Malware Tracker
Tracking active malware infrastructure: C2 servers that malware phones home to, and distribution hosts that deliver payloads. Updated daily from sandbox analysis and community threat intel.
186
Families Tracked (7d)
1,545
Active C2 Hosts (7d)
1,470
Active Distribution Hosts (7d)
C2 Infrastructure Type (7d)
Hosting92%(1,429)
ISP6%(92)
Business1%(16)
sinkhole1%(15)
Unknown1%(8)
Distribution Infrastructure Type (7d)
ISP70%(1,022)
Hosting30%(440)
Business1%(8)
C2 Hosting Countries (7d)
CountryHosts
- 1🇺🇸 US979
- 2🇸🇬 SG115
- 3🇩🇪 DE111
- 4🇨🇳 CN57
- 5🇬🇧 GB40
- 6🇭🇰 HK39
- 7🇷🇺 RU38
- 8🇸🇪 SE28
- 9🇮🇱 IL16
- 10🇸🇨 SC16
- 11Other106
C2 Hosting Providers (7d)
ProviderHosts
- 1Cloudflare, Inc.405
- 2Nebula Global LLC184
- 3DigitalOcean, LLC108
- 4Akamai Connected Cloud106
- 5Hetzner Online GmbH73
- 6HostPapa40
- 7Amazon.com, Inc.28
- 8Amazon.com, Inc.26
- 9Google LLC25
- 10Hangzhou Alibaba Advertising Co.,Ltd.25
- 11Other providers525
Distribution Countries (7d)
CountryHosts
- 1🇨🇳 CN781
- 2🇺🇸 US366
- 3🇵🇰 PK134
- 4🇩🇪 DE22
- 5🇬🇧 GB22
- 6🇮🇳 IN19
- 7🇷🇺 RU15
- 8🇳🇱 NL11
- 9🇭🇰 HK10
- 10🇧🇷 BR9
- 11Other81
Distribution Providers (7d)
ProviderHosts
- 1CHINA UNICOM China169 Backbone697
- 2Cloudflare, Inc.255
- 3National WiMAX/IMS environment124
- 4CHINANET BACKBONE42
- 5China Unicom IP network China169 Guangdong province35
- 6Offshore LC24
- 7Amazon.com, Inc.18
- 8Des Equity LLC16
- 9NEON CORE NETWORK LLC15
- 10National Internet Backbone13
- 11Other providers231