Malware Patrol for Mikrotik


Malware Patrol offers (2) MikroTik-compatible data feeds. Each one offers protection from malware and ransomware infections as well as communication with command-and-control servers (C2s) for additional payload downloads and data exfiltration. Additionally, the Malicious Domains feed includes phishing domains.

1. Malicious Domains – Domains known to be hosting cryptominers, C2s, malware & ransomware, and phish

2. Malicious IPs – IP addresses associated with malware, ransomware, and C2s.

Click here to access our detailed configuration guide for using our feeds with your MikroTik compatible devices.


Want to evaluate or learn more about using Malware Patrol’s data in your MikroTik device?


MikroTik develops and sells wired and wireless network routers, network switches, access points, as well as operating systems and auxiliary software. Their RouterOS has a very powerful firewall implementation with features including:

  • stateful packet inspection
  • peer-to-peer protocols filtering
  • traffic classification by:
    • source MAC address
    • IP addresses (network or list) and address types (broadcast, local, multicast, unicast)
    • port or port range
    • IP protocols
    • protocol options (ICMP type and code fields, TCP flags, IP options, and MSS)
    • interface the packet arrived from or left through
    • internal flow and connection marks
    • DSCP byte
    • packet content
    • rate at which packets arrive and sequence numbers
    • packet size
    • packet arrival time”