homesense
honda
honeywell
horse
hospital
host
hosting
hot
hoteles
hotels
hotmail
house
how
hr
hsbc
ht
htc
hu
hughes
hyatt
hyundai
ibm
icbc
ice
icu
id
ie
ieee
ifm
iinet
ikano
il
im
imamat
imdb
immo
immobilien
in
inc
industries
infiniti
info
ing
ink
institute
insurance
insure
int
intel
international
intuit
investments
io
ipiranga
iq
ir
irish
is
iselect
ismaili
ist
istanbul
it
itau
itv
iveco
iwc
jaguar
java
jcb
jcp
je
jeep
jetzt
jewelry
jio
jlc
jll
jm
jmp
jnj
jo
jobs
joburg
jot
joy
jp
jpmorgan
jprs
juegos
juniper
kaufen
kddi
ke
kerryhotels
kerrylogistics
kerryproperties
kfh
kg
kh
ki
kia
kim
kinder
kindle
kitchen
kiwi
km
kn
koeln
komatsu
kosher
kp
kpmg
kpn
kr
krd
kred
kuokgroup
kw
ky
kyoto
kz
la
lacaixa
ladbrokes
lamborghini
lamer
lancaster
lancia
lancome
land
landrover
lanxess
lasalle
lat
latino
latrobe
law
lawyer
lb
lc
lds
lease
leclerc
lefrak
legal
lego
lexus
lgbt
li
liaison
lidl
life
lifeinsurance
lifestyle
lighting
like
lilly
limited
limo
lincoln
linde
link
lipsy
live
living
lixil
lk
llc
llp
loan
loans
locker
locus
loft
lol
london
lotte
lotto
love
lpl
lplfinancial
lr
ls
lt
ltd
ltda
lu
lundbeck
lupin
luxe
luxury
lv
ly
ma
macys
madrid
maif
maison
makeup
man
management
mango
map
market
marketing
markets
marriott
marshalls
maserati
mattel
mba
mc
mcd
mcdonalds
mckinsey
md
me
med
media
meet
melbourne
meme
memorial
men
menu
meo
merckmsd
metlife
mf
mg
mh
miami
microsoft
mil
mini
mint
mit
mitsubishi
mk
ml
mlb
mls
mm
mma
mn
mo
mobi
mobile
mobily
moda
moe
moi
mom
monash
money
monster
montblanc
mopar
mormon
mortgage
moscow
moto
motorcycles
mov
movie
movistar
mp
mq
mr
ms
msd
mt
mtn
mtpc
mtr
mu
museum
mutual
mutuelle
mv
mw
mx
my
mz
na
nab
nadex
nagoya
name
nationwide
natura
navy
nba
nc
ne
nec
net
netbank
netflix
network
neustar
new
newholland
news
next
nextdirect
nexus
nf
nfl
ng
ngo
nhk
ni
nico
nike
nikon
ninja
nissan
nissay
nl
no
nokia
northwesternmutual
norton
now
nowruz
nowtv
np
nr
nra
nrw
ntt
nu
nyc
obi
observer
off
office
okinawa
olayan
olayangroup
oldnavy
ollo
om
omega
one
ong
onl
online
onyourside
ooo
open
oracle
orange
org
organic
orientexpress
origins
osaka
otsuka
ott
ovh
pa
page
pamperedchef
panasonic
panerai
paris
pars
partners
parts
party
passagens
pay
pccw
pe
pet
pf
pfizer
pg
ph
pharmacy
phd
philips
phone
photo
photography
photos
physio
piaget
pics
pictet
pictures
pid
pin
ping
pink
