THREAT INTELLIGENCE
For All Your Cyber Security Needs
Complete Threat Coverage
Get a complete view of the threat landscape with Malware Patrol’s 360-degree coverage. Our cyber threat intelligence encompasses a wide variety of threats, including malware, ransomware, phishing, cryptominers, and command-and-control servers, among others. This holistic approach to threat intelligence allows you to build a robust defense strategy, addressing potential vulnerabilities across your entire digital ecosystem.
Rely on Up-to-Date Intelligence
Trust in the reliability of our threat intelligence with our continuous data validation process. Every day, we rigorously validate our data, resolving DNS and visiting URLs to ensure the information remains current and accurate. When indicators are no longer malicious, we promptly remove them from our feeds. This ongoing validation means you’re always working with the leanest and most up-to-date threat data, reducing the risk of acting on outdated information and improving the efficiency of your security operations By reducing noise and increasing signal, our low false positive rate allows you to allocate your resources more effectively, improving your overall security posture.
Leverage Our Industry Experience
Benefit from our years of experience in the cybersecurity field. Since 2005, we have been constantly refining our methods and expanding our knowledge base. Our team of experts is always available to provide support, answer your questions, and help you make the most of our threat intelligence service.
Malware Patrol’s cyber threat intelligence provides you with up-to-the-minute information on emerging threats, allowing you to react swiftly and effectively. By leveraging our extensive network of data sources, including our own collection mechanisms and industry-leading OSINT, you’ll have a comprehensive view of the threat landscape. This real-time insight enables you to proactively defend against potential attacks, minimizing the risk of successful breaches and safeguarding your valuable digital assets.
Effortlessly Enhance Your Security Stack
Integrate our threat intelligence seamlessly into your existing security infrastructure. Our data feeds are compatible with a wide range of cybersecurity tools, including IPS/IDS, firewalls, TIPs, and SIEMs. This compatibility ensures that you can enhance your current security stack without the need for extensive reconfiguration or additional investments. By easily incorporating our intelligence into your existing workflows, you will quickly boost your threat detection capabilities and improve your overall security effectiveness.
By choosing Malware Patrol, you are not just getting data – you are gaining a powerful ally in your cybersecurity efforts.
Empower your cybersecurity efforts with cutting-edge threat intelligence. Request your evaluation now!
Cyber Threat Intelligence
Request a FREE evaluation or contact us for more information.
FEATURES
_____
– Free data evaluation
– Hourly feed updates
– Unlimited downloads
– Annual and multi-year subscriptions
– Free feed customization
SUPPORT
_____
– Dedicated account manager
– Priority tech support
DOWNLOADABLE PRODUCT SHEET
_____
Learn which solution is most suitable for your company’s needs.
COMBINATIONS
_____
Big Data
This package provides access to all Malware Patrol threat intelligence, including new data feeds developed during your subscription timeframe. (Partner data feeds are excluded.)
Build Your Own
Select only the data feed(s) you need.
Anti-Ransomware
This package provides the IOCs most important for protecting against initial infections and preventing data encryption and/or exfiltration.
– C2 Addresses
– Domain Names Generated by DGAs
– Malware & Ransomware URLs (Sanitized)
– Phishing URLs
Secure-IT
The Secure-IT package provides IOCs for threat detection, response, and blocking purposes.
– Cryptomining Sites (Free)
– C2 Addresses
– IP Reputation (Suspicious and Malicious IPs)
– Malicious Domains
– Malware & Ransomware URLs (Sanitized Version)
– Phishing URLs
Research-IT
The Research-IT package was designed for companies that conduct threat research or for those with a mature security program, including machine learning/AI tools, that can make use of a large amount and wide range of IOCs.
– Cryptomining (Free)
– C2 Addresses
– DNS-over-HTTPS (DoH) Servers
– Domains Names Generated by DGAs
– Malware Samples (Downloaded malware binaries and metadata)
– Malware URLs (Unsanitized Version)
– Newly Registered Domains
– Phishing URLs
– Phishing Sites Screenshots & Perceptual Hashes
– Phishing Sites Raw HTML
Command & Control Addresses + MITRE ATT&CK Most malware and ransomware families implement some sort of communication with a command and control (C2) system that is responsible for relaying stolen financial information, personal data, and anything the malware captures. It is also used to instruct the malicious software which institutions to target and receive webinjects.
