Are Your TLDs Hosting C2s, DGAs, Malware, Phish or Ransomware?


From malicious IPs to malware samples, we offer a series of historically rich and reliable IoCs feeds to help companies of all sizes fill their threat intelligence gaps and better focus scarce IT resources. They are offered individually or in packages, depending on your needs.

Our Registry Data Feed helps registries pinpoint malicious domains among their TLDs. With this information, they can review, take action against and report on threats as required for their ICANN compliance with Specification 11, in particular item 3b:

Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks.

Malware Patrol’s registry feed provides malicious domains for a variety of threat types. To make this data affordable and easy-to-use, we filter for and price according to your registry’s specific TLDs. We can also customize the fields to provide only the required data for your purposes.

The domains in this feed are derived from five of our Enterprise Threat Data Feeds:

  • Anti-Mining
  • C2s (Command & Control Servers) Addresses – malware & ransomware command servers
  • DGAs – domains used by the malware & ransomware command-and-control structure
  • Malware & Ransomware URLs
  • Phishing URLs

By using this feed, registries can easily access information about malicious activities in their TLDs in order to take the appropriate actions to mitigate threats.


malicious domains

Data Feed Details

Malware Patrol’s threat intelligence comes from diverse sources including web crawlers, botnet monitors, spam traps, honeypots, research teams and partners. We review and update our IoCs every hour to ensure that the contents are current and actionable.

Pricing for this malicious domains feed is based on the number of domains registrations, so less popular or newer TLDs pay less.



– C2s

– Cryptominers

– DGAs

– Malware & Ransomware

– Phishing





Contact us for other options.






– Free data evaluation

– Hourly updates

– Unlimited downloads

– Dedicated account manager

– Priority tech support