Are Your TLDs Hosting C2s, DGAs, Malware, Phish or Ransomware?

Registry Compliance

Our Registry Threat Data Feed helps registries maintain their ICANN compliance with Specification 11, in particular item 3b:

Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks.

This service provides a timely combination of the IOCs necessary to keep track of malicious activities, filtered for and priced according to the registry’s TLDs. Threats monitored include:

  • C2s (Command & Control Servers)
  • Cryptominers
  • DGAs
  • Malware & Ransomware
  • Phishing

With this information, registries are alerted about malicious activities in their TLDs and can take the appropriate actions to mitigate the threats.


Data Feed Details

Malware Patrol’s threat data comes from diverse sources including web crawlers, botnet monitors, spam traps, honeypots, research teams and partners. We review and update our indicators every hour to ensure that the contents are current and actionable.

Pricing for this data feed is based on the number of domains registered, so less popular or newer TLDs with fewer registrations pay less.



– C2s

– Cryptominers

– DGAs

– Malware & Ransomware

– Phishing





Contact us for other options.






– Free data evaluation & technical consultation

– Hourly updates

– Unlimited downloads

– Dedicated account manager

– Priority tech support