pioneer
pizza
pk
pl
place
play
playstation
plumbing
plus
pm
pn
pnc
pohl
poker
politie
porn
post
pr
pramerica
praxi
press
prime
pro
prod
productions
prof
progressive
promo
properties
property
protection
pru
prudential
ps
pt
pub
pw
pwc
py
qa
qpon
quebec
quest
qvc
racing
radio
raid
re
read
realestate
realtor
realty
recipes
red
redstone
redumbrella
rehab
reise
reisen
reit
reliance
ren
rent
rentals
repair
report
republican
rest
restaurant
review
reviews
rexroth
rich
richardli
ricoh
rightathome
ril
rio
rip
rmit
ro
rocher
rocks
rodeo
rogers
room
rs
rsvp
ru
rugby
ruhr
run
rw
rwe
ryukyu
sa
saarland
safe
safety
sakura
sale
salon
samsclub
samsung
sandvik
sandvikcoromant
sanofi
sap
sapo
sarl
sas
save
saxo
sb
sbi
sbs
sc
sca
scb
schaeffler
schmidt
scholarships
school
schule
schwarz
science
scjohnson
scor
scot
sd
se
search
seat
secure
security
seek
select
sener
services
ses
seven
sew
sex
sexy
sfr
sg
sh
shangrila
sharp
shaw
shell
shia
shiksha
shoes
shop
shopping
shouji
show
showtime
shriram
si
silk
sina
singles
site
sj
sk
ski
skin
sky
skype
sl
sling
sm
smart
smile
sn
sncf
so
soccer
social
softbank
software
sohu
solar
solutions
song
sony
soy
spa
space
spiegel
sport
spot
spreadbetting
sr
srl
srt
ss
st
stada
staples
star
starhub
statebank
statefarm
statoil
stc
stcgroup
stockholm
storage
store
stream
studio
study
style
su
sucks
supplies
supply
support
surf
surgery
suzuki
sv
swatch
swiftcover
swiss
sx
sy
sydney
symantec
systems
sz
tab
taipei
talk
taobao
target
tatamotors
tatar
tattoo
tax
taxi
tc
tci
td
tdk
team
tech
technology
tel
telecity
telefonica
temasek
tennis
teva
tf
tg
th
thd
theater
theatre
tiaa
tickets
tienda
tiffany
tips
tires
tirol
tj
tjmaxx
tjx
tk
tkmaxx
tl
tm
tmall
tn
to
today
tokyo
tools
top
toray
toshiba
total
tours
town
toyota
toys
tp
tr
trade
trading
training
travel
travelchannel
travelers
travelersinsurance
trust
trv
tt
tube
tui
tunes
tushu
tv
tvs
tw
tz
ua
ubank
ubs
uconnect
ug
uk
um
unicom
university
uno
uol
ups
us
uy
uz
va
vacations
vana
vanguard
vc
ve
vegas
ventures
verisign
versicherung
vet
vg
vi
viajes
video
vig
viking
villas
vin
vip
virgin
visa
vision
vista
vistaprint
viva
vivo
vlaanderen
vn
vodka
volkswagen
volvo
vote
voting
voto
voyage
vu
vuelos
wales
walmart
walter
wang
wanggou
warman
watch
watches
weather
weatherchannel
webcam
weber
website
wed
wedding
weibo
weir
wf
whoswho