With this feed of C2 addresses, drop zones, and control panels, companies can block access, create alerts on IDS/IPS systems or investigate communications between samples and C2s. It contains the addresses used as C2s by more than 460 malicious families and includes information on MITRE ATT&CK TTPS and groups. Updated every hour.
Formats: 
C2s + MITRE ATT&CK Sample Feed
{ “C2_URL”: “tcp://129.174.188.243:1177/”, “malware_family”: “njRAT”, “detection_timestamp”: “2017-09-07 00:47:40”, “MITRE_ATTACK”: [{ “id”: “S0385”, “name”: “njRAT”, “reference”: “https://attack.mitre.org/software/S0385”, “aliases”: [ “njRAT”, “Njw0rm”, “LV”, “Bladabindi” ], “type”: “malware”, “description”: “[njRAT](https://attack.mitre.org/software/S0385) is a remote access tool (RAT) that was first observed in 2012. It has been used by threat actors in the Middle East.(Citation: Fidelis njRAT June 2013)”, “platforms”: [ “Windows” ], “techniques”: [{ “id”: “T1132”, “description”: “Data Encoding”, “reference”: “https://attack.mitre.org/techniques/T1132”, “defenses_bypassed”: [] }, { “id”: “T1107”, “description”: “File Deletion”, “reference”: “https://attack.mitre.org/techniques/T1107”, “defenses_bypassed”: [ “Host forensic analysis” ] }, { “id”: “T1091”, “description”: “Replication Through Removable Media”, “reference”: “https://attack.mitre.org/techniques/T1091”, “defenses_bypassed”: [] }, { “id”: “T1503”, “description”: “Credentials from Web Browsers”, “reference”: “https://attack.mitre.org/techniques/T1503”, “defenses_bypassed”: [] }, { “id”: “T1033”, “description”: “System Owner/User Discovery”, “reference”: “https://attack.mitre.org/techniques/T1033”, “defenses_bypassed”: [] }, { “id”: “T1059”, “description”: “Command-Line Interface”, “reference”: “https://attack.mitre.org/techniques/T1059”, “defenses_bypassed”: [] }, { “id”: “T1113”, “description”: “Screen Capture”, “reference”: “https://attack.mitre.org/techniques/T1113”, “defenses_bypassed”: [] }, { “id”: “T1060”, “description”: “Registry Run Keys / Startup Folder”, “reference”: “https://attack.mitre.org/techniques/T1060”, “defenses_bypassed”: [] }, { “id”: “T1125”, “description”: “Video Capture”, “reference”: “https://attack.mitre.org/techniques/T1125”, “defenses_bypassed”: [] }, { “id”: “T1094”, “description”: “Custom Command and Control Protocol”, “reference”: “https://attack.mitre.org/techniques/T1094”, “defenses_bypassed”: [] }, { “id”: “T1065”, “description”: “Uncommonly Used Port”, “reference”: “https://attack.mitre.org/techniques/T1065”, “defenses_bypassed”: [] }, { “id”: “T1083”, “description”: “File and Directory Discovery”, “reference”: “https://attack.mitre.org/techniques/T1083”, “defenses_bypassed”: [] }, { “id”: “T1112”, “description”: “Modify Registry”, “reference”: “https://attack.mitre.org/techniques/T1112”, “defenses_bypassed”: [ “Host forensic analysis” ] }, { “id”: “T1089”, “description”: “Disabling Security Tools”, “reference”: “https://attack.mitre.org/techniques/T1089”, “defenses_bypassed”: [ “File monitoring”, “Host intrusion prevention systems”, “Signature-based detection”, “Log analysis”, “Anti-virus” ] }, { “id”: “T1076”, “description”: “Remote Desktop Protocol”, “reference”: “https://attack.mitre.org/techniques/T1076”, “defenses_bypassed”: [] }, { “id”: “T1018”, “description”: “Remote System Discovery”, “reference”: “https://attack.mitre.org/techniques/T1018”, “defenses_bypassed”: [] }, { “id”: “T1082”, “description”: “System Information Discovery”, “reference”: “https://attack.mitre.org/techniques/T1082”, “defenses_bypassed”: [] }, { “id”: “T1105”, “description”: “Remote File Copy”, “reference”: “https://attack.mitre.org/techniques/T1105”, “defenses_bypassed”: [] }, { “id”: “T1010”, “description”: “Application Window Discovery”, “reference”: “https://attack.mitre.org/techniques/T1010”, “defenses_bypassed”: [] }, { “id”: “T1120”, “description”: “Peripheral Device Discovery”, “reference”: “https://attack.mitre.org/techniques/T1120”, “defenses_bypassed”: [] }, { “id”: “T1005”, “description”: “Data from Local System”, “reference”: “https://attack.mitre.org/techniques/T1005”, “defenses_bypassed”: [] }, { “id”: “T1056”, “description”: “Input Capture”, “reference”: “https://attack.mitre.org/techniques/T1056”, “defenses_bypassed”: [] } ], “groups”: [{ “id”: “G0078”, “name”: “Gorgon Group”, “url”: “https://attack.mitre.org/groups/G0078”, “aliases”: [ “Gorgon Group” ] }, { “id”: “G0043”, “name”: “Group5”, “url”: “https://attack.mitre.org/groups/G0043”, “aliases”: [ “Group5” ] }, { “id”: “G0096”, “name”: “APT41”, “url”: “https://attack.mitre.org/groups/G0096”, “aliases”: [ “APT41” ] } ] }] }
