Introducing C2 Feeds
New feeds focused exclusively on command & control (C2) IOCs. Starting April 20, new IOCs will be manually reviewed and C2s are added to these curated feeds.
The result: significantly less noise, higher confidence, and more actionable insights compared to general IOC feeds—so you can focus on what truly matters.
Command & Control Feeds entries built according to the following rules:
- They only contain command-and-control servers.
- They only contain network IOCs that were added within the last 90 days.
- They need to have a false positive risk score of at most "low".
Generic Feeds
Generic Feeds contain all IOC types, including domain:port, ip:port, and domain:ip composites.
Should be used for
Custom integrations
Custom integrations
Custom integrations
Domain Feeds
These feeds contain only domains.
Should be used for
Pi-hole, AdGuard, AdGuard Home, eBlocker, uBlock Origin, AdBlock, Adblock Plus, Opera, Vivaldi, Brave, AdNauseam, Little Snitch Mini, TechnitiumDNS
DNSMasq (v2.86 or newer), adblock-lean, Diversion (v5 or newer)
Blocky (older than v0.23), Diversion (older than v5), OpenSnitch, PersonalBlocklist, pfBlockerNG
AdAway, uMatrix, DNS66, GasMask, NetGuard
Hostfile, Linux, Windows
Proxy Auto Configuration
Response Policy Zone, Bind, Knot, PowerDNS, Unbound
Blocky (v0.23 or newer), Nebulo, NetDuma, OPNsense, YogaDNS
DNSCloak, DNSCrypt, TechnitiumDNS, PersonalDNSfilter, InviZible Pro
Product-Specific Feeds
Product-specific feeds contain IOCs relevant to specific cyber-security products.
Checkpoint
Fortinet
Microsoft Defender for Endpoint
Cortex XDR
Export of all C&C IOCs
This is a bulk export of all command-and-control IOCs, not time-limited or risk-filtered.
Loading bulk exports