wien
wiki
williamhill
win
windows
wine
winners
wme
wolterskluwer
woodside
work
works
world
wow
ws
wtc
wtf
xbox
xerox
xfinity
xihuan
xin
xn--11b4c3d
xn--1ck2e1b
xn--1qqw23a
xn--2scrj9c
xn--30rr7y
xn--3bst00m
xn--3ds443g
xn--3e0b707e
xn--3hcrj9c
xn--3oq18vl8pn36a
xn--3pxu8k
xn--42c2d9a
xn--45br5cyl
xn--45brj9c
xn--45q11c
xn--4dbrk0ce
xn--4gbrim
xn--54b7fta0cc
xn--55qw42g
xn--55qx5d
xn--5su34j936bgsg
xn--5tzm5g
xn--6frz82g
xn--6qq986b3xl
xn--80adxhks
xn--80ao21a
xn--80aqecdr1a
xn--80asehdb
xn--80aswg
xn--8y0a063a
xn--90a3ac
xn--90ae
xn--90ais
xn--9dbq2a
xn--9et52u
xn--9krt00a
xn--b4w605ferd
xn--bck1b9a5dre4c
xn--c1avg
xn--c2br7g
xn--cck2b3b
xn--cckwcxetd
xn--cg4bki
xn--clchc0ea0b2g2a9gcd
xn--czr694b
xn--czrs0t
xn--czru2d
xn--d1acj3b
xn--d1alf
xn--e1a4c
xn--eckvdtc9d
xn--efvy88h
xn--estv75g
xn--fct429k
xn--fhbei
xn--fiq228c5hs
xn--fiq64b
xn--fiqs8s
xn--fiqz9s
xn--fjq720a
xn--flw351e
xn--fpcrj9c3d
xn--fzc2c9e2c
xn--fzys8d69uvgm
xn--g2xx48c
xn--gckr3f0f
xn--gecrj9c
xn--gk3at1e
xn--h2breg3eve
xn--h2brj9c
xn--h2brj9c8c
xn--hxt814e
xn--i1b6b1a6a2e
xn--imr513n
xn--io0a7i
xn--j1aef
xn--j1amh
xn--j6w193g
xn--jlq480n2rg
xn--jlq61u9w7b
xn--jvr189m
xn--kcrx77d1x4a
xn--kprw13d
xn--kpry57d
xn--kpu716f
xn--kput3i
xn--l1acc
xn--lgbbat1ad8j
xn--mgb9awbf
xn--mgba3a3ejt
xn--mgba3a4f16a
xn--mgba7c0bbn0a
xn--mgbaakc7dvf
xn--mgbaam7a8h
xn--mgbab2bd
xn--mgbah1a3hjkrd
xn--mgbai9azgqp6j
xn--mgbayh7gpa
xn--mgbb9fbpob
xn--mgbbh1a
xn--mgbbh1a71e
xn--mgbc0a9azcg
xn--mgbca7dzdo
xn--mgbcpq6gpa1a
xn--mgberp4a5d4ar
xn--mgbgu82a
xn--mgbi4ecexp
xn--mgbpl2fh
xn--mgbt3dhd
xn--mgbtx2b
xn--mgbx4cd0ab
xn--mix891f
xn--mk1bu44c
xn--mxtq1m
xn--ngbc5azd
xn--ngbe9e0a
xn--ngbrx
xn--node
xn--nqv7f
xn--nqv7fs00ema
xn--nyqy26a
xn--o3cw4h
xn--ogbpf8fl
xn--otu796d
xn--p1acf
xn--p1ai
xn--pbt977c
xn--pgbs0dh
xn--pssy2u
xn--q7ce6a
xn--q9jyb4c
xn--qcka1pmc
xn--qxa6a
xn--qxam
xn--rhqv96g
xn--rovu88b
xn--rvc1e0am3e
xn--s9brj9c
xn--ses554g
xn--t60b56a
xn--tckwe
xn--tiq49xqyj
xn--unup4y
xn--vermgensberater-ctb
xn--vermgensberatung-pwb
xn--vhquv
xn--vuq861b
xn--w4r85el8fhu5dnra
xn--w4rs40l
xn--wgbh1c
xn--wgbl6a
xn--xhq521b
xn--xkc2al3hye2a
xn--xkc2dl3a5ee0h
xn--y9a3aq
xn--yfro4i67o
xn--ygbi2ammx
xn--zfr164b
xperia
xxx
xyz
yachts
yahoo
yamaxun
yandex
ye
yodobashi
yoga
yokohama
you
youtube
yt
yun
za
zappos
zara
zero
zip
zippo
zm
zone
zuerich
zw