Cryptocurrency mining is a website monetization service in which a JavaScript code utilizes the visitor’s CPU to mine. It is advertised as an alternative to online ads, however, it is frequently being employed without users’ consent.
Our Cryptomining Data Feed features sites that use these scripts. An additional JSON file is provided that contains snippets of the code found running on the website. This data feed is available for free to our Enterprise customers. Updated every day.
Formats:
DNS-over-HTTPS (DoH) resolvers. In the context of cybersecurity, particularly an enterprise environment, DoH allows users to bypass the DNS-level controls – and internet usage policies – put in place to protect your network against known threats. For example, DoH users are able to access malicious sites and infected machines can communicate with command and control servers. Many security tools and solutions are made ineffective by the use of DoH, yet the task of protecting your users and organization’s data remains the same. We developed this feed to help security teams control the use of DoH in their environment, or, alternatively, for researchers looking to track its adoption and utilization. To keep this information fresh and useful, we actively search for new servers on a continuous basis. Updated every hour.
Formats: 
RPZ (Response Policy Zone) DNS was developed by the ISC as an open and vendor-neutral component of the BIND Domain Name Server. RPZ functions as a DNS firewall in which rules are expressed in specially constructed zone files. This segmented structure provides an effective and granular method of leveraging threat data for the detection and prevention of malware and ransomware activities at the DNS level.
Our customers can choose to use a combination or all six RPZ zone files, including domains hosting (1) C2s, (2) Cryptominers, (3) DGAs (used by over 40 malware and ransomware families), (4) DNS-over-HTTPS Servers, (5) Malware, and (6) Phishing sites. Configuration instructions are available here. Updated every hour.
Formats: 
Malware Patrol acquires and monitors domain generation algorithms (DGAs) used by multiple malware and ransomware families. Most ransomware won’t be able to encrypt files if they are unable to reach a C2 server to retrieve cryptographic keys. Blocking access to domains generated via DGA is an effective way to prevent data loss and extortion. Monitoring DNS queries and network traffic to such domains is a way to determine computers in the internal network may be infected. Updated every hour.
Formats:
Details from live, ongoing attacks against cyber infrastructure provide an unparalleled insight into the threat landscape. To gather this kind of information, we deploy honeypots across the globe to mimic a range of applications, services, and devices. The attacks made against them provide real-time visibility into the targets and tactics of malicious actors. Armed with this knowledge, organizations can prioritize and allocate their resources more effectively, focusing on the most prevalent attack vectors and vulnerable systems.
The feed is updated every 15 minutes and includes data from the last 36 hours.
Formats:
Domains actively involved in malicious activities. This data is derived from five of our Enterprise feeds: Cryptomining, Command & Control (C2) Addresses, Domain Names Generated via DGAs, Malware & Ransomware URLs, and Phishing URLs. Monitoring, as well as, blocking access to these sites is a simple and effective network protection measure. Updated every hour.
