Are Your TLDs Hosting Malware, Ransomware, C2s, DGAs or Phishing Content?

Registry Compliance

Our Registry Threat Data Feed helps registries maintain their ICANN compliance with Specification 11, in particular item 3b:

Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks.

This service provides a timely combination of the IOCs necessary to keep track of malicious activities, filtered for and priced according to the registry’s TLDs, including:

  • Anti-Mining
  • Command and Control Servers (C2s)
  • DGAs
  • Malware & Ransomware
  • Phishing

With this information, registries are alerted about malicious activities in their TLDs and can take the appropriate actions to eradicate or mitigate the threats.


ICANN compliance

Data Feed Details

Malware Patrol’s threat data comes from diverse sources including web crawlers, botnet monitors, spam traps, honeypots, research teams and partners. We review and update our indicators every hour to ensure that the contents are current and actionable.

Pricing for this data feed is based on the number of domains registered in each TLD of interest. TLDs with few domains registered pay less which makes it affordable to monitor them and, therefore, remain compliant with ICANN’s regulations.



Command and Control (C2s) Servers

Domains Generated by DGAs

Malware & Ransomware URLs

Phishing URLs




Contact us for other options.



Free data evaluation & technical consultation

Hourly updates

Historically rich

Unlimited downloads

Dedicated account manager

Priority tech support