Phishing

Phishing remains one of the top cyber menaces, now accounting for 90% of data breaches. Methods used by attackers continue to improve and evolve; protection against this threat is a basic requirement for businesses of all sizes. It is also a must-have offering for cyber security enterprises and service providers.

Malware Patrol collects phishing URL data from various sources – crawlers, emails, spam pots, and more – to ensure coverage of the most current campaigns. Our data is then reviewed by humans to increase its accuracy as many sites now use techniques that can evade machine detection. In addition, we offer two add-on options for the phishing feed: 1) screenshots of the phishing websites in JPEG format, accompanied by perceptual hashing data and 2) raw HTML content of phishing websites, compressed and accessible via an AWS S3 bucket. Feed updated every hour.

Learn more here.

Formats: Malicious IPs

Enterprise
Data Packages

These are packages of the most requested feed combinations. You can also purchase the specific feeds you need, whether it’s one, several, or all of them. Feed bundles and multi-year subscriptions offer significant discounts.

Request a FREE evaluation or contact us for more information.

 

Features

  • Free data evaluation & technical consultation
  • Unlimited-use commercial license
  • Hourly feed updates
  • Unlimited downloads
  • Annual and multi-year subscriptions
  • Free feed customization

Support

  • Dedicated account manager
  • Priority tech support
  • Implementation assistance

Packages

Big Data

This package provides access to all our Enterprise data feeds.

Build Your Own

Select only the data feed(s) you need.

Anti-Ransomware

This package provides the IoCs most important for protecting against and detecting ransomware infections. C2s and DGAs are the command structure for malware and ransomware, from which instructions or additional payloads are received and to which stolen data is sent. The malware and ransomware URLs are known to be hosting binaries, so preventing access to them stops an immediate infection. Keep your users from accessing known phishing sites to safeguard your company’s credentials.

  • C2 Addresses, Drop Zones & Control Panels
  • Domain Names Generated by DGAs
  • Malware & Ransomware URLs (Sanitized)
  • Phishing URLs

Secure-IT

The Secure-IT package provides the necessary IoCs for threat detection, response, and blocking purposes. The data is compatible with a variety of TIPs, SIEMs, SOARs and other security tools for seamless integration.

  • Anti-Mining (Free)
  • Bitcoin Blockchain Strings (Free)
  • C2 Addresses, Drop Zones & Control Panels
  • DNS-over-HTTPS (DoH) Resolvers
  • Domain Names Generated by DGAs
  • Malware URLs (Sanitized)
  • Phishing

Research-IT

The Research-IT package was designed for companies that conduct threat research or for those with a mature security program, including machine learning/AI tools, that can make use of a large amount/wide range of IoCs.

  • Anti-Mining (Free)
  • Bitcoin Blockchain Strings (Free)
  • C2 Addresses, Drop Zones & Control Panels
  • DNS-over-HTTPS (DoH) Resolvers
  • Domains Names Generated by DGAs
  • Malicious IPs
  • Malware URLs (Unsanitized: with malware file name and extension)
  • Newly Registered Domains
  • Phishing (Including add-ons: screen shots, perceptual hashes, and raw HTML content)

Secure-IT

 

Research-IT

 

Big Data

 
Anti-Mining
Bitcoin Blockchain Strings
Bitcoin Transactions X X
C2 Addresses
DDoS Attacks X X
DNS Firewall X
DoH Servers
Domain Names Generated via DGAs
Malicious Domains X X
Malicious IPs X
Malware Hashes or Samples X X
Malware/Ransomware URLs (Sanitized) X
Malware/Ransomware URLs (Unsanitized) X
Newly Registered Domains X
Phishing
Phishing Add-ons (Screenshots and raw HTML) X

FREE DATA: Coronavirus-Related Newly Registered Domains

 

Since the beginning of March, tens of thousands of new domain names have been registered using the terms “corona”, ‘covid’, ‘epidemic’, ‘pandemic’ and ‘wuhan’. Some of them are legitimate, some still point to parking pages, and it is safe to assume that many are to be used for malicious purposes.

Our team compiled a list of these domain names from our Newly Registered Domains feed that can be used to protect your family, employees and customers. The list is based solely on the domains’ names and registration timeframe, no other assumptions are made. The information is provided as-is, with no warranties and free of charge for any use. If you redistribute the data, please make sure to cite Malware Patrol as the source. For more information, check out our blog post on this topic.