Formats: 
This feed contains IP addresses known to actively host malicious files and C2 systems for malware and ransomware. Monitoring traffic destined to such addresses, as well as potentially blocking access to the ones that host C2s, for example, is an effective network protection measure and provides valuable information for research purposes. Updated every hour.
Formats:
This is used to block access to URLs hosting malware, as a method to prevent the infection of network devices. Also, companies that want to use malware data for research purposes will find this very useful.
We offer the feed with URLs in two formats: (1) sanitized, which includes protocol, hostname, domain name, and directories, but not the binary file name; and (2) unsanitized, which includes protocol, hostname, domain name, directories and also the file name and extension of the malware. Updated every hour.
Formats:
Samples are collected around the internet and analyzed by our internal systems and multiple anti-virus products. If no malware is detected, our automated engines make an analysis of the binary to determine its potential to be a new (unclassified) sample as well as packer detection and binary and PE header characteristics. Once a binary is classified as malware, the sample and its hashes are immediately made available to customers.
Malware Hashes Feed contains MD5 and SHA-1 hashes of malware and ransomware samples currently available on the internet. Updated every hour.
Formats:
Malware Binaries (Samples) Feed contains malicious binaries currently available on the internet, shared immediately after categorization. We can alert customers about new malware uploaded by sending POST requests via HTTP and HTTPS or email messages. Updated every hour.
Formats: 
On average, 200,000 new domains are registered every day. Most of these names are created for legitimate purposes, but there is a significant portion that only exists for malicious purposes. These include look-a-likes, typo-squatting, and brand-abusive domains.
Malware Patrol not only collects information about all new names but also correlates this information with indicators of compromise (IOCs) from our other data feeds. Updated every hour.
Formats:
TLDs Monitored
aaa, aarp, abarth, abb, abbott, abbvie, abc, able, abogado, abudhabi, ac, academy, accenture, accountant, accountants, aco, active, actor, ad, adac, ads, adult, ae, aeg, aero, aetna, af, afamilycompany, afl, africa, ag, agakhan, agency, ai, aig, aigo, airbus, airforce, airtel, akdn, al, alfaromeo, alibaba, alipay, allfinanz, allstate, ally, alsace, alstom, am, amazon, americanexpress, americanfamily, amex, amfam, amica, amsterdam, an, analytics, android, anquan, anz, ao, aol, apartments, app, apple, aq, aquarelle, ar, arab, aramco, archi, army, arpa, art, arte, as, asda, asia, associates, at, athleta, attorney, au, auction, audi, audible, audio, auspost, author, auto, autos, avianca, aw, aws, ax, axa, az, azure, ba, baby, baidu, banamex, bananarepublic, band, bank, bar, barcelona, barclaycard, barclays, barefoot, bargains, baseball, basketball, bauhaus, bayern, bb, bbc, bbt, bbva, bcg, bcn, bd, be, beats, beauty, beer, bentley, berlin, best, bestbuy, bet, bf, bg, bh, bharti, bi, bible, bid, bike, bing, bingo, bio, biz, bj, bl, black, blackfriday, blanco, blockbuster, blog, bloomberg, blue, bm, bms, bmw, bn, bnl, bnpparibas, bo, boats, boehringer, bofa, bom, bond, boo, book, booking, boots, bosch, bostik, boston, bot, boutique, box, bq, br, bradesco, bridgestone, broadway, broker, brother, brussels, bs, bt, budapest, bugatti, build, builders, business, buy, buzz, bv, bw, by, bz, bzh, ca, cab, cafe, cal, call, calvinklein, cam, camera, camp, cancerresearch, canon, capetown, capital, capitalone, car, caravan, cards, care, career, careers, cars, cartier, casa, case, caseih, cash, casino, cat, catering, catholic, cba, cbn, cbre, cbs, cc, cd, ceb, center, ceo, cern, cf, cfa, cfd, cg, ch, chanel, channel, charity, chase, chat, cheap, chintai, chloe, christmas, chrome, chrysler, church, ci, cipriani, circle, cisco, citadel, citi, citic, city, cityeats, ck, cl, claims, cleaning, click, clinic, clinique, clothing, cloud, club, clubmed, cm, cn, co, coach, codes, coffee, college, cologne, com, comcast, commbank, community, company, compare, computer, comsec, condos, construction, consulting, contact, contractors, cooking, cookingchannel, cool, coop, corsica, country, coupon, coupons, courses, cpa, cr, credit, creditcard, creditunion, cricket, crown, crs, cruise, cruises, csc, cu, cuisinella, cv, cw, cx, cy, cymru, cyou, cz, dabur, dad, dance, data, date, dating, datsun, day, dclk, dds, de, deal, dealer, deals, degree, delivery, dell, deloitte, delta, democrat, dental, dentist, desi, design, dev, dhl, diamonds, diet, digital, direct, directory, discount, discover, dish, diy, dj, dk, dm, dnp, do, docs, doctor, dodge, dog, doha, domains, doosan, dot, download, drive, dtv, dubai, duck, dunlop, duns, dupont, durban, dvag, dvr, dz, earth, eat, ec, eco, edeka, edu, education, ee, eh, email, emerck, energy, engineer, engineering, enterprises, epost, epson, equipment, er, ericsson, erni, esq, estate, esurance, et, etisalat, eu, eurovision, eus, events, everbank, exchange, expert, exposed, express, extraspace, fage, fail, fairwinds, faith, family, fan, fans, farm, farmers, fashion, fast, fedex, feedback, ferrari, ferrero, fi, fiat, fidelity, fido, film, final, finance, financial, fire, firestone, firmdale, fish, fishing, fit, fitness, fj, fk, flickr, flights, flir, florist, flowers, flsmidth, fly, fm, fo, foo, food, foodnetwork, football, ford, forex, forsale, forum, foundation, fox, fr, free, fresenius, frl, frogans, frontdoor, frontier, ftr, fujitsu, fujixerox, fun, fund, furniture, futbol, fyi, ga, gal, gallery, gallo, gallup, game, games, gap, garden, gay, gb, gbiz, gd, gdn, ge, gea, gent, genting, george, gf, gg, ggee, gh, gi, gift, gifts, gives, giving, gl, glade, glass, gle, global, globo, gm, gmail, gmbh, gmo, gmx, gn, godaddy, gold, goldpoint, golf, goo, goodhands, goodyear, goog, google, gop, got, gov, gp, gq, gr, grainger, graphics, gratis, green, gripe, grocery, group, gs, gt, gu, guardian, gucci, guge, guide, guitars, guru, gw, gy, hair, hamburg, hangout, haus, hbo, hdfc, hdfcbank, health, healthcare, help, helsinki, here, hermes, hgtv, hiphop, hisamitsu, hitachi, hiv, hk, hkt, hm, hn, hockey, holdings, holiday, homedepot, homegoods, homes, homesense, honda, honeywell, horse, hospital, host, hosting, hot, hoteles, hotels, hotmail, house, how, hr, hsbc, ht, htc, hu, hughes, hyatt, hyundai, ibm, icbc, ice, icu, id, ie, ieee, ifm, iinet, ikano, il, im, imamat, imdb, immo, immobilien, in, inc, industries, infiniti, info, ing, ink, institute, insurance, insure, int, intel, international, intuit, investments, io, ipiranga, iq, ir, irish, is, iselect, ismaili, ist, istanbul, it, itau, itv, iveco, iwc, jaguar, java, jcb, jcp, je, jeep, jetzt, jewelry, jio, jlc, jll, jm, jmp, jnj, jo, jobs, joburg, jot, joy, jp, jpmorgan, jprs, juegos, juniper, kaufen, kddi, ke, kerryhotels, kerrylogistics, kerryproperties, kfh, kg, kh, ki, kia, kim, kinder, kindle, kitchen, kiwi, km, kn, koeln, komatsu, kosher, kp, kpmg, kpn, kr, krd, kred, kuokgroup, kw, ky, kyoto, kz, la, lacaixa, ladbrokes, lamborghini, lamer, lancaster, lancia, lancome, land, landrover, lanxess, lasalle, lat, latino, latrobe, law, lawyer, lb, lc, lds, lease, leclerc, lefrak, legal, lego, lexus, lgbt, li, liaison, lidl, life, lifeinsurance, lifestyle, lighting, like, lilly, limited, limo, lincoln, linde, link, lipsy, live, living, lixil, lk, llc, llp, loan, loans, locker, locus, loft, lol, london, lotte, lotto, love, lpl, lplfinancial, lr, ls, lt, ltd, ltda, lu, lundbeck, lupin, luxe, luxury, lv, ly, ma, macys, madrid, maif, maison, makeup, man, management, mango, map, market, marketing, markets, marriott, marshalls, maserati, mattel, mba, mc, mcd, mcdonalds, mckinsey, md, me, med, media, meet, melbourne, meme, memorial, men, menu, meo, merckmsd, metlife, mf, mg, mh, miami, microsoft, mil, mini, mint, mit, mitsubishi, mk, ml, mlb, mls, mm, mma, mn, mo, mobi, mobile, mobily, moda, moe, moi, mom, monash, money, monster, montblanc, mopar, mormon, mortgage, moscow, moto, motorcycles, mov, movie, movistar, mp, mq, mr, ms, msd, mt, mtn, mtpc, mtr, mu, museum, mutual, mutuelle, mv, mw, mx, my, mz, na, nab, nadex, nagoya, name, nationwide, natura, navy, nba, nc, ne, nec, net, netbank, netflix, network, neustar, new, newholland, news, next, nextdirect, nexus, nf, nfl, ng, ngo, nhk, ni, nico, nike, nikon, ninja, nissan, nissay, nl, no, nokia, northwesternmutual, norton, now, nowruz, nowtv, np, nr, nra, nrw, ntt, nu, nyc, obi, observer, off, office, okinawa, olayan, olayangroup, oldnavy, ollo, om, omega, one, ong, onl, online, onyourside, ooo, open, oracle, orange, org, organic, orientexpress, origins, osaka, otsuka, ott, ovh, pa, page, pamperedchef, panasonic, panerai, paris, pars, partners, parts, party, passagens, pay, pccw, pe, pet, pf, pfizer, pg, ph, pharmacy, phd, philips, phone, photo, photography, photos, physio, piaget, pics, pictet, pictures, pid, pin, ping, pink, pioneer, pizza, pk, pl, place, play, playstation, plumbing, plus, pm, pn, pnc, pohl, poker, politie, porn, post, pr, pramerica, praxi, press, prime, pro, prod, productions, prof, progressive, promo, properties, property, protection, pru, prudential, ps, pt, pub, pw, pwc, py, qa, qpon, quebec, quest, qvc, racing, radio, raid, re, read, realestate, realtor, realty, recipes, red, redstone, redumbrella, rehab, reise, reisen, reit, reliance, ren, rent, rentals, repair, report, republican, rest, restaurant, review, reviews, rexroth, rich, richardli, ricoh, rightathome, ril, rio, rip, rmit, ro, rocher, rocks, rodeo, rogers, room, rs, rsvp, ru, rugby, ruhr, run, rw, rwe, ryukyu, sa, saarland, safe, safety, sakura, sale, salon, samsclub, samsung, sandvik, sandvikcoromant, sanofi, sap, sapo, sarl, sas, save, saxo, sb, sbi, sbs, sc, sca, scb, schaeffler, schmidt, scholarships, school, schule, schwarz