Derp.ca

Malware Tracker

Tracking active malware infrastructure: C2 servers that malware phones home to, and distribution hosts that deliver payloads. Updated daily from sandbox analysis and community threat intel.

126
Families Tracked (7d)
2,225
Active C2 Hosts (7d)
1,168
Active Distribution Hosts (7d)

C2 Infrastructure Type (7d)

Hosting 93% (2,074)
ISP 6% (123)
Business 1% (18)
Unknown 0% (5)
Government 0% (3)
Education 0% (2)

Distribution Infrastructure Type (7d)

ISP 65% (762)
Hosting 34% (400)
Business 1% (6)

C2 Hosting Countries (7d)

Country Hosts
  1. 1 🇺🇸 US 1,378
  2. 2 🇩🇪 DE 152
  3. 3 🇫🇷 FR 119
  4. 4 🇨🇳 CN 97
  5. 5 🇬🇧 GB 64
  6. 6 🇭🇰 HK 52
  7. 7 🇷🇺 RU 47
  8. 8 🇸🇨 SC 27
  9. 9 🇮🇱 IL 23
  10. 10 🇨🇦 CA 21
  11. 11 Other 245

C2 Hosting Providers (7d)

Provider Hosts
  1. 1 Cloudflare, Inc. 1,057
  2. 2 OVH SAS 108
  3. 3 Hetzner Online GmbH 49
  4. 4 DigitalOcean, LLC 45
  5. 5 IONOS SE 40
  6. 6 Shenzhen Tencent Computer Systems Company Limited 28
  7. 7 Emil Vitukhnovskii trading as Great Flower 23
  8. 8 Hangzhou Alibaba Advertising Co.,Ltd. 23
  9. 9 HostPapa 20
  10. 10 Omegatech LTD 18
  11. 11 Other providers 814

Distribution Countries (7d)

Country Hosts
  1. 1 🇨🇳 CN 664
  2. 2 🇺🇸 US 290
  3. 3 🇬🇧 GB 30
  4. 4 🇵🇰 PK 21
  5. 5 🇰🇳 KN 20
  6. 6 🇮🇳 IN 19
  7. 7 🇷🇺 RU 19
  8. 8 🇩🇪 DE 12
  9. 9 🇭🇰 HK 7
  10. 10 🇫🇷 FR 6
  11. 11 Other 80

Distribution Providers (7d)

Provider Hosts
  1. 1 CHINA UNICOM China169 Backbone 601
  2. 2 Cloudflare, Inc. 190
  3. 3 China Unicom IP network China169 Guangdong province 31
  4. 4 CHINANET BACKBONE 23
  5. 5 SKN Subnet & Telecom Ltd 20
  6. 6 HostPapa 18
  7. 7 National WiMAX/IMS environment 18
  8. 8 Amazon.com, Inc. 17
  9. 9 QWINS LTD 13
  10. 10 National Internet Backbone 12
  11. 11 Other providers 225

Top Malware by Unique C2 (7d)

Family Trend Hosts
  1. 1 AsyncRAT stable 503
  2. 2 ClearFake trending down 369
  3. 3 Quasar RAT trending up 150
  4. 4 StrelaStealer trending down 141
  5. 5 Nanocore RAT stable 111
  6. 6 Cobalt Strike trending down 102
  7. 7 Vidar trending up 87
  8. 8 Remcos stable 86
  9. 9 Mirai trending up 56
  10. 10 VShell trending down 50

Top Malware by Unique C2 (24h)

Family Trend Hosts
  1. 1 AsyncRAT stable 80
  2. 2 ClearFake trending down 39
  3. 3 Quasar RAT trending up 34
  4. 4 Nanocore RAT stable 28
  5. 5 Vidar trending up 12
  6. 6 Cobalt Strike trending down 10
  7. 7 VShell trending down 7
  8. 8 XWorm trending down 5
  9. 9 Remcos stable 4
  10. 10 AdaptixC2 trending down 3

All Tracked Malware (7d)

1–25 of 126 families
AsyncRAT 503 C2 · Jun 17, 2026 ClearFake 369 C2 · Jun 17, 2026 Quasar RAT 150 C2 · Jun 17, 2026 StrelaStealer 141 C2 · Jun 15, 2026 Nanocore RAT 111 C2 · Jun 17, 2026 Cobalt Strike 102 C2 · Jun 17, 2026 Vidar 87 C2 · Jun 17, 2026 Remcos 86 C2 · Jun 17, 2026 Mirai 56 C2 · Jun 16, 2026 VShell 50 C2 · Jun 17, 2026 AdaptixC2 36 C2 · Jun 17, 2026 StealC 34 C2 · Jun 17, 2026 XWorm 33 C2 · Jun 17, 2026 Sliver 30 C2 · Jun 16, 2026 DCRat 21 C2 · Jun 17, 2026 SmokeLoader 19 C2 · Jun 15, 2026 RedTail 18 C2 · Jun 15, 2026 KongTuke 13 C2 · Jun 17, 2026 ValleyRAT 13 C2 · Jun 17, 2026 xmrig 13 C2 · Jun 16, 2026 Havoc 12 C2 · Jun 17, 2026 Donutloader 11 C2 · Jun 16, 2026 Quasarrat 11 C2 · Jun 17, 2026 Remus Stealer 11 C2 · Jun 17, 2026 RedLine Stealer 10 C2 · Jun 13, 2026

Recent Research

· 13 min read

AI-Powered Cheats & Stolen Secrets: Teardown of the Yuta/Solara Roblox Stealer
· 10 min read

PoisonX WindowsTelemetry: BYOVD-Assisted RAT With a Plugin Loader
· 11 min read

CrystalX: unpacking a Go RAT through three encrypted layers
All research