, science, scjohnson, scor, scot, sd, se, search, seat, secure, security, seek, select, sener, services, ses, seven, sew, sex, sexy, sfr, sg, sh, shangrila, sharp, shaw, shell, shia, shiksha, shoes, shop, shopping, shouji, show, showtime, shriram, si, silk, sina, singles, site, sj, sk, ski, skin, sky, skype, sl, sling, sm, smart, smile, sn, sncf, so, soccer, social, softbank, software, sohu, solar, solutions, song, sony, soy, spa, space, spiegel, sport, spot, spreadbetting, sr, srl, srt, ss, st, stada, staples, star, starhub, statebank, statefarm, statoil, stc, stcgroup, stockholm, storage, store, stream, studio, study, style, su, sucks, supplies, supply, support, surf, surgery, suzuki, sv, swatch, swiftcover, swiss, sx, sy, sydney, symantec, systems, sz, tab, taipei, talk, taobao, target, tatamotors, tatar, tattoo, tax, taxi, tc, tci, td, tdk, team, tech, technology, tel, telecity, telefonica, temasek, tennis, teva, tf, tg, th, thd, theater, theatre, tiaa, tickets, tienda, tiffany, tips, tires, tirol, tj, tjmaxx, tjx, tk, tkmaxx, tl, tm, tmall, tn, to, today, tokyo, tools, top, toray, toshiba, total, tours, town, toyota, toys, tp, tr, trade, trading, training, travel, travelchannel, travelers, travelersinsurance, trust, trv, tt, tube, tui, tunes, tushu, tv, tvs, tw, tz, ua, ubank, ubs, uconnect, ug, uk, um, unicom, university, uno, uol, ups, us, uy, uz, va, vacations, vana, vanguard, vc, ve, vegas, ventures, verisign, versicherung, vet, vg, vi, viajes, video, vig, viking, villas, vin, vip, virgin, visa, vision, vista, vistaprint, viva, vivo, vlaanderen, vn, vodka, volkswagen, volvo, vote, voting, voto, voyage, vu, vuelos, wales, walmart, walter, wang, wanggou, warman, watch, watches, weather, weatherchannel, webcam, weber, website, wed, wedding, weibo, weir, wf, whoswho, wien, wiki, williamhill, win, windows, wine, winners, wme, wolterskluwer, woodside, work, works, world, wow, ws, wtc, wtf, xbox, xerox, xfinity, xihuan, xin, xn--11b4c3d, xn--1ck2e1b, xn--1qqw23a, xn--2scrj9c, xn--30rr7y, xn--3bst00m, xn--3ds443g, xn--3e0b707e, xn--3hcrj9c, xn--3oq18vl8pn36a, xn--3pxu8k, xn--42c2d9a, xn--45br5cyl, xn--45brj9c, xn--45q11c, xn--4dbrk0ce, xn--4gbrim, xn--54b7fta0cc, xn--55qw42g, xn--55qx5d, xn--5su34j936bgsg, xn--5tzm5g, xn--6frz82g, xn--6qq986b3xl, xn--80adxhks, xn--80ao21a, xn--80aqecdr1a, xn--80asehdb, xn--80aswg, xn--8y0a063a, xn--90a3ac, xn--90ae, xn--90ais, xn--9dbq2a, xn--9et52u, xn--9krt00a, xn--b4w605ferd, xn--bck1b9a5dre4c, xn--c1avg, xn--c2br7g, xn--cck2b3b, xn--cckwcxetd, xn--cg4bki, xn--clchc0ea0b2g2a9gcd, xn--czr694b, xn--czrs0t, xn--czru2d, xn--d1acj3b, xn--d1alf, xn--e1a4c, xn--eckvdtc9d, xn--efvy88h, xn--estv75g, xn--fct429k, xn--fhbei, xn--fiq228c5hs, xn--fiq64b, xn--fiqs8s, xn--fiqz9s, xn--fjq720a, xn--flw351e, xn--fpcrj9c3d, xn--fzc2c9e2c, xn--fzys8d69uvgm, xn--g2xx48c, xn--gckr3f0f, xn--gecrj9c, xn--gk3at1e, xn--h2breg3eve, xn--h2brj9c, xn--h2brj9c8c, xn--hxt814e, xn--i1b6b1a6a2e, xn--imr513n, xn--io0a7i, xn--j1aef, xn--j1amh, xn--j6w193g, xn--jlq480n2rg, xn--jlq61u9w7b, xn--jvr189m, xn--kcrx77d1x4a, xn--kprw13d, xn--kpry57d, xn--kpu716f, xn--kput3i, xn--l1acc, xn--lgbbat1ad8j, xn--mgb9awbf, xn--mgba3a3ejt, xn--mgba3a4f16a, xn--mgba7c0bbn0a, xn--mgbaakc7dvf, xn--mgbaam7a8h, xn--mgbab2bd, xn--mgbah1a3hjkrd, xn--mgbai9azgqp6j, xn--mgbayh7gpa, xn--mgbb9fbpob, xn--mgbbh1a, xn--mgbbh1a71e, xn--mgbc0a9azcg, xn--mgbca7dzdo, xn--mgbcpq6gpa1a, xn--mgberp4a5d4ar, xn--mgbgu82a, xn--mgbi4ecexp, xn--mgbpl2fh, xn--mgbt3dhd, xn--mgbtx2b, xn--mgbx4cd0ab, xn--mix891f, xn--mk1bu44c, xn--mxtq1m, xn--ngbc5azd, xn--ngbe9e0a, xn--ngbrx, xn--node, xn--nqv7f, xn--nqv7fs00ema, xn--nyqy26a, xn--o3cw4h, xn--ogbpf8fl, xn--otu796d, xn--p1acf, xn--p1ai, xn--pbt977c, xn--pgbs0dh, xn--pssy2u, xn--q7ce6a, xn--q9jyb4c, xn--qcka1pmc, xn--qxa6a, xn--qxam, xn--rhqv96g, xn--rovu88b, xn--rvc1e0am3e, xn--s9brj9c, xn--ses554g, xn--t60b56a, xn--tckwe, xn--tiq49xqyj, xn--unup4y, xn--vermgensberater-ctb, xn--vermgensberatung-pwb, xn--vhquv, xn--vuq861b, xn--w4r85el8fhu5dnra, xn--w4rs40l, xn--wgbh1c, xn--wgbl6a, xn--xhq521b, xn--xkc2al3hye2a, xn--xkc2dl3a5ee0h, xn--y9a3aq, xn--yfro4i67o, xn--ygbi2ammx, xn--zfr164b, xperia, xxx, xyz, yachts, yahoo, yamaxun, yandex, ye, yodobashi, yoga, yokohama, you, youtube, yt, yun, za, zappos, zara, zero, zip, zippo, zm, zone, zuerich, zw
ccTLDs Monitored
ac, ad, ae, af, ag, ai, al, am, ao, aq, ar, as, at, au, aw, ax, az, ba, bb, bd, be, bf, bg, bh, bi, bj, bm, bo, br, bs, bt, bv, bw, by, bz, ca, cc, cd, cf, cg, ch, ci, ck, cl, cm, cn, co, cr, cu, cv, cx, cy, cz, de, dj, dk, dm, do, dz, ec, ee, eg, er, es, et, eu, fi, fk, fm, fo, fr, ga, gb, gd, ge, gf, gg, gh, gi, gl, gm, gn, gp, gq, gr, gs, gt, gu, gw, gy, hk, hm, hn, hr, ht, hu, id, ie, il, im, in, io, iq, ir, is, it, je, jo, jp, ke, kg, kh, ki, km, kn, kp, kr, kw, ky, kz, la, lb, lc, li, lk, lr, ls, lt, lu, lv, ly, ma, mc, md, me, mg, mh, mk, ml, mn, mo, mp, mq, mr, ms, mt, mu, mv, mw, mx, my, mz, na, nc, ne, nf, ng, ni, nl, no, np, nu, nz, om, pa, pe, pf, pg, ph, pk, pl, pm, pn, pr, ps, pt, pw, py, qa, re, ro, rs, ru, rw, sa, sb, sc, sd, se, sg, sh, si, sj, sk, sl, sm, sn, so, sr, ss, st, su, sv, sx, sy, sz, tc, td, tf, tg, th, tj, tk, tl, tm, tn, to, tr, tt, tv, tw, tz, ua, ug, uk, us, uy, uz, vc, ve, vg, vi, vn, vu, wf, ws, ye, yt, za, zm, zw
Open source threat intelligence (OSINT) can help fill cyber threat data gaps, validate internal network findings, and uncover new threats. Malware Patrol collects OSINT related to cyber threats from reputable sources within the industry as part of our ongoing research and daily operations. We share this work with the community FOR FREE via three carefully managed OSINT data feeds:
1) High Risk IPs – Suspicious/malicious IP addresses
2) Risk Indicators – IOCs such as hashes, CVEs, email addresses, and cryptocurrency addresses
3) Tor Exit Nodes – For insights into potentially anonymous and suspicious network activity.
Formats:
Phishing remains one of the top cyber menaces, by some reports accounting for 90% of data breaches. Protection against this threat is a requirement for businesses of all sizes. It is also a must-have offering for cyber security enterprises and service providers.
Malware Patrol collects phishing URL data from various sources – crawlers, emails, spam pots, and more – to ensure coverage of the most current campaigns. Our data is then reviewed by humans to increase its accuracy as many sites now use techniques that can evade machine detection. We offer two add-on options: 1) phishing website screenshots in JPEG format + perceptual hashing data and 2) raw HTML content of phishing websites, compressed and accessible via an AWS S3 bucket. Feed updated every hour.